[Samba] users cannot change their passwords in domain
Dmitry Sukhodoev
raven at bingo.ru
Mon Apr 14 09:45:45 GMT 2003
hello, richard.
you wrote 14 апреля 2003 г., 13:24:57:
r> you cannot use "security=domain" and "domain master=yes"
now i setup "security=user" and "domain master=yes", but password changing from
windows 2k/xp on the my samba PDC still not works. errors the same: windows
says "domain is not available" and samba writes those lines in log... what i
must change more?
r> On Sun, 2003-04-13 at 21:36, Dmitry Sukhodoev wrote:
>> hello, samba.
>>
>> i have running samba 2.2.8a from the ports on the system:
>> FreeBSD bingo.ru 4.7-STABLE FreeBSD 4.7-STABLE #2: Tue Mar 25 20:30:51 YEKT
>> 2003 root at bingo.ru:/usr/obj/usr/src/sys/bingo i386
>>
>> with config:
>> === cut ===
>> [global]
>> workgroup = bingo
>> netbios name = emily
>> server string = bingo samba daemon
>> hosts allow = 192.168.2. 127.
>> hosts deny = 192.168.1.
>> interfaces = xl2
>> bind interfaces only = yes
>> map archive = no
>> inherit permissions = yes
>> logon drive = z:
>>
>> domain logons = yes
>> domain admin group = raven vova root toor
>>
>> logon path = \\%L\profiles\%U
>>
>> guest account = guest
>> map to guest = bad user
>> security = domain
>>
>> log file = /var/log/samba/%m.log
>> max log size = 512
>> pid directory = /var/run
>> lock directory = /var/lock
>>
>> encrypt passwords = yes
>> socket options = TCP_NODELAY
>>
>> local master = yes
>> os level = 64
>> domain master = yes
>> preferred master = yes
>>
>> client code page = 866
>> character set = KOI8-R
>> syslog = 0
>> hide local users = yes
>>
>> include = /usr/local/etc/samba/office_%U.conf
>>
>> [profiles]
>> path = /usr/local/samba/profiles
>> browseable = no
>> writeable = yes
>> guest ok = no
>> create mode = 600
>> directory mode = 700
>> map archive = yes
>> inherit permissions = no
>>
>> [homes]
>> comment = home directories
>> browsable = no
>> guest ok = no
>> read only = no
>> create mode = 644
>> root preexec = /usr/local/raven/samba/exec/root_exec.pl %u %S %I open
>> root postexec = /usr/local/raven/samba/exec/root_exec.pl %u %S %I close
>> === cut ===
>>
>> my samba is primary domain controller for my microsoft network with windowzes.
>> all was well, but from some time my users cannot change their passwords in
>> domain. windows reports about domain is not available and the smbd writes to
>> log:
>>
>> === cut ===
>> [2003/04/13 16:39:39, 0] lib/util_sec.c:assert_gid(114)
>> Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666)
>> [2003/04/13 16:39:39, 0] lib/util.c:smb_panic(1094)
>> PANIC: failed to set gid
>>
>> [2003/04/13 16:39:39, 0] smbd/password.c:domain_client_validate(1558)
>> domain_client_validate: could not fetch trust account password for domain BINGO
>> [2003/04/13 16:39:39, 0] lib/util_sec.c:assert_gid(114)
>> Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666)
>> [2003/04/13 16:39:39, 0] lib/util.c:smb_panic(1094)
>> PANIC: failed to set gid
>>
>> [2003/04/13 16:39:39, 0] lib/util_sec.c:assert_gid(114)
>> Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048)
>> [2003/04/13 16:39:39, 0] lib/util.c:smb_panic(1094)
>> PANIC: failed to set gid
>>
>> [2003/04/13 16:39:39, 0] lib/util_sec.c:assert_gid(114)
>> Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048)
>> [2003/04/13 16:39:39, 0] lib/util.c:smb_panic(1094)
>> PANIC: failed to set gid
>>
>> [2003/04/13 16:39:39, 0] smbd/password.c:domain_client_validate(1558)
>> domain_client_validate: could not fetch trust account password for domain BINGO
>> [2003/04/13 16:39:40, 0] lib/util_sec.c:assert_gid(114)
>> Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666)
>> [2003/04/13 16:39:40, 0] lib/util.c:smb_panic(1094)
>> PANIC: failed to set gid
>>
>> [2003/04/13 16:39:40, 0] smbd/password.c:domain_client_validate(1558)
>> domain_client_validate: could not fetch trust account password for domain BINGO
>> [2003/04/13 16:39:40, 0] lib/util_sec.c:assert_gid(114)
>> Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666)
>> [2003/04/13 16:39:40, 0] lib/util.c:smb_panic(1094)
>> PANIC: failed to set gid
>>
>> [2003/04/13 16:39:40, 0] smbd/password.c:domain_client_validate(1558)
>> domain_client_validate: could not fetch trust account password for domain BINGO
>> [2003/04/13 16:39:40, 0] lib/util_sec.c:assert_gid(114)
>> Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048)
>> [2003/04/13 16:39:40, 0] lib/util.c:smb_panic(1094)
>> PANIC: failed to set gid
>>
>> [2003/04/13 16:39:40, 0] smbd/password.c:domain_client_validate(1558)
>> domain_client_validate: could not fetch trust account password for domain BINGO
>> [2003/04/13 16:39:40, 0] lib/util_sec.c:assert_gid(114)
>> Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048)
>> [2003/04/13 16:39:40, 0] lib/util.c:smb_panic(1094)
>> PANIC: failed to set gid
>>
>> [2003/04/13 16:39:40, 0] smbd/password.c:domain_client_validate(1558)
>> domain_client_validate: could not fetch trust account password for domain BINGO
>> [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114)
>> Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666)
>> [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094)
>> PANIC: failed to set gid
>>
>> [2003/04/13 16:40:06, 0] smbd/password.c:domain_client_validate(1558)
>> domain_client_validate: could not fetch trust account password for domain BINGO
>> [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114)
>> Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666)
>> [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094)
>> PANIC: failed to set gid
>>
>> [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114)
>> Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048)
>> [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094)
>> PANIC: failed to set gid
>>
>> [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114)
>> Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048)
>> [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094)
>> PANIC: failed to set gid
>>
>> [2003/04/13 16:40:06, 0] smbd/password.c:domain_client_validate(1558)
>> domain_client_validate: could not fetch trust account password for domain BINGO
>> [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114)
>> Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666)
>> [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094)
>> PANIC: failed to set gid
>>
>> [2003/04/13 16:40:06, 0] smbd/password.c:domain_client_validate(1558)
>> domain_client_validate: could not fetch trust account password for domain BINGO
>> [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114)
>> Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666)
>> [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094)
>> PANIC: failed to set gid
>>
>> [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114)
>> Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048)
>> [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094)
>> PANIC: failed to set gid
>>
>> [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114)
>> Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048)
>> [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094)
>> PANIC: failed to set gid
>>
>> [2003/04/13 16:40:06, 0] smbd/password.c:domain_client_validate(1558)
>> domain_client_validate: could not fetch trust account password for domain BINGO
>> === cut ===
>>
>> what happen? where is solution? please help - i don't want use native windoze
>> domain controlle, cause windows servers sucks.
>>
>> --
>> Dmitry Sukhodoev, network administrator of bingo.ru, icq#550315
--
Dmitry Sukhodoev, network administrator of bingo.ru, icq#550315
More information about the samba
mailing list