[Samba] User Cant Change Password from Windows XP

Joseph E. Werle jwerle at kernelerror.com
Sat Jul 31 15:00:50 GMT 2004 

Ok I have searched the archives and have tried several different options 
but cant seem to get this to work.  When users try and change their 
password from windows they get an error saying they do not have 
permission to change their password.  any help wourld be appreciated.
I am running Samba3 with an ldap backend.

Here is my smb.conf file: 
[global]
workgroup = HGW
netbios name = LUCIFER
server string = Lucifer PDC
interfaces = eth0, lo
security = user
bind interfaces only = YES
encrypt passwords = yes
unix password sync = yes
pam password change = yes
passwd program = /usr/bin/passwd %u
ldap password change = yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n 
*passwd:*all*authentication*tokens*updated*successfully*
passdb backend = ldapsam:ldap://127.0.0.1
username map = /etc/samba/smbusers
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50
smb ports = 139 445
name resolve order = wins bcast hosts
time server = yes
printcap name = CUPS
show add printer wizard = no
add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u'
delete user script = /var/lib/samba/sbin/smbldap-userdel.pl %u
add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g'
delete user script = /var/lib/samba/sbin/smbldap-groupdel.pl '%g'
add user to group script = /var/lib/samba/sbin/smbldap-groupmod.pl -m 
'%u' '%g'
delete user from group script = /var/lib/samba/sbin/smbldap-groupmod.pl 
-x '%u' '%g'
set primary group script = /var/lib/samba/sbin/smbldap-usermod.pl -g 
'%g' '%u'
add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u'
logon home = \\%L\%U
logon script = %U.bat
logon path = \\%L\profiles\%U
logon drive = U:
domain logons = Yes
preferred master = Yes
wins support = Yes
ldap suffix = dc=hosgonewhack, dc=com
ldap machine suffix = ou=People
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap

sample entry from ldap:
dn: uid=jwerle, ou=People, dc=hosgonewhack,dc=com
sambaPrimaryGroupSID: <EDIT>
sambaLMPassword: <EDIT>
displayName: System User
sambaLogonScript: jwerle.cmd
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
userPassword:: <EDIT>
sambaLogonTime: 0
sambaHomeDrive: U:
uid: jwerle
uidNumber: 1000
cn: jwerle
sambaLogoffTime: 2147483647
sambaPwdLastSet: 1090989705
sambaAcctFlags: [U]
loginShell: /bin/bash
sambaProfilePath: \\LUCIFER\profiles\jwerle
gidNumber: 512
sambaPwdMustChange: 1094877705
sambaPwdCanChange: 0
sambaNTPassword: <EDIT>
gecos: System User
sambaSID: <EDIT>
description: System User
homeDirectory: /home/jwerle
sambaKickoffTime: 0
sn: jwerle
sambaHomePath: \\LUCIFER\homes

More information about the samba mailing list