[Samba] Samba 3 PDC with LDAP - Error when changing userpasswordfrom windows

Toby Schaefer toby-list at mail.nixa.k12.mo.us
Thu Dec 18 17:57:12 GMT 2003


-----Original Message-----
From: samba-bounces+toby-list=mail.nixa.k12.mo.us at lists.samba.org
[mailto:samba-bounces+toby-list=mail.nixa.k12.mo.us at lists.samba.org] On
Behalf Of s.jousse at free.fr
Sent: Thursday, December 18, 2003 11:38 AM
To: Craig White
Cc: samba at lists.samba.org
Subject: Re: [Samba] Samba 3 PDC with LDAP - Error when changing
userpasswordfrom windows

here my passwd chat log (sorry, it's long): 
 
---------BEGIN----------------- 
[2003/12/18 18:33:31, 3] smbd/chgpasswd.c:chat_with_program(419) 
  Dochild for user jchomarat3 (uid=0,gid=0) (as_root = Yes) 
[2003/12/18 18:33:31, 10] smbd/chgpasswd.c:dochild(217) 
  Invoking '/usr/local/sbin/smbldap-passwd.pl -o jchomarat3' as password
change 
program. 
[2003/12/18 18:33:32, 10] lib/util_sock.c:read_socket_with_timeout(263) 
  read_socket_with_timeout: timeout read. select timed out. 
[2003/12/18 18:33:32, 100] smbd/chgpasswd.c:expect(271) 
  expect: expected [*New*password*] received [Changing password for
jchomarat3 
  New password : ] match yes 
[2003/12/18 18:33:32, 10] smbd/chgpasswd.c:expect(282) 
  expect: returning True 
....

 [2003/12/18 18:33:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) 
  element 19: SET 
[2003/12/18 18:33:32, 11] lib/smbldap.c:smbldap_open(820) 
  smbldap_open: already connected to the LDAP server 
[2003/12/18 18:33:32, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1173) 
  ldapsam_modify_entry: Failed to modify user dn=
uid=jchomarat3,ou=People,dc=ph 
onambule-tv,dc=com with: Type or value exists 
        modify/add: sambaLMPassword: value #0 already exists 
[2003/12/18 18:33:32, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1366) 
  ldapsam_update_sam_account: failed to modify user with uid = jchomarat3,
error 
: modify/add: sambaLMPassword: value #0 already exists (Success) 
[2003/12/18 18:33:32, 3] smbd/sec_ctx.c:pop_sec_ctx(386) 
  pop_sec_ctx (1003, 512) - sec_ctx_stack_ndx = 1 
[2003/12/18 18:33:32, 5]
rpc_parse/parse_samr.c:init_samr_r_chgpasswd_user(7177) 
  init_r_chgpasswd_user 
[2003/12/18 18:33:32, 5] rpc_server/srv_samr_nt.c:_samr_chgpasswd_user(1553)

  _samr_chgpasswd_user: 1553 
[2003/12/18 18:33:32, 5] rpc_parse/parse_prs.c:prs_debug(81) 
  000000 samr_io_r_chgpasswd_user 
[2003/12/18 18:33:32, 5] rpc_parse/parse_prs.c:prs_ntstatus(664) 
      0000 status: NT_STATUS_ACCESS_DENIED 
----------END----------------- 



>From what it looks like, you are most likely setup correctly... A few
questions:

1. In your smb.conf, is pw change as such:

passwd chat debug = Yes
passwd program =/usr/local/bin/smbldap-passwd.pl -o %u
passwd chat = *new*password* %n\n *new*password:* %n\ *successfully*

(I'm guessing it is due to your logs showing it correctly.)

2. It seems that it's dying trying to open a second connection to your LDAP
server that it isn't closing.  Have you the latest smbldap-tools (the ones
that came with Samba3?), and have you modified them at all.

3. You may want to do a test - It seems to not be updating all your tokens
correctly.  To test this, make a note of what the sambaLMPassword is, then
try to change the password.  See if this value changes.  If it doesn't, then
it's going to get rather confusing having multiple hashes!

4.  Finally, has the password chat ever worked over there?  It's working in
our domain beautifully; however, YMMV. :)  If it has never worked correctly,
I'd at this point look to make sure your schema is correct and that somehow
the sambaLMPassword portion didn't get hosed during setup.

Cheers,

Toby Schaefer



More information about the samba mailing list