[Samba] Samba 3 PDC with LDAP - Error when changinguserpasswordfrom windows

s.jousse at free.fr s.jousse at free.fr
Thu Dec 18 22:30:37 GMT 2003

1. yes, I tried these lines and in the logs, there was a failure in response 
3 "match no". When I manually ran smbldaa-passwd.pl in xterm, I saw that
there's never a "successfully" meesage when the password is changed with
success, I looked the code (luckily it's Perl ;o)), and I didn't see any
"print "succes"" or "print "password changed"". So, I added it myself and
now, it passed the Response 3 correctly (match yes) like you see ine the
--> Maybe I made a mistake when changing the script like that, just added a
print just before "exit 0"...

2. I only changed the script like I just said in answer above... I got
smbldap-tools on samba.idealx.org, in the menu on the right side but I'm
looking better now, and this version is 0.8.1 and in the page, there's a
0.8.2 version... I'll try 0.8.2 tomorrow now to see why there's still 2
connections. Which are the better: in samba 3 tarball (i don't see version
number in scripts) or at idealx website?
--> I just look the code of smbldap-passwd.pl and there's still not "print

3. Sorry, I don't understand exactly...
--> I just know that my password is changed with success despite of the
error popup on Windows.

4. The default passwd chat failed on Response 3, this is in my answer for
1st question.
I took the schema in samba tarball (examples/LDAP/samba.schema), maybe it
was corrupted or modified by error, I'll see tomorrow too (too much things
to do tomorrow! :o))
--> In what order I must add samba.schema in slapd.conf? I put it after all
others (cosine.schema, nis.schema, ...)

5. (Added myself) I setup pam_ldap and nss_ldap (from padl software). I
modified these files: /etc/nsswitch.conf, /etc/ldap.conf and some in
/etc/pam.d/ (system-auth, su, ssh, ...). I dont have any Linux user, ALL my
users are in LDAP (except for system users like root, bin, postfix, mysql,
...). I'll mostly control the server by shh or web interface, and rarely on
the machine itself (console or X mode). I have several questions:
a) Do I must put system users in LDAP or just in /etc/passwd is enough?
b) Wich files in /etc/pam.d/ I must modified to have my services and
password sync work?
c) I build Samba without --with-pam and --with-pam_smbpass, is it a mistake
or is it good? And what are these options exactly in simple words, i didn't
understand docs...
d) Is there a doc that well explain how to install Samba 3 in PDC role using
LDAP backend? If there's one, I didn't find it. I took little parts from
several docs, and mostly are for Samba 2.2.
e) In log, I saw that when a user under WinXP open a session on the domain,
Samba search for a guest, nobody group or user in LDAP and after, it
connects with Manager (my LDAP admin) and do the authentication process, why
is it searching guest or nobody?

Thank you very much for your help and advice!
Sebastion Jousse.

----- Original Message ----- 
From: "Toby Schaefer" <toby-list at mail.nixa.k12.mo.us>
To: <samba at lists.samba.org>
Sent: Thursday, December 18, 2003 6:57 PM
Subject: RE: [Samba] Samba 3 PDC with LDAP - Error when
changinguserpasswordfrom windows

 >From what it looks like, you are most likely setup correctly... A few
> questions:
> 1. In your smb.conf, is pw change as such:
> passwd chat debug = Yes
> passwd program =/usr/local/bin/smbldap-passwd.pl -o %u
> passwd chat = *new*password* %n\n *new*password:* %n\ *successfully*
> (I'm guessing it is due to your logs showing it correctly.)
> 2. It seems that it's dying trying to open a second connection to your
> server that it isn't closing.  Have you the latest smbldap-tools (the ones
> that came with Samba3?), and have you modified them at all.
> 3. You may want to do a test - It seems to not be updating all your tokens
> correctly.  To test this, make a note of what the sambaLMPassword is, then
> try to change the password.  See if this value changes.  If it doesn't,
> it's going to get rather confusing having multiple hashes!
> 4.  Finally, has the password chat ever worked over there?  It's working
> our domain beautifully; however, YMMV. :)  If it has never worked
> I'd at this point look to make sure your schema is correct and that
> the sambaLMPassword portion didn't get hosed during setup.
> Cheers,
> Toby Schaefer

More information about the samba mailing list