[Samba] with ldap - samba - password sync - domain group map - login message

NSC - NetworkServiceCenter nsc at fh-stpoelten.ac.at
Thu Jun 13 06:05:02 GMT 2002

hello list!

first: sorry for my english and the long mail, but i REALLY need help!

i want to kick the nt4 pdc in our network and thought to realize single
sign on with samba and ldap. i made two testserver: the first test was with
suse linux 7.3 with latest openldap, pam_ldap, nss_ldap and samba 2.2.3a (i
compiled all components myself!). the second was with suse linux 8.0 with
openldap, pam_ldap, nss_ldap (this three components are the standard rpm's
from suse 8.0) and samba 2.2.4 (latest rpm from the suse samba-developer).

the basic systems worked and all problems i'm going to describe occurred in
both testenvironments!

1. after login from w2k i get the message, that the password expires and
asks me if i want to change. if i change or not, at next logon the
situation is the same, but i can login over a few weeks without
   - the only information i found about in the web is, that i can set the
users pwdLastSet to -1, but, on the one hand, i doesn't work and on the
other hand, if anyone changes his password this field would be overwritten
automatically and the old problem starts again.

2. the unix password sync doesn't work. but i think there are two different
problems, but let me describe: if i activated the password sync, i got on
the w2k client the error "username or password wrong ....". if it's not
activated, the passwordchange works!! so i checked the log and thougt i'm
silly as i saw the wollowing rows (!!!!!!):

[2002/06/13 15:33:23, 10] smbd/chgpasswd.c:dochild(211)
  Invoking '/etc/ldappwdsmb test' as password change program.
[2002/06/13 15:33:26, 100] smbd/chgpasswd.c:expect(265)
  expect: expected [New password: ] received [New password: ] match no
[2002/06/13 15:33:28, 100] smbd/chgpasswd.c:expect(265)
  expect: expected [New password: ] received [] match no
[2002/06/13 15:33:28, 10] smbd/chgpasswd.c:expect(276)
  expect: returning False
[2002/06/13 15:33:28, 3] smbd/chgpasswd.c:talktochild(302)
  Response 1 incorrect

after this i made a test where the chat isn't activated and the passwd-
program is a shell-script that only writes a text into a file.
at the next try there where no logging like the lines above, the passwd-
programm ended normally (because the text was in the file), but the w2k-
client told again that username or password is wrong! so i think, that this
are two different problems, but i can't understand!

3. the domain group map doesn't work! i found a lot of descriptions about
and all where same. so, i thougt i'm on the right way and made it like
these discriptions, but at samba 2.2.3a there was shown only one group
named with hieroglyphs. at 2.2.4 no group is shown from my map-file, but
there are shown the groups domain admins and domain users - could anyone
tell me where these groups are configured in samba?
i need the groupmapping because we have one w2k-database and fileserver and
i can't cick it.

please help me
thank you very much
thomas reisenbichler

More information about the samba mailing list