[Samba] Samba password change problem

Martin Lefebvre dadexter at gmail.com
Thu Sep 1 03:39:32 GMT 2005

Hey guys,

I need some help here...
I have a PDC built with samba 3.0.10 using MySQL for the passdb backend

Everything works fine until I try to get my Unix and Samba password sync'd 
For example if I run:

# smbpasswd -D 100 -U root -r cirion &> log

Without the unix password sync = yes enabled in the config file, the samba 
password is changed, and the resulting log file shows:

000018 samr_io_r_chgpasswd_user
    0018 status: NT_STATUS_OK

However, if I run the same command with unix password =yes enabled in the 
config, I get an error:

machine cirion rejected the password change: Error was : RAP86: The specified 
password is invalid.
Failed to modify password entry for user root

If I look deeper in the log file, I get:

000018 samr_io_r_chgpasswd_user
    0018 status: NT_STATUS_ACCESS_DENIED

Is there any kind of "allow user password change = yes" anywhere or any other 
option that could be causing that?

Just for the heck of it, I've also included my smb.conf


; /etc/samba/smb.conf
; Machine: Cirion

    workgroup = SIGTERM
    netbios name = Cirion
    server string = Domain Controller [Cirion]
    hosts allow = 192.168.100. 127.

    security = user
    encrypt passwords = yes
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    interfaces = lo eth0
    bind interfaces only = yes
    password level = 20

    ; MySQL
    passdb backend = mysql:mysql
    mysql:mysql host = localhost
    mysql:mysql password = d1g1n3x1
    mysql:mysql user = root
    mysql:mysql database = samba
    mysql:mysql port = 3306
    mysql:plaintest pass column = plaintextpass;

    ; password sync
    unix password sync = Yes
    passwd program = /usr/bin/passwd %u
    passwd chat = *New*UNIX*password* %n\n *new*UNIX*password* %n\n *Password*
    passwd chat debug = yes

    ; Automatically add trust accounts (doesn't work, so it's commented out
    ; add user script = /usr/sbin/useradd -m -d /home/%u -s /bin/bash -g users 

    local master = yes
    os level = 65
    domain master = yes
    preferred master = yes
    null passwords = no
    hide unreadable = yes
    hide dot files = yes

    domain logons = yes
    logon script = login.bat
    logon path = \\%L\profiles\%U
    logon drive = H:
    logon home = \\%L\%U\.9xprofile
    wins support = yes
    name resolve order = wins lmhosts hosts bcast
    dns proxy = no
    time server = yes
    log file = /var/log/samba/log.%m
    max log size = 50
    ;smb passwd file = /etc/samba/private/smbpasswd

    log level = 100

    path = /var/lib/samba/netlogon
    public = no
    writeable = no
    browseable = no

    path = /var/lib/samba/profiles
    browseable = no
    writeable = yes
    default case = lower
    preserve case = no
    short preserve case = no
    case sensitive = no
    hide files = /desktop.ini/ntuser.ini/NTUSER.*/
    write list = @users @root
    create mode = 0600
    directory mode = 0770
    nt acl support = Yes

    comment = Home Directories
    browseable = no
    read only = no
    create mode = 0750
    path = /home/%U
    valid users = %S
    guest ok = no

    comment = Windows Stuff
    path = /usr/local/site/windows
    public = yes
    writeable = no
    browseable = yes
    write list = @users

Martin Lefebvre
Unix Integration Consultant

SIGTerm Technologies
eMail: dadexter at gmail.com

More information about the samba mailing list