[Samba] Samba 3 PDC with LDAP - Error when changing userpassword
from windows
s.jousse at free.fr
s.jousse at free.fr
Thu Dec 18 17:37:38 GMT 2003
here my passwd chat log (sorry, it's long):
---------BEGIN-----------------
[2003/12/18 18:33:31, 3] smbd/chgpasswd.c:chat_with_program(419)
Dochild for user jchomarat3 (uid=0,gid=0) (as_root = Yes)
[2003/12/18 18:33:31, 10] smbd/chgpasswd.c:dochild(217)
Invoking '/usr/local/sbin/smbldap-passwd.pl -o jchomarat3' as password change
program.
[2003/12/18 18:33:32, 10] lib/util_sock.c:read_socket_with_timeout(263)
read_socket_with_timeout: timeout read. select timed out.
[2003/12/18 18:33:32, 100] smbd/chgpasswd.c:expect(271)
expect: expected [*New*password*] received [Changing password for jchomarat3
New password : ] match yes
[2003/12/18 18:33:32, 10] smbd/chgpasswd.c:expect(282)
expect: returning True
[2003/12/18 18:33:32, 100] smbd/chgpasswd.c:expect(237)
expect: sending [pastouche3
]
[2003/12/18 18:33:32, 10] lib/util_sock.c:read_socket_with_timeout(263)
read_socket_with_timeout: timeout read. select timed out.
[2003/12/18 18:33:32, 100] smbd/chgpasswd.c:expect(271)
expect: expected [*new*password*] received [
Retype new password : ] match yes
[2003/12/18 18:33:32, 10] smbd/chgpasswd.c:expect(282)
expect: returning True
[2003/12/18 18:33:32, 100] smbd/chgpasswd.c:expect(237)
expect: sending [pastouche3
]
[2003/12/18 18:33:32, 0] lib/util_sock.c:read_socket_with_timeout(279)
read_socket_with_timeout: timeout read. read error = Input/output error.
[2003/12/18 18:33:32, 100] smbd/chgpasswd.c:expect(271)
expect: expected [*changed*] received [
Password has been changed
] match yes
[2003/12/18 18:33:32, 10] smbd/chgpasswd.c:expect(282)
expect: returning True
[2003/12/18 18:33:32, 3] smbd/chgpasswd.c:chat_with_program(435)
Password change successful for user jchomarat3
[2003/12/18 18:33:32, 11] passdb/pdb_get_set.c:pdb_set_init_flags(474)
element 31 -> now CHANGED
[2003/12/18 18:33:32, 11] passdb/pdb_get_set.c:pdb_set_init_flags(474)
element 30 -> now CHANGED
[2003/12/18 18:33:32, 11] passdb/pdb_get_set.c:pdb_set_init_flags(474)
element 10 -> now CHANGED
[2003/12/18 18:33:32, 11] passdb/pdb_get_set.c:pdb_set_init_flags(474)
element 20 -> now CHANGED
[2003/12/18 18:33:32, 10] lib/account_pol.c:account_policy_get(134)
account_policy_get: maximum password age:-1
[2003/12/18 18:33:32, 11] passdb/pdb_get_set.c:pdb_set_init_flags(474)
element 9 -> now CHANGED
[2003/12/18 18:33:32, 10] lib/account_pol.c:account_policy_get(134)
account_policy_get: minimum password age:0
[2003/12/18 18:33:32, 11] passdb/pdb_get_set.c:pdb_set_init_flags(474)
element 8 -> now CHANGED
[2003/12/18 18:33:32, 4] passdb/pdb_ldap.c:ldapsam_update_sam_account(1340)
ldapsam_update_sam_account: user jchomarat3 to be modified has dn: uid=jchomar
at3,ou=People,dc=phonambule-tv,dc=com
[2003/12/18 18:33:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 11: SET
[2003/12/18 18:33:32, 2] passdb/pdb_ldap.c:init_ldap_from_sam(744)
init_ldap_from_sam: Setting entry for user: jchomarat3
[2003/12/18 18:33:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 17: SET
[2003/12/18 18:33:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 18: SET
[2003/12/18 18:33:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 12: SET
[2003/12/18 18:33:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 22: SET
[2003/12/18 18:33:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
element 23: DEFAULT
[2003/12/18 18:33:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 1: SET
[2003/12/18 18:33:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 3: SET
[2003/12/18 18:33:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
element 4: DEFAULT
[2003/12/18 18:33:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 2: SET
[2003/12/18 18:33:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 5: SET
[2003/12/18 18:33:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 6: SET
[2003/12/18 18:33:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 7: SET
[2003/12/18 18:33:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 8: SET
[2003/12/18 18:33:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194)
element 8: CHANGED
[2003/12/18 18:33:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 9: SET
[2003/12/18 18:33:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194)
element 9: CHANGED
[2003/12/18 18:33:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 30: SET
[2003/12/18 18:33:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194)
element 30: CHANGED
[2003/12/18 18:33:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 31: SET
[2003/12/18 18:33:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194)
element 31: CHANGED
[2003/12/18 18:33:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 20: SET
[2003/12/18 18:33:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194)
element 20: CHANGED
[2003/12/18 18:33:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 19: SET
[2003/12/18 18:33:32, 11] lib/smbldap.c:smbldap_open(820)
smbldap_open: already connected to the LDAP server
[2003/12/18 18:33:32, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1173)
ldapsam_modify_entry: Failed to modify user dn= uid=jchomarat3,ou=People,dc=ph
onambule-tv,dc=com with: Type or value exists
modify/add: sambaLMPassword: value #0 already exists
[2003/12/18 18:33:32, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1366)
ldapsam_update_sam_account: failed to modify user with uid = jchomarat3, error
: modify/add: sambaLMPassword: value #0 already exists (Success)
[2003/12/18 18:33:32, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (1003, 512) - sec_ctx_stack_ndx = 1
[2003/12/18 18:33:32, 5] rpc_parse/parse_samr.c:init_samr_r_chgpasswd_user(7177)
init_r_chgpasswd_user
[2003/12/18 18:33:32, 5] rpc_server/srv_samr_nt.c:_samr_chgpasswd_user(1553)
_samr_chgpasswd_user: 1553
[2003/12/18 18:33:32, 5] rpc_parse/parse_prs.c:prs_debug(81)
000000 samr_io_r_chgpasswd_user
[2003/12/18 18:33:32, 5] rpc_parse/parse_prs.c:prs_ntstatus(664)
0000 status: NT_STATUS_ACCESS_DENIED
----------END-----------------
Quoting Craig White <craigwhite at azapple.com>:
> As far as I know there are only these required elements.
>
> root user must be part of smbpasswd base
> smbpasswd -w must be the authentication password with read/write access
> to LDAP
> I used the scripts from smbldap - that were part of the samba
> distribution...sort of, I updated from Red Hat rpm smbldap-tools but
> these are the scripts that are run - add user/add group etc.
>
> Check your samba/logs for clues
>
> Craig
>
> On Thu, 2003-12-18 at 10:13, s.jousse at free.fr wrote:
> > no, i did it
> > but, i think if i didn't it, I cannot join Machine while addind machine
> > account on the fly with Samba...
> >
> > ----- Original Message -----
> > From: "Craig White" <craigwhite at azapple.com>
> > To: <s.jousse at free.fr>
> > Cc: <samba at lists.samba.org>
> > Sent: Thursday, December 18, 2003 6:09 PM
> > Subject: Re: [Samba] Samba 3 PDC with LDAP - Error when changing
> > userpassword from windows
> >
> >
> > > On Thu, 2003-12-18 at 10:04, s.jousse at free.fr wrote:
> > > > Hi all!
> > > > I've a Samba 3 PDC with LDAP backend.
> > > > When I join domain from a WinXP machine, the machine account is added
> in
> > LDAP,
> > > > it works fine.
> > > > I can log on this machine with a user I created before with
> > smbldap-useradd.pl
> > > > script.
> > > > When I want to change his password from windows (CTRL-ALT-SUP panel),
> it
> > > > says: "don't have the right permission to do that..." but password is
> > changed
> > > > in LDAP with the new one.
> > > > And when I log back this user, I need the new password.
> > > > I'm using smbldap-passwd.pl to change password.
> > > > In Samba log, i see NT_STATUS_ACCESS_DENIED and
> NT_STATUS_WRONG_PASSWORD
> > > ---
> > > I'm new at this game but I'll take a guess...
> > >
> > > problem with secrets.tdb?
> > >
> > > smbpasswd -w <bind password for ldap>
> > >
> > > Craig
> > >
> > >
> > >
>
>
More information about the samba
mailing list