[Samba] Unable to change password

Roberto Morelli r.morelli at usl11.toscana.it
Thu Apr 15 16:10:03 GMT 2004 

Hi everybody,
I'm an italian system administration (newbie about Samba).
I have installed on Mandrake 9.1 the rpm samba3-*-3.0.2a downloaded from 
a Samba.org's mirror.
I have configured a PDC based on ldapsam (OpenLDAP 2.1.29) that works 
fine, i use smbldap tools to manage sincronization account.

Now the problem, when I try from my W2000 Workstation to change my 
domain password I reach a error message:
UserName or Old password are wrong....Obviously these are right, not wrong.

On the same machine I had installed Samba 2.2.8a and password change worked.

Analizing samba log this is the message that I found:
[2004/04/15 12:07:29, 0] smbd/chgpasswd.c:check_oem_password(832)
 check_oem_password: incorrect password length (1211185023).

My old password is of  7 chars, the new of 8 chars but I have the same 
problems with password of other lengths, less and more.

If I try to change the password with:
smbpasswd -U <username> -r <PDC> i get this message on video

machine <PDC> rejected the password change: Error was : RAP86: The 
specified pas
sword is invalid.
Failed to modify password entry for user <username>

This is the section of Samba's log about this operation
[2004/04/15 12:40:00, 2] passdb/pdb_ldap.c:init_ldap_from_sam(769)
 init_ldap_from_sam: Setting entry for user: <username>
[2004/04/15 12:40:00, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1217)
 ldapsam_modify_entry: Failed to modify user dn= 
uid=<username>,ou=Users,dc=usl11,d
c=net with: No such attribute
       modify/delete: sambaPwdMustChange: no such value
[2004/04/15 12:40:00, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1417)
 ldapsam_update_sam_account: failed to modify user with uid = 
<username>, error: mo
dify/delete: sambaPwdMustChange: no such value (Success)
[2004/04/15 12:40:00, 2] smbd/server.c:exit_server(558)
 Closing connections

Obviously the sambaPwdMustChange attribute is one of the entry, it's 
value has no sense for me but it's present.

If I try to change the password from root with
smbpasswd -L <username> works

If I try to change the password from <username> with
smbpasswd -D 10 -L  i get on video these messages:

Netbios name list:-
my_netbios_names[0]="ICARO"
tdb(unnamed): tdb_open_ex: could not open file /etc/samba3/secrets.tdb: 
Permissi
on denied
Failed to open /etc/samba3/secrets.tdb
New SMB password:
Retype new SMB password:
Trying to load: ldapsam:ldap://127.0.0.1
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match ldapsam:ldap://127.0.0.1 
(ldapsam)
Found pdb backend ldapsam
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=USL11-NT))]
smbldap_search: base => [dc=usl11,dc=net], filter => 
[(&(objectClass=sambaDomain
)(sambaDomainName=USL11-NT))], scope => [2]
smbldap_open: cannot access LDAP when not root..
Connection to LDAP Server failed for the 1 try!
smbldap_search_suffix: Problem during the LDAP search: (unknown) 
(Insufficient a
ccess)
Problem during LDAPsearch: Insufficient access
Query was: dc=usl11,dc=net, 
(&(objectClass=sambaDomain)(sambaDomainName=USL11-NT
))
pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the 
domain
pdb_init_ldapsam: Continuing on regardless, will be unable to allocate 
new users
/groups, and will risk BDCs having inconsistant SIDs
tdb(unnamed): tdb_open_ex: could not open file /etc/samba3/secrets.tdb: 
Permissi
on denied
Failed to open /etc/samba3/secrets.tdb
tdb(unnamed): tdb_open_ex: could not open file /etc/samba3/secrets.tdb: 
Permissi
on denied
Failed to open /etc/samba3/secrets.tdb
tdb(unnamed): tdb_open_ex: could not open file /etc/samba3/secrets.tdb: 
Permissi
on denied
Failed to open /etc/samba3/secrets.tdb
pdb_generate_sam_sid: Failed to store generated machine SID.
PANIC: Could not generate a machine SID

BACKTRACE: 1 stack frames:
 #0 smbpasswd3(smb_panic+0x11b) [0x80c96ab]
Aborted


This is a section of my smb.conf :

workgroup = USL11-NT
netbios name = Icaro
server string = Samba Server %v
log file = /var/log/samba3/log.%m
max log size = 50
log level = 2
map to guest = bad user
security = user
encrypt passwords = yes
unix password sync = Yes
passwd program = /usr/bin/smbldap-passwd3 -o %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n 
*all*authentication*tokens*updated*successfully*
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
os level = 65
domain master = yes
preferred master = yes
domain logons = yes
add user script = /usr/bin/smbldap-useradd3 -m "%u"
delete user script = /usr/bin/smbldap-serdel3 "%u"
add group script = /usr/bin/smbldap-groupadd3 -p "%g"
delete group script = /usr/bin/smbldap-groupdel3 "%g"
add machine script = /usr/bin/smbldap-useradd3 -w "%u"
passdb backend = ldapsam:ldap://127.0.0.1
ldap admin dn = "cn=Manager,dc=usl11,dc=net"
; ldap ssl = start_tls
ldap ssl = off
ldap suffix = dc=usl11,dc=net
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computer

Please, help me...
Thanks in advance for your help

Roberto Morelli
Azienda U.S.L. 11 Empoli


------------------------------------------------------------------------

-- To unsubscribe from this list go to the following URL and read the 
instructions: http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list