[Samba] Password change problem, Samba 3.0.4

Sean Page Sean.Page at epsb.ca
Wed Jun 16 18:19:33 GMT 2004


Greetings list.

I've been trolling the archives and google searches all morning and cannot
seem to come up with an answer to this, though I'm not the first to
experience the problem. I'm running samba on FreeBSD 5.2.1-p4, installed
from the ports collection.

When a user other than root attempts to change an smb password (either
through SWAT or with smbpasswd) I get the following error:
(These users were originally created using SWAT, do show up in the smbpasswd
file)


smbpasswd
Old SMB password:
New SMB password:
Retype new SMB password:
machine 127.0.0.1 rejected the password change: Error was : RAP86: The
specified password is invalid.
Failed to change password for testuser

>From the log.servername:

[2004/06/16 11:49:17, 0] rpc_server/srv_pipe.c:api_pipe_auth_process(1307)
  api_pipe_auth_process: NTLMSSP check failed.
[2004/06/16 11:49:17, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(586)
  process_request_pdu: failed to do auth processing.
[2004/06/16 11:49:17, 1] smbd/chgpasswd.c:check_oem_password(822)
  LM password change supplied for user testuser, but we have no LanMan
password to check it with


If I remove "lanman auth = No: from the smb.conf file I get this instead:

[2004/06/16 11:47:33, 0] rpc_server/srv_pipe.c:api_pipe_auth_process(1307)
  api_pipe_auth_process: NTLMSSP check failed.
[2004/06/16 11:47:33, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(586)
  process_request_pdu: failed to do auth processing.

On the client side, when attempting to change password using ctl-alt-delete
the user will see an error stating that they do not have permission to
change their password.
I've included my smb.conf file as an attachment, any pointers in the right
direction would be very greatly appreciated.

Thanks!
Sean.


 <<smb_conf.txt>> 
-------------- next part --------------
# Samba config file created using SWAT
# from 192.168.0.1 (192.168.0.1)
# Date: 2004/06/01 11:42:58

# Global parameters
[global]
	workgroup = DOMAIN
	server string = Samba %v on %L
	passdb backend = tdbsam
	passwd program = /usr/bin/passwd %u
	passwd chat = *New\sPassword:* %n\n *Retype\snew\spassword:* %n\n *passwd:\sdone*
	unix password sync = Yes
	lanman auth = No
	log file = /var/log/samba/log.%m
	max log size = 50
	min protocol = NT1
	add user script = /usr/sbin/pw useradd %u -d /home/%u -c "Samba User Account" -s /bin/bash -g staff
	delete user script = /usr/sbin/pw userdel %u
	add group script = /usr/sbin/pw groupadd %g
	delete group script = /usr/sbin/pw groupdel %g
	add machine script = /usr/sbin/pw useradd %u -d /dev/null -c "Samba Machine Account" -s /sbin/nologon -g machines
	logon script = logon.bat
	logon path = \\%L\Profiles\%U
	logon drive = H:
	domain logons = Yes
	os level = 65
	lm announce = No
	preferred master = Yes
	domain master = Yes
	dns proxy = No
	invalid users = bin, deamon, sys, man, toor, operator, tty, kmem, games, sshd, smmsp, mailnull, bind, uucp, xten, pop, www
	admin users = @wheel
	hide unreadable = Yes
	veto files = /.AppleDB/.AppleDouble/Network Trash Folder/*DS_Store/Temporary Items/TheVolumeSettingsFolder/.snap/.AppleDesktop/
	load printers = yes
	printing = cups
	printcap = cups

[homes]
	comment = Home Directories
	read only = No
	browseable = No

[netlogon]
	comment = Network Logon Service
	path = /usr/local/samba/netlogon
	guest ok = Yes
	share modes = No

[Profiles]
	path = /usr/local/samba/profiles
	read only = No
	create mask = 0700
	directory mask = 0700
	guest ok = Yes
	browseable = No

[printers]
	comment = All Printers
	path = /var/spool/samba
	printable = Yes
	browseable = yes
	public = yes
	printer admin = @wheel
	writable = no

[print$] 
	comment = Printer Drivers 
	path = /usr/local/samba/pdrivers
	browseable = yes 
	guest ok = no 
	read only = yes 
	write list = root 

[shared]
	comment = Shared access folder
	path = /usr/home/share
	read only = No
	create mask = 0777
	directory mask = 0777

[archive]
	comment = Archive is not backed up
	path = /usr/var/spool/archive
	read only = No
	create mask = 0777
	directory mask = 0777

[HPLaserjet5]
	comment = LaserJet 5simx
	path = /var/spool/samba
	printable = Yes
	public = yes
	printer admin = @wheel
	writable = no


More information about the samba mailing list