[Samba] Unable to change password from win2k with a samba pdc

Day, Michael A (Contractor-UAH) Michael.Day at rdec.redstone.army.mil
Thu Feb 13 13:39:23 GMT 2003


Howdy I've searched mailing lists and have not found anyone with the same
problem (as far as I can tell). 
I've setup a samba pdc (samba-2.2.7-2 rpm for RedHat 8.0) following the
instructions on the samba PDC HOWTO:
http://us3.samba.org/samba/ftp/docs/htmldocs/Samba-PDC-HOWTO.html
I've successfully setup the samba PDC and have joined a test client running
win2k to a domain called "VTC." Roaming profiles and login scripts work
fine. However, when I attempt to change the password from the win2k box I
get the following alert box: 
The system cannot change your password now because the domain VTC is not
available. 
Obviously the domain is available, since I just authenticated to it!! I am
fairly certain that this is not a problem with the passwd chat parameter,
since people on the newsgroup with that problem got an "incorrect password"
error (rather than a "domain not avaliable" error). 
In order to solve this problem I've: 
1) brought down my firewall, 
2) tried to change passwords with and without the password chat parameter
being enabled 
3) enabled and disabled pam control over passwords all to no avail. 
Please help! -- log file and smb.conf are after my signature
Note: the client machine is named mx04 and the samba pdc is named mx11
Mike Day 
log file (mx04.log):
----------------------------------------------------------------------------
-----
[2003/02/11 14:06:50, 2] lib/access.c:check_access(329)
  Allowed connection from  (136.205.103.37)
[2003/02/11 14:06:50, 0] rpc_server/srv_pipe.c:api_pipe_auth_process(1092)
  api_pipe_auth_process: NTLMSSP check failed.
[2003/02/11 14:06:50, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(486)
  process_request_pdu: failed to do auth processing.
[2003/02/11 14:06:50, 2] lib/access.c:check_access(329)
  Allowed connection from  (136.205.103.37)
[2003/02/11 14:06:50, 0] lib/util_sec.c:assert_gid(114)
  Failed to set gid privileges to (0,99) now set to (0,-1) uid=(0,99)
[2003/02/11 14:06:50, 0] lib/util.c:smb_panic(1094)
  PANIC: failed to set gid
  
[2003/02/11 14:06:50, 2] lib/access.c:check_access(329)
  Allowed connection from  (136.205.103.37)
[2003/02/11 14:06:50, 0] lib/util_sec.c:assert_gid(114)
  Failed to set gid privileges to (0,99) now set to (0,-1) uid=(0,99)
[2003/02/11 14:06:50, 0] lib/util.c:smb_panic(1094)
  PANIC: failed to set gid
-----------------------------------------------------------------
END LOG FILE
smb.conf file:
[global]

; Basic server settings
netbios name = MX11
workgroup = VTC

; we should act as the domain and local master browser
os level = 64
preferred master = yes
domain master = yes
local master = yes

;security settings (must use user security)
security = user

;encrypted passwords are requirement for a PDC
encrypt passwords = yes

; support domain logons
domain logons = yes

; where to store profiles?
logon path = \\%L\profiles\%U

;where is a user's home directory and where should
;it be mounted at?
logon drive = H:
#logon home is supposedly only needed for Win 9x/Me clients
#logon home = 

;specify a generic logon script for all users
; this is a relative **DOS** path to the [netlogon] share
; NO logon script for now
;logon script =

;necessary share for domain controller
[netlogon]
	path = /home/netlogon 
	read only = yes
	write list = mike.day

;share for storing user profiles
[profiles]
	path = /home/samba/profiles 
	read only = no
	create mask = 0600
	directory mask = 0700







More information about the samba mailing list