[Samba] Samba unix password sync

Ganeshram Iyer gri0941 at exchange.uta.edu
Fri Aug 20 21:35:22 GMT 2004


Hello all:

I know I had posted this question a while ago, but I have just not been 
able to get it to work. I am trying to sync samba passwords with unix 
passwords and it is just not working. I have attached the 
results of
"testparm -sv /etc/samba/smb.conf > smbconfig.txt"
with this email. I have also attached the "net groupmap list" results.

If anyone can provide any suggestions that would help me solve my 
problem I would highly appreciative. If I run smbpasswd through ssh or 
even at a local terminal, I get the error "RAP86" saying that the 
password is invalid. If I try to change the password through 
Ctrl+Alt+Del on one of my WinXP domain client machines I get a "You do 
not have permission to change your password" error. So basically the 
user is unable to change his password with a single command (smbpasswd). 
I am wondering if there is something really obvious that I am missing.

# Global parameters
[global]
   dos charset = CP850
   unix charset = UTF-8
   display charset = LOCALE
   workgroup = VEL
   realm =
   netbios name = MISFIT
   netbios aliases =
   netbios scope =
   server string = VEL Domain Server
   interfaces =
   bind interfaces only = No
   security = USER
   auth methods =
   encrypt passwords = Yes
   update encrypted = No
   client schannel = Auto
   server schannel = Auto
   allow trusted domains = Yes
   hosts equiv =
   min passwd length = 5
   map to guest = Never
   null passwords = No
   obey pam restrictions = No
   password server = *
   smb passwd file = /etc/samba/smbpasswd
   private dir = /etc/samba
   passdb backend = smbpasswd
   algorithmic rid base = 1000
   root directory =
   guest account = nobody
   pam password change = No
   passwd program = /usr/bin/passwd %u
   passwd chat = *new password* %n\n *new password* %n\n *success*
   passwd chat debug = No
   passwd chat timeout = 2
   username map = /etc/samba/smbusers
   password level = 0
   username level = 0
   unix password sync = Yes
   restrict anonymous = 0
   lanman auth = Yes
   ntlm auth = Yes
   client NTLMv2 auth = No
   client lanman auth = Yes
   client plaintext auth = Yes
   preload modules =
   log level = 2
   syslog = 1
   syslog only = No
   log file = /var/log/samba/log.%m
   max log size = 50
   timestamp logs = Yes
   debug hires timestamp = No
   debug pid = No
   debug uid = No
   smb ports = 445 139
   protocol = NT1
   large readwrite = Yes
   max protocol = NT1
   min protocol = CORE
   read bmpx = No
   read raw = Yes
   write raw = Yes
   disable netbios = No
   acl compatibility =
   nt pipe support = Yes
   nt status support = Yes
   announce version = 4.9
   announce as = NT
   max mux = 50
   max xmit = 16644
   name resolve order = lmhosts wins host bcast
   max ttl = 259200
   max wins ttl = 518400
   min wins ttl = 21600
   time server = No
   unix extensions = Yes
   use spnego = Yes
   client signing = auto
   server signing = No
   client use spnego = Yes
   change notify timeout = 60
   deadtime = 0
   getwd cache = Yes
   keepalive = 300
   kernel change notify = Yes
   lpq cache time = 10
   max smbd processes = 0
   paranoid server security = Yes
   max disk size = 0
   max open files = 10000
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   use mmap = Yes
   hostname lookups = No
   name cache timeout = 660
   load printers = Yes
   printcap cache time = 0
   printcap name = cups
   disable spoolss = No
   enumports command =
   addprinter command =
   deleteprinter command =
   show add printer wizard = Yes
   os2 driver map =
   mangling method = hash2
   mangle prefix = 1
   stat cache = Yes
   machine password timeout = 604800
   add user script =
   delete user script =
   add group script =
   delete group script =
   add user to group script =
   delete user from group script =
   set primary group script =
   add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s 
/bin/false -M %u
   shutdown script =
   abort shutdown script =
   logon script =
   logon path = \\%N\%U\profile
   logon drive =
   logon home = \\%N\%U
   domain logons = Yes
   os level = 33
   lm announce = Auto
   lm interval = 60
   preferred master = Auto
   local master = Yes
   domain master = Yes
   browse list = Yes
   enhanced browsing = Yes
   dns proxy = Yes
   wins proxy = No
   wins server =
   wins support = No
   wins hook =
   wins partners =
   kernel oplocks = Yes
   lock spin count = 3
   lock spin time = 10
   oplock break wait time = 0
   ldap suffix =
   ldap machine suffix =
   ldap user suffix =
   ldap group suffix =
   ldap idmap suffix =
   ldap filter = (uid=%u)
   ldap admin dn =
   ldap ssl = no
   ldap passwd sync = no
   ldap delete dn = No
   ldap replication sleep = 1000
   add share command =
   change share command =
   delete share command =
   config file =
   preload =
   lock directory = /var/cache/samba
   pid directory = /var/run
   utmp directory =
   wtmp directory =
   utmp = No
   default service =
   message command =
   dfree command =
   get quota command =
   set quota command =
   remote announce =
   remote browse sync =
   socket address = 0.0.0.0
   homedir map = auto.home
   afs username map =
   time offset = 0
   NIS homedir = No
   panic action =
   host msdfs = No
   enable rid algorithm = Yes
   idmap backend =
   idmap uid =
   idmap gid =
   template primary group = nobody
   template homedir = /home/%D/%U
   template shell = /bin/false
   winbind separator = \
   winbind cache time = 300
   winbind enable local accounts = Yes
   winbind enum users = Yes
   winbind enum groups = Yes
   winbind use default domain = No
   winbind trusted domains only = No
   winbind nested groups = No
   comment =
   path =
   username =
   invalid users =
   valid users =
   admin users =
   read list =
   write list =
   printer admin =
   force user =
   force group =
   read only = Yes
   create mask = 0744
   force create mode = 00
   security mask = 0777
   force security mode = 00
   directory mask = 0755
   force directory mode = 00
   directory security mask = 0777
   force directory security mode = 00
   inherit permissions = No
   inherit acls = No
   guest only = No
   guest ok = No
   only user = No
   hosts allow =
   hosts deny =
   ea support = No
   nt acl support = Yes
   profile acls = No
   map acl inherit = No
   afs share = No
   block size = 1024
   max connections = 0
   min print space = 0
   strict allocate = No
   strict sync = No
   sync always = No
   use sendfile = No
   write cache size = 0
   max reported print jobs = 0
   max print jobs = 1000
   printable = No
   printing = cups
   cups options =
   print command =
   lpq command =
   lprm command =
   lppause command =
   lpresume command =
   queuepause command =
   queueresume command =
   printer name =
   use client driver = No
   default devmode = No
   default case = lower
   case sensitive = No
   preserve case = Yes
   short preserve case = Yes
   mangling char = ~
   hide dot files = Yes
   hide special files = No
   hide unreadable = No
   hide unwriteable files = No
   delete veto files = No
   veto files =
   hide files =
   veto oplock files =
   map system = No
   map hidden = No
   map archive = Yes
   mangled names = Yes
   mangled map =
   store dos attributes = No
   browseable = Yes
   blocking locks = Yes
   csc policy = manual
   fake oplocks = No
   locking = Yes
   oplocks = Yes
   level2 oplocks = Yes
   oplock contention limit = 2
   posix locking = Yes
   strict locking = Yes
   share modes = Yes
   copy =
   include =
   exec =
   preexec close = No
   postexec =
   root preexec =
   root preexec close = No
   root postexec =
   available = Yes
   volume =
   fstype = NTFS
   set directory = No
   wide links = Yes
   follow symlinks = Yes
   dont descend =
   magic script =
   magic output =
   delete readonly = No
   dos filemode = No
   dos filetimes = No
   dos filetime resolution = No
   fake directory create times = No
   vfs objects =
   msdfs root = No
   msdfs proxy =

[homes]
   comment = Home Directories
   read only = No
   browseable = No

[netlogon]
   comment = Network Logon Service
   path = /home/netlogon

==============================net groupmap list=================
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Domain Guests (S-1-5-21-435993173-2267087309-598895644-514) -> nobody
Guests (S-1-5-32-546) -> -1
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Domain Admins (S-1-5-21-435993173-2267087309-598895644-512) -> root
Account Operators (S-1-5-32-548) -> -1
Domain Users (S-1-5-21-435993173-2267087309-598895644-513) -> users
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> -1





More information about the samba mailing list