[Samba] Changing password from windows
s.jousse at free.fr
s.jousse at free.fr
Tue Dec 30 15:12:25 GMT 2003
Hi all!
I had some problem with LDAP, so I setup a Samba PDC without LDAP and then I
migrate it to LDAP.
Before that, all worked fine, changing password from Windows too. But now, a
popup in windows says "username or old password incorrect. Password is case
sensitive" (it's not the exact sentence for you since I translated it from my
language) and I got this error in log:
sambaPwdCanChange: value #0 already exists
But the password is REALLY changed and the sync is OK!
--> I got an error message but the command succeeded...
When I did it in a shell, I got no error...
Here is smb.conf:
--- BEGIN SMB.CONF ---
[global]
netbios name = PDCLINUX
workgroup = TESTDOMAIN
server string = TestCenter
comment = Controleur de Domaine
time server = yes
passdb backend = ldapsam:ldap://ldap.mydomain.com
encrypt passwords = yes
security = user
preferred master = yes
domain master = yes
local master = yes
domain logons = yes
wins support = yes
os level = 80
hosts allow = 192.168.0. 127.
# LDAP
ldap admin dn = "cn=Manager,dc=mydomain,dc=com"
ldap ssl = off
ldap delete dn = no
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap suffix = dc=mydomain,dc=com
ldap passwd sync = yes
unix password sync = yes
log level = 256
log file = /var/samba/log/%U.log
passwd chat debug = yes
passwd program = /usr/local/samba/bin/smbpasswd %u
passwd chat = *ew*password* %n\n *ew*password* %n\n
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
logon path = \\pdc.mydomain.com\profiles\%U
logon drive = H:
logon home = \\pdc.mydomain.com\%U
logon script = %U.bat
add machine script = /usr/sbin/useradd -d /dev/null -g machines -
s /bin/false -c %U%I %U
[homes]
comment = Home Directory
guest ok = no
read only = no
create mask = 0664
directory mask = 0775
[netlogon]
comment = Network Logon Service
path = /var/samba/netlogon
read only = yes
guest ok = yes
share modes = no
root preexec = /var/samba/netlogon/login.pl %U %G %L
browseable = no
--- END SMB.CONF ---
And here the log:
--- BEGIN LOG ---
[2003/12/30 15:43:49, 10] smbd/chgpasswd.c:dochild(217)
Invoking '/usr/local/samba/bin/smbpasswd testuser' as password change program.
[2003/12/30 15:43:49, 10] lib/util_sock.c:read_socket_with_timeout(263)
read_socket_with_timeout: timeout read. select timed out.
[2003/12/30 15:43:49, 100] smbd/chgpasswd.c:expect(274)
expect: expected [*ew*password*] received [New SMB password:] match yes
[2003/12/30 15:43:49, 10] smbd/chgpasswd.c:expect(285)
expect: returning True
[2003/12/30 15:43:49, 100] smbd/chgpasswd.c:expect(237)
expect: sending [testuser
]
[2003/12/30 15:43:49, 10] lib/util_sock.c:read_socket_with_timeout(263)
read_socket_with_timeout: timeout read. select timed out.
[2003/12/30 15:43:49, 100] smbd/chgpasswd.c:expect(274)
expect: expected [*ew*password*] received [
Retype new SMB password:] match yes
[2003/12/30 15:43:49, 10] smbd/chgpasswd.c:expect(285)
expect: returning True
[2003/12/30 15:43:49, 100] smbd/chgpasswd.c:expect(237)
expect: sending [testuser
]
[2003/12/30 15:43:49, 3] smbd/chgpasswd.c:chat_with_program(438)
Password change successful for user testuser
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
element 32 -> now CHANGED
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
element 31 -> now CHANGED
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
element 10 -> now CHANGED
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
element 20 -> now CHANGED
[2003/12/30 15:43:49, 10] lib/account_pol.c:account_policy_get(134)
account_policy_get: maximum password age:-1
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
element 9 -> now CHANGED
[2003/12/30 15:43:49, 10] lib/account_pol.c:account_policy_get(134)
account_policy_get: minimum password age:0
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
element 8 -> now CHANGED
[2003/12/30 15:43:49, 4] passdb/pdb_ldap.c:ldapsam_update_sam_account(1370)
ldapsam_update_sam_account: user testuser to be modified has dn: uid=testuser,
ou=People,dc=phonambule-tv,dc=com
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 11: SET
[2003/12/30 15:43:49, 2] passdb/pdb_ldap.c:init_ldap_from_sam(769)
init_ldap_from_sam: Setting entry for user: testuser
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 17: SET
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 18: SET
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 12: SET
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
element 22: DEFAULT
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
element 23: DEFAULT
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
element 25: DEFAULT
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
element 1: DEFAULT
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
element 3: DEFAULT
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
element 4: DEFAULT
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
element 2: DEFAULT
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
element 5: DEFAULT
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
element 6: DEFAULT
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
element 7: DEFAULT
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 8: SET
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194)
element 8: CHANGED
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 9: SET
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194)
element 9: CHANGED
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 31: SET
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194)
element 31: CHANGED
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 32: SET
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194)
element 32: CHANGED
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 20: SET
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194)
element 20: CHANGED
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 19: SET
[2003/12/30 15:43:49, 11] lib/smbldap.c:smbldap_open(822)
smbldap_open: already connected to the LDAP server
[2003/12/30 15:43:49, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1203)
ldapsam_modify_entry: Failed to modify user dn= uid=testuser,ou=People,dc=phon
ambule-tv,dc=com with: Type or value exists
modify/add: sambaPwdCanChange: value #0 already exists
[2003/12/30 15:43:49, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1397)
ldapsam_update_sam_account: failed to modify user with uid = testuser, error:
modify/add: sambaPwdCanChange: value #0 already exists (Success)
[2003/12/30 15:43:49, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (1001, 547) - sec_ctx_stack_ndx = 1
[2003/12/30 15:43:49, 5] rpc_parse/parse_samr.c:init_samr_r_chgpasswd_user(7120)
init_r_chgpasswd_user
[2003/12/30 15:43:49, 5] rpc_server/srv_samr_nt.c:_samr_chgpasswd_user(1469)
_samr_chgpasswd_user: 1469
[2003/12/30 15:43:49, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 samr_io_r_chgpasswd_user
[2003/12/30 15:43:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(665)
0000 status: NT_STATUS_ACCESS_DENIED
--- END LOG ---
Can someone explain me why I got an error with the field sambaPwdCanChange in
LDAP, when I look it after the command, this field is changed...
Thanks alot!
Sébastien.
More information about the samba
mailing list