[Samba] XP Pro password change problem

Gary Dale garydale at torfree.net
Tue Sep 20 17:56:27 GMT 2005 

I've set up NT domains from scratch and things work. However, in this 
case I vampired the old settings over to my new Samba PDC from a W2K 
server which I then removed from the network. Everything almost works, 
except ...

The main thing is that I can't seem to change the domain passwords from 
the XP Pro workstations. Normally you do Ctrl-Alt-Del and select change 
password, then fill in the blanks, hit enter and the password gets 
changed. However, when I try, I get a long wait - about 5 minutes - then 
"the system cannot change your password now because the domain 
RAHIM-DALE is unavailable" (where RAHIM-DALE is my domain name).

This happens on whatever XP Pro workstation I try. I've even tried 
removing a domain account and recreating it, but the same thing happens. 
If I change the passwords through SWAT, XP sees the new passwords and 
stops bugging me to change them.

I looked at the tdb entries using the pdbedit program and can't see 
anything wrong. The home directories get mapped properly. However, only 
my account, which is in the Domain Admins group, seems to be able to 
write to the shares!

Another oddity is that I can't seem to copy a file larger than 2G to the 
server.

Any ideas anyone?


BTW: the server is running plain vanilla Debian 3.1 (Sarge) with ReiserFS.

Here's a pdbedit -Lv of my account:

Unix username:        garydale
NT username:         
Account Flags:        [U          ]
User SID:             S-1-5-21-1715567821-789336058-854245398-3000
Primary Group SID:    S-1-5-21-1715567821-789336058-854245398-3001
Full Name:            Gary Dale
Home Directory:       \\semper\garydale
HomeDir Drive:        M:
Logon Script:         scripts\logon.bat
Profile Path:         \\semper\Profiles\garydale
Domain:               RAHIM-DALE
Account desc:        
Workstations:        
Munged dial:         
Logon time:           0
Logoff time:          Mon, 18 Jan 2038 22:14:07 GMT
Kickoff time:         Mon, 18 Jan 2038 22:14:07 GMT
Password last set:    Sun, 14 Aug 2005 22:44:09 GMT
Password can change:  Mon, 15 Aug 2005 22:44:09 GMT
Password must change: Mon, 26 Sep 2005 21:31:41 GMT
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF


Here's my smb.conf:

 Samba config file created using SWAT
# from 127.0.0.1 (127.0.0.1)
# Date: 2005/09/14 21:34:51

# Global parameters
[global]
    workgroup = RAHIM-DALE
    server string = %h PDC (Samba %v)
    passdb backend = tdbsam, guest
    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\sUNIX\spassword:* %n\n 
*Retype\snew\sUNIX\spassword:* %n\n .
    unix password sync = Yes
    syslog = 0
    log file = /var/log/samba/log.%m
    max log size = 1000
    printcap name = cups
    add user script = /usr/sbin/useradd -g samba -c %u
    delete user script = /usr/sbin/userdel -r %u
    add group script = /usr/sbin/groupadd
    delete group script = /usr/sbin/groupdel %g
    add user to group script = /usr/sbin/usermod -G `/usr/bin/id -G %g %u
    add machine script = /usr/sbin/useradd -g machines -c Machine -d 
/dev/null -s /bin/false %u
    logon script = scripts\logon.bat
    logon path = \\%L\Profiles\%U
    logon drive = M:
    logon home = \\%L\%U
    domain logons = Yes
    os level = 35
    preferred master = Yes
    domain master = Yes
    wins support = Yes
    ldap ssl = no
    panic action = /usr/share/samba/panic-action %d
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    invalid users = root
    admin users = garydale, root
    hosts allow = 192.168.2.
    printing = cups
    print command =
    lpq command = %p
    lprm command =

[netlogon]
    comment = Logon Server Share
    path = /home/samba/netlogon
    read only = No

[profiles]
    path = /home/samba/profiles
    read only = No
    profile acls = Yes

[printers]
    comment = All Printers
    path = /var/spool/samba
    printer admin = root, garydale
    create mask = 0600
    guest ok = Yes
    printable = Yes
    browseable = No

[print$]
    comment = Printer Drivers
    path = /var/lib/samba/printers
    printer admin = root, garydale

[archives]
    path = /home/shares/archives
    write list = +Users, +users
    read only = No
    create mask = 0770
    directory mask = 0770

[communications]
    path = /home/shares/communications
    read only = No
    create mask = 0770
    directory mask = 0770

[dosstuff]
    path = /home/shares/dosstuff
    read only = No
    create mask = 0770
    directory mask = 0770

[games]
    path = /home/shares/games
    read only = No
    create mask = 0770
    directory mask = 0770

[graphics]
    path = /home/shares/graphics
    read only = No
    create mask = 0770
    directory mask = 0770

[hardware]
    path = /home/shares/hardware
    read only = No
    create mask = 0770
    directory mask = 0770

[install]
    path = /home/shares/install
    read only = No
    create mask = 0770
    directory mask = 0770

[office]
    path = /home/shares/office
    read only = No
    create mask = 0770
    directory mask = 0770

[tools]
    path = /home/shares/tools
    read only = No
    create mask = 0770
    directory mask = 0770

[utility]
    path = /home/shares/utility
    read only = No
    create mask = 0770
    directory mask = 0770

[media$]
    path = /home/secure/media
    valid users = garydale
    read only = No
    create mask = 0770
    directory mask = 0770

[webpages$]
    path = /home/secure/webpages
    valid users = garydale
    read only = No
    create mask = 0770
    directory mask = 0770

[ML-1210]
    comment = Samsung ML-1210 laser printer
    path = /tmp
    printer admin = root, garydale
    read only = No
    create mask = 0600
    guest ok = Yes
    printable = Yes
    printer name = ML-1210
    oplocks = No
    share modes = No

More information about the samba mailing list