[Samba] RAP86 error with unix password sync = yes

Dan iskatel at msn.com
Thu Dec 28 02:45:47 GMT 2006 

Hello all,

I  am running 3.0.22 on Ubuntu 6.0.6 LTS and cannot get user passwords to 
change while unix password sync = yes.  Setting it to no works, but I need 
it on.  At the user workstation (Win XP) I receive "You don't have the 
permissions to change your password" and logged in on the server as the user 
I receive
"machine 127.0.0.1 rejected the password change: Error was : RAP86: The 
specified password is invalid.
Failed to change password for <user>"

I have searched the archives and googled the web.  I have played with my 
passwd program and passwd chat to no avail.  I set passwd chat debug = yes, 
log level = 100 and studied the log, but couldn't see anything that helped 
me.  Using SWAT I reset everything in the security options section to 
default except unix password sync = yes, passwd chat, passwd program, and 
passdb backend = tdbsam.  I did find that in Feb 2004 John Terpstra had 
someone file a bug report for a similar problem, also on a debian system.  I 
hope that I am overlooking something simple here and we can get this 
working.  Please respond with any ideas you may have.

My current smb.conf is below.

[global]
	workgroup = DOMAIN
	netbios name = PDC
	server string = Samba PDC
	passdb backend = tdbsam
	enable privileges = Yes
	passwd program = /usr/bin/passwd %u
	passwd chat = *Enter\snew\sUnix\spassword:* %n\n 
*Retype\snew\sUnix\spassword:* %n\n *password\supdated\ssuccessfully .
	unix password sync = Yes
	restrict anonymous = 1
	lanman auth = No
	log level = 1
	log file = /usr/local/samba/var/log.%m
	max log size = 500
	min protocol = NT1
	name resolve order = lmhosts host wins
	add user to group script = /usr/sbin/adduser %u %g
	add machine script = /usr/sbin/useradd -g machines -d /var/lib/nobody -s 
/bin/false %u
	logon path = \\%N\profiles\%U
	logon drive = H:
	logon home =
	domain logons = Yes
	os level = 65
	preferred master = Yes
	domain master = Yes
	dns proxy = No
	ldap ssl = no
	remote announce = *edited out*
	template shell = /bin/bash
	invalid users = *edited out*
	admin users = *edited out*
	acl group control = Yes
	hosts allow = *edited out*

[netlogon]
	path = /var/lib/samba/netlogon
	guest ok = Yes
	browseable = No

[profiles]
	path = /var/lib/samba/profiles
	read only = No
	create mask = 0600
	directory mask = 0700
	browseable = No

More information about the samba mailing list