[Samba] Samba3 + LDAP - w2k says it couldn't change password
(but it did)
Tomasz Chmielewski
mangoo at interia.pl
Tue Nov 2 14:47:56 GMT 2004
mangoo at interia.pl wrote:
> [2004/11/02 15:24:20, 0] libsmb/smbencrypt.c:decode_pw_buffer(519)
> decode_pw_buffer: incorrect password length (-954408756).
> [2004/11/02 15:24:20, 0] libsmb/smbencrypt.c:decode_pw_buffer(520)
> decode_pw_buffer: check that 'encrypt passwords = yes'
I thought maybe it has something to do with "passwd sync program", as
thee output it gives is different as in examples hanging around (in
examples it is like below:
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*
In my case (I use smbldap-tools 0.85) it's like that:
# /usr/local/sbin/smbpasswd
Changing password for bella
New password :
Retype new password :
#
So I changed this line to:
passwd chat = *Changing*password*for*'%u'*\n *New*password* %n\n
*Retype*new*password* %n\n*
And now it says I don't have necessary permissions to change the password.
Any clue?
Below my smb.conf (passwd chat is like above though, I tried other
possibilities too):
[global]
unix charset = LOCALE
workgroup = MAGISTA
netbios name = SERVER
interfaces = eth0, lo
bind interfaces only = Yes
passdb backend = ldapsam:ldap://127.0.0.1
#ldap filter = (uid=%u)
username map = /etc/samba/smbusers
log level = 9
syslog = 0
log file = /var/log/samba/log.%m
max log size = 50
smb ports = 139 445
name resolve order = wins bcast hosts
time server = Yes
#printcap name = CUPS
#show add printer wizard = No
encrypt passwords = yes
add user script = /usr/local/sbin/smbldap-useradd -a -m '%u'
delete user script = /usr/local/sbin/smbldap-userdel '%u'
add group script = /usr/local/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/local/sbin/smbldap-groupdel '%g'
add user to group script = /usr/local/sbin/smbldap-groupmod -m '%u' '%g'
delete user from group script = /usr/local/sbin/smbldap-groupmod -x '%u'
'%g'
set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u'
# must be %m, contrary to what HOWTOs say (they say %u)
add machine script = /usr/local/sbin/smbldap-useradd -w '%m'
;password sync
passwd program = /usr/local/sbin/smbldap-passwd %u
# passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
unix password sync = Yes
logon script = scripts\logon.bat
logon path = \\%L\profiles\%U
logon drive = U:
domain logons = Yes
preferred master = Yes
wins support = Yes
ldap suffix = dc=magista,dc=de
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=replica,dc=magista,dc=de
ldap replication sleep = 5000
idmap backend = ldap:ldap://127.0.0.1
idmap uid = 1000-20000
idmap gid = 500-20000
map acl inherit = Yes
#printing = cups
#printer admin = Administrator, chrisr
[Shared]
path = /home/samba/shared
comment = Shared folder
browseable = yes
writeable = yes
create mask = 1666
directory mask = 1777
[profiles]
path = /home/samba/profiles
writeable = yes
browseable = no
create mask = 0600
directory mask = 0700
[netlogon]
comment = Network Logon Service
path = /home/netlogon
read only = yes
browseable = no
write list = tom
[unattended]
comment = Installation Sources
path = /home/unattended
read only = yes
browseable = no
valid users = unattended
More information about the samba
mailing list