Fwd: [Samba] Changing LDAP password from Windows XP

"Daniel Müller" danielmueller9 at gmx.net
Mon Mar 5 18:08:24 GMT 2007 

You are with ldap aren`t you.
Then you are missing ldap passwd sync = yes.
Is your goup mapping correct? Did you made an net rpc grant rights to
the group DOMAIN ADMINS?
ex:.

net -S server -U root%passwordroot rpc rights grant 
      'DOMAIN\Domain Admins' SeMachineAccountPrivilege

-------- Original-Nachricht --------
Datum: Sat, 3 Mar 2007 11:15:42 -0600 (CST)
Von: "Andy Colvin" <acolvin at enkitec.com>
An: samba at lists.samba.org
CC: 
Betreff: RE: Fwd: [Samba] Changing LDAP password from Windows XP

> I get a different error if I add "unix password sync = yes"  This time it
> gives me the error "you do not have permission to change your password"
> Everything that I've seen related to this error says to upgrade to 3.0.4,
> but I'm running 3.0.24.
> 
> Any ideas?
> 
> Thanks,
> 
> Andy
> 
> 
> -----Original Message-----
> From: Marcin Giedz [mailto:giedz at arise.pl]
> Sent: Saturday, March 03, 2007 10:46 AM
> To: Andy Colvin
> Cc: samba at lists.samba.org
> Subject: Re: Fwd: [Samba] Changing LDAP password from Windows XP
> 
> Daniel Müller wrote:
> 
> Hi
> 
> your smb.conf file seems to be OK, however to be able to sync
> sambapasswords with userPassword try to add
> 
> unix password sync = yes
> 
> to your smb.conf
> 
> Regards,
> Marcin
> 
> 
> 
> 
> > Hello,
> >
> > remove the line 'passwd program = /usr/sbin/smbldap-passwd %u'
> > for testing.
> > On my Suse 10.1 I do not need this and m y users can change their
> passwords.
> >
> > greetings
> > daniel
> >
> >
> >
> >
> >
> >
> > -------- Original-Nachricht --------
> > Datum: Fri, 2 Mar 2007 11:55:06 -0600 (CST)
> > Von: "Andy Colvin" <acolvin at enkitec.com>
> > An: samba at lists.samba.org
> > CC:
> > Betreff: [Samba] Changing LDAP password from Windows XP
> >
> > I've got a very simple setup with Samba 3.0.24 running on Fedora Core 6,
> > talking to Fedora Directory Server 1.0.4.  I've got everything set up so
> > that I can add computers to the domain, add users using the smbldap-
> > tools, and have users logging in.  When a user tries to change their
> > password from within Windows (ctrl-alt-del) they get the error
> >
> >   "the user name or old password is incorrect.  letters in passwords
> must
> > be typed using the correct case."
> >
> > The strange thing is that the samba passwords (sambalmpassword,
> > sambantpassword) are changed in the LDAP server, but the general account
> > password (userpassword) is not changed.  I looked everywhere I could,
> and
> > couldn't find anything to cause this.  I can set passwords just fine
> using
> > smbldap-passwd and it will set all passwords.
> >
> > Here is a copy of my smb.conf:
> >
> > [global]
> > workgroup = MAIL
> > netbios name = YOURMOM
> > security = user
> > passdb backend = ldapsam:ldap://mail.yourmom.net
> > ldap admin dn = cn=Directory Manager
> > ldap suffix = dc=yourmom,dc=net
> > ldap user suffix = ou=People
> > ldap idmap suffix = ou=People
> > ldap machine suffix = ou=Computers
> > ldap group suffix = ou=Groups
> > ldap passwd sync = yes
> > ldap delete dn = no
> > obey pam restrictions = no
> > encrypt passwords = yes
> > passwd program = /usr/sbin/smbldap-passwd %u
> > add machine script = /usr/sbin/smbldap-useradd -w "%u"
> > log file = /var/log/samba/log.%m
> > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> > os level = 255
> > domain logons = yes
> > domain master = yes
> > local master = yes
> > preferred master = yes
> > wins support = yes
> > template shell = /bin/false
> > winbind use default domain = no
> > logon path =
> > logon home =
> >
> > [netlogon]
> >    comment = Network Logon Service
> >    path = /var/lib/samba/netlogon
> >    read only = yes
> >    browseable = no
> >
> > [homes]
> >    comment = Home Directories
> >    browseable = no
> >    read only = no
> >    guest ok = no
> >    create mode = 0664
> >    directory mode = 0775
> >
> >
> >
> > Thanks,
> >
> >
> >
> > Andy Colvin
> >
> >
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! 
Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer

More information about the samba mailing list