my problem is related to samba3 with openldap backend. i use syncrepl to replicate our openldap db to the slapd running on the samba server. slapd is configured to set a referrer for write requests via "updateref".
if i use smbpasswd to change the samba/ldap password from the console everything works fine. i can see the referrer offered by the local slapd and also a rebind to change the password on the master ldap server. also ldapmodify shows the correct referrer.
but if i try to change the password from within windows i get the following error message:
[2014/10/18 12:49:34.511026, 0] passdb/pdb_ldap.c:1826(ldapsam_modify_entry)
ldapsam_modify_entry: LDAP Password could not be changed for user test: Referral
"ldap follow referral = yes" in smb.conf is set. but for some reason samba cannot find the correct referrer.
any help would be appreciated.
Can you capture log level 10 logs showing the failed password change attempt and attach them here?
See https://www.samba.org/~asn/reporting_samba_bugs.txt for some instructions how to capture logs of smbd.
sorry for the delay. somehow i missed your reply.
i've captured the desired log but i'm not sure if it's save to paste it public without removing some sensitive information cause this is a live system.
after a quick look it seems like it contains at least the password hashes which is a bad idea to post public i think.
is there any option in samba to prevent sensitive data from beeing logged? or is there any howto what needs to be removed to be on the safe side?
this is not generally a problem, probably something about your configuration only. You might consider to contact one of the companies offering commercial support, see https://www.samba.org/samba/support/