[Samba] User Cant Change Password from Windows XP

Paul Gienger pgienger at ae-solutions.com
Sun Aug 1 00:21:58 GMT 2004 

What version of samba are you running?  There was a 'bug' related to 
changing passwords failing after the clients downloaded a certain update 
from windowsupdate.  I believe the fix was in 3.0.4???

Joseph E. Werle wrote:

> Ok I have searched the archives and have tried several different 
> options but cant seem to get this to work.  When users try and change 
> their password from windows they get an error saying they do not have 
> permission to change their password.  any help wourld be appreciated.
> I am running Samba3 with an ldap backend.
>
> Here is my smb.conf file: [global]
> workgroup = HGW
> netbios name = LUCIFER
> server string = Lucifer PDC
> interfaces = eth0, lo
> security = user
> bind interfaces only = YES
> encrypt passwords = yes
> unix password sync = yes
> pam password change = yes
> passwd program = /usr/bin/passwd %u
> ldap password change = yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n 
> *passwd:*all*authentication*tokens*updated*successfully*
> passdb backend = ldapsam:ldap://127.0.0.1
> username map = /etc/samba/smbusers
> log level = 1
> syslog = 0
> log file = /var/log/samba/%m
> max log size = 50
> smb ports = 139 445
> name resolve order = wins bcast hosts
> time server = yes
> printcap name = CUPS
> show add printer wizard = no
> add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u'
> delete user script = /var/lib/samba/sbin/smbldap-userdel.pl %u
> add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g'
> delete user script = /var/lib/samba/sbin/smbldap-groupdel.pl '%g'
> add user to group script = /var/lib/samba/sbin/smbldap-groupmod.pl -m 
> '%u' '%g'
> delete user from group script = 
> /var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g'
> set primary group script = /var/lib/samba/sbin/smbldap-usermod.pl -g 
> '%g' '%u'
> add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u'
> logon home = \\%L\%U
> logon script = %U.bat
> logon path = \\%L\profiles\%U
> logon drive = U:
> domain logons = Yes
> preferred master = Yes
> wins support = Yes
> ldap suffix = dc=hosgonewhack, dc=com
> ldap machine suffix = ou=People
> ldap user suffix = ou=People
> ldap group suffix = ou=Groups
> ldap idmap suffix = ou=Idmap
>
> sample entry from ldap:
> dn: uid=jwerle, ou=People, dc=hosgonewhack,dc=com
> sambaPrimaryGroupSID: <EDIT>
> sambaLMPassword: <EDIT>
> displayName: System User
> sambaLogonScript: jwerle.cmd
> objectClass: top
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: sambaSamAccount
> userPassword:: <EDIT>
> sambaLogonTime: 0
> sambaHomeDrive: U:
> uid: jwerle
> uidNumber: 1000
> cn: jwerle
> sambaLogoffTime: 2147483647
> sambaPwdLastSet: 1090989705
> sambaAcctFlags: [U]
> loginShell: /bin/bash
> sambaProfilePath: \\LUCIFER\profiles\jwerle
> gidNumber: 512
> sambaPwdMustChange: 1094877705
> sambaPwdCanChange: 0
> sambaNTPassword: <EDIT>
> gecos: System User
> sambaSID: <EDIT>
> description: System User
> homeDirectory: /home/jwerle
> sambaKickoffTime: 0
> sn: jwerle
> sambaHomePath: \\LUCIFER\homes
>
>
>

-- 
Paul Gienger                     Office: 701-281-1884
Applied Engineering Inc.         
Information Systems Consultant   Fax:    701-281-1322
URL: www.ae-solutions.com        mailto: pgienger at ae-solutions.com

More information about the samba mailing list