Bug 10900 - Changing LDAP Password from Windows failes if referral is configured
Summary: Changing LDAP Password from Windows failes if referral is configured
Status: RESOLVED WORKSFORME
Alias: None
Product: Samba 3.6
Classification: Unclassified
Component: Domain Control (show other bugs)
Version: 3.6.24
Hardware: x64 Linux
: P5 normal
Target Milestone: ---
Assignee: Guenther Deschner
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-10-28 07:56 UTC by the2nd
Modified: 2020-01-08 08:55 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description the2nd 2014-10-28 07:56:06 UTC
Hi,
 
my problem is related to samba3 with openldap backend. i use syncrepl to replicate our openldap db to the slapd running on the samba server. slapd is configured to set a referrer for write requests via "updateref".
 
if i use smbpasswd to change the samba/ldap password from the console everything works fine. i can see the referrer offered by the local slapd and also a rebind to change the password on the master ldap server. also ldapmodify shows the correct referrer.
 
but if i try to change the password from within windows i get the following error message:
 
[2014/10/18 12:49:34.511026,  0] passdb/pdb_ldap.c:1826(ldapsam_modify_entry)
  ldapsam_modify_entry: LDAP Password could not be changed for user test: Referral
        unknown
 
"ldap follow referral = yes" in smb.conf is set. but for some reason samba cannot find the correct referrer.
 
any help would be appreciated.
 
regads
the2nd
Comment 1 Christian Ambach 2014-12-12 11:17:40 UTC
Can you capture log level 10 logs showing the failed password change attempt and attach them here?

See https://www.samba.org/~asn/reporting_samba_bugs.txt for some instructions how to capture logs of smbd.
Comment 2 the2nd 2015-02-11 10:47:40 UTC
sorry for the delay. somehow i missed your reply.

i've captured the desired log but i'm not sure if it's save to paste it public without removing some sensitive information cause this is a live system.

after a quick look it seems like it contains at least the password hashes which is a bad idea to post public i think.

is there any option in samba to prevent sensitive data from beeing logged? or is there any howto what needs to be removed to be on the safe side?
Comment 3 Björn Jacke 2020-01-08 08:55:12 UTC
this is not generally a problem, probably something about your configuration only. You might consider to contact one of the companies offering commercial support, see https://www.samba.org/samba/support/