[Samba] XP Pro password change problem

Gary Dale garydale at torfree.net
Wed Sep 21 21:36:53 GMT 2005


Further to my e-mail below:

I just tried to change some share permissions from an XP Pro workstation 
by right-clicking on the share | properties | security. The security 
window shows me the existing permissions which seem correct. Because it 
takes a second to translate the SIDs into names, I can also see that the 
   SID is the same as reported below from pdbedit.

However, even though I have write access to the share (yes, I can write 
to it), the permissions all show empty (unchecked). Nor can I change 
them. I can change the boxes when I click "apply", they revert to the 
old values.

I note that when I click on the Add button then the advanced button I 
can get a full listing of the groups from Samba. Clearly my XP Pro 
workstation is talking to Samba, but I can't get it to change my 
password or recognize my "right" to change file permissions.

Surely someone must have a clue as to how I can track down the cause of 
this problem?


------------------------------------------------------------------

I've set up NT domains from scratch and things work. However, in this
case I vampired the old settings over to my new Samba PDC from a W2K
server which I then removed from the network. Everything almost works,
except ...

The main thing is that I can't seem to change the domain passwords from
the XP Pro workstations. Normally you do Ctrl-Alt-Del and select change
password, then fill in the blanks, hit enter and the password gets
changed. However, when I try, I get a long wait - about 5 minutes - then
"the system cannot change your password now because the domain
RAHIM-DALE is unavailable" (where RAHIM-DALE is my domain name).

This happens on whatever XP Pro workstation I try. I've even tried
removing a domain account and recreating it, but the same thing happens.
If I change the passwords through SWAT, XP sees the new passwords and
stops bugging me to change them.

I looked at the tdb entries using the pdbedit program and can't see
anything wrong. The home directories get mapped properly. However, only
my account, which is in the Domain Admins group, seems to be able to
write to the shares!

Another oddity is that I can't seem to copy a file larger than 2G to the
server.

Any ideas anyone?


BTW: the server is running plain vanilla Debian 3.1 (Sarge) with ReiserFS.

Here's a pdbedit -Lv of my account:

Unix username:        garydale
NT username:
Account Flags:        [U          ]
User SID:             S-1-5-21-1715567821-789336058-854245398-3000
Primary Group SID:    S-1-5-21-1715567821-789336058-854245398-3001
Full Name:            Gary Dale
Home Directory:       \\semper\garydale
HomeDir Drive:        M:
Logon Script:         scripts\logon.bat
Profile Path:         \\semper\Profiles\garydale
Domain:               RAHIM-DALE
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          Mon, 18 Jan 2038 22:14:07 GMT
Kickoff time:         Mon, 18 Jan 2038 22:14:07 GMT
Password last set:    Sun, 14 Aug 2005 22:44:09 GMT
Password can change:  Mon, 15 Aug 2005 22:44:09 GMT
Password must change: Mon, 26 Sep 2005 21:31:41 GMT
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF


Here's my smb.conf:

Samba config file created using SWAT
# from 127.0.0.1 (127.0.0.1)
# Date: 2005/09/14 21:34:51

# Global parameters
[global]
    workgroup = RAHIM-DALE
    server string = %h PDC (Samba %v)
    passdb backend = tdbsam, guest
    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
    unix password sync = Yes
    syslog = 0
    log file = /var/log/samba/log.%m
    max log size = 1000
    printcap name = cups
    add user script = /usr/sbin/useradd -g samba -c %u
    delete user script = /usr/sbin/userdel -r %u
    add group script = /usr/sbin/groupadd
    delete group script = /usr/sbin/groupdel %g
    add user to group script = /usr/sbin/usermod -G `/usr/bin/id -G %g %u
    add machine script = /usr/sbin/useradd -g machines -c Machine -d
/dev/null -s /bin/false %u
    logon script = scripts\logon.bat
    logon path = \\%L\Profiles\%U
    logon drive = M:
    logon home = \\%L\%U
    domain logons = Yes
    os level = 35
    preferred master = Yes
    domain master = Yes
    wins support = Yes
    ldap ssl = no
    panic action = /usr/share/samba/panic-action %d
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    invalid users = root
    admin users = garydale, root
    hosts allow = 192.168.2.
    printing = cups
    print command =
    lpq command = %p
    lprm command =

[netlogon]
    comment = Logon Server Share
    path = /home/samba/netlogon
    read only = No

[profiles]
    path = /home/samba/profiles
    read only = No
    profile acls = Yes

[printers]
    comment = All Printers
    path = /var/spool/samba
    printer admin = root, garydale
    create mask = 0600
    guest ok = Yes
    printable = Yes
    browseable = No

[print$]
    comment = Printer Drivers
    path = /var/lib/samba/printers
    printer admin = root, garydale

[archives]
    path = /home/shares/archives
    write list = +Users, +users
    read only = No
    create mask = 0770
    directory mask = 0770

[communications]
    path = /home/shares/communications
    read only = No
    create mask = 0770
    directory mask = 0770

[dosstuff]
    path = /home/shares/dosstuff
    read only = No
    create mask = 0770
    directory mask = 0770

[games]
    path = /home/shares/games
    read only = No
    create mask = 0770
    directory mask = 0770

[graphics]
    path = /home/shares/graphics
    read only = No
    create mask = 0770
    directory mask = 0770

[hardware]
    path = /home/shares/hardware
    read only = No
    create mask = 0770
    directory mask = 0770

[install]
    path = /home/shares/install
    read only = No
    create mask = 0770
    directory mask = 0770

[office]
    path = /home/shares/office
    read only = No
    create mask = 0770
    directory mask = 0770

[tools]
    path = /home/shares/tools
    read only = No
    create mask = 0770
    directory mask = 0770

[utility]
    path = /home/shares/utility
    read only = No
    create mask = 0770
    directory mask = 0770

[media$]
    path = /home/secure/media
    valid users = garydale
    read only = No
    create mask = 0770
    directory mask = 0770

[webpages$]
    path = /home/secure/webpages
    valid users = garydale
    read only = No
    create mask = 0770
    directory mask = 0770

[ML-1210]
    comment = Samsung ML-1210 laser printer
    path = /tmp
    printer admin = root, garydale
    read only = No
    create mask = 0600
    guest ok = Yes
    printable = Yes
    printer name = ML-1210
    oplocks = No
    share modes = No




More information about the samba mailing list