[Samba] Password trouble with LDAP (eDirectory)

Erik Holst Trans eht at it-trans.dk
Mon Jun 7 09:28:02 GMT 2004


I just tied to lower the sambaPwdMustChange value, and then the windows 
   client correctly says the password is expired, and prompts for a new one.

But the update fails because the server still does't accept the password 
  (the old one)
So the sambaPwdMustChange shold be fine.

Below is the Administrator LDAP entry.
I am know that the home path's are wrong, but that shold not have 
anything to do with my problem.

BTW. the Samba version is 3.0.4

Best regards
Erik Holst Trans

version: 1

# LDIF Export for: uid=Administrator,o=it-trans
# Generated by phpLDAPadmin on June 7, 2004 11:17 am
# Server: SLSS (ldap://
# Search Scope: base
# Total Entries: 1

# Entry 1: uid=Administrator,o=it-trans
sambaPrimaryGroupSID: S-1-5-21-511030576-2330128811-1600862552-512
sambaSID: S-1-5-21-511030576-2330128811-1600862552-2996
sambaHomePath: \\SLSS\homes
sambaHomeDrive: H:
sambaKickoffTime: 2147483647
sambaLogoffTime: 2147483647
sambaLogonTime: 0
sambaPwdMustChange: 2147483647
sambaPwdCanChange: 1086598595
sambaPwdLastSet: 1086598595
sambaAcctFlags: [U]
sambaNTPassword: 2D20D252A479F485CDF5E171D93985BF
sambaLMPassword: 598DDCE2660D3193AAD3B435B51404EE
loginShell: /bin/bash
homeDirectory: /home/
gecos: Netbios Domain Administrator
gidNumber: 512
uidNumber: 0
uid: Administrator
sn: Administrator
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
objectClass: shadowAccount
objectClass: organizationalPerson
objectClass: Person
objectClass: ndsLoginProperties
objectClass: Top
cn: Administrator
ACL: 2#entry#[Public]#messageServer
ACL: 2#entry#[Root]#groupMembership
ACL: 2#entry#[Root]#networkAddress
ACL: 2#subtree#uid=Administrator,o=it-trans#[All Attributes Rights]
ACL: 6#entry#uid=Administrator,o=it-trans#loginScript
ACL: 6#entry#uid=Administrator,o=it-trans#printJobConfiguration

brucehohl at access-4-free.com wrote:
> From: Erik Holst Trans <eht at it-trans.dk>
> To: samba at lists.samba.org
> Subject: [Samba] Password trouble with LDAP (eDirectory)
> Date: Mon, 07 Jun 2004 02:25:03 +0200
>>When i try to logon as a user with the correct password,
>>access is  denied and the log says
>>    check_ntlm_password:  Authentication for user
>>[administrator] ->  [administrator] FAILED with error
> Just a quick thought ... has the password expired?
> Check ldap attribute sambaPwdMustChange.

More information about the samba mailing list