"You are not allowed to change the password on..."

Stephen Brandon - SysAdmin sbrandon at music.gla.ac.uk
Mon Oct 25 16:34:45 GMT 1999 

Hi,

I am running the latest head branch samba server on RH linux. Basic  
domain stuff works really well.

What does not work is the changing of NT passwords for users on the  
linux box. At this stage I am NOT synching unix passwords -- I just  
want to change passwords in the smbpasswd file.

So I do a ctl-alt-del on NT (SP4), see my samba box listed, and try  
to change my password. I get the message back:

You are not allowed to change the password on MUSIC [my domain name].
No passwords have been changed

I am logging samba at log level 200 and have looked carefully at  
the logs. I cannot see any attempt being made by NT to enter the  
password change parts of the code, though there is a flurry of  
activity at the time of attempted password change. The "old"  
password authenticates ok, NO MATTER WHAT I ENTER IN THE OLD  
PASSWORD BOX, which in itself is rather strange.

If I do a smbpasswd -d myloginname then restart samba, then  
attempting to change the password from NT comes up with a different  
panel, saying my password is wrong (no surprise). I am surprised  
that restarting samba here makes a difference -- but it does.

I have added all my hosts to the "hosts allow". I can change  
passwords as root on the server with smbpasswd username. I can't  
think of anything else.

Reading back issues in this list, I can see that people have  
reported that the NT user manager shows "password changing disabled"  
for the affected users. But on my NT workstation, I cannot bring up  
the records for remote (samba) users, so I can't check that  
parameter. Any ideas on how to do this? Could this be the problem?

I have used regmon to track registry edits that happen when I  
change the "password changing disabled" button for local users. But  
the registry gets changed for the Local Machine, rather than Local  
User (not really surprising), so there's no way these changes will  
affect my samba server.

What am I missing? Help! I have some 300 users needing to be able  
to change their passwords, and I am stumped.

Thanks,
Stephen Brandon
---
Systems Administrator,
Department of Music,		e-mail: S.Brandon at music.gla.ac.uk
14 University Gardens,			(NeXT mail welcomed)
University of Glasgow,		Tel: 	+44 (0)141 330 6065
Glasgow.			Fax:	+44 (0)141 330 3518
Scotland
G12 8QH

More information about the samba-ntdom mailing list