[Samba] changing passwords from Windows XP Pro workstations
Gary Dale
garydale at torfree.net
Wed Mar 29 22:36:52 GMT 2006
Back to square 1! I stripped out my unsuccessful attempts to get Samba
working with LDAP on my Debian Sarge server and am back with a tdbsam
backend. I actually tried to purge as much of the old Samba & LDAP as I
could then reinstalled fresh. This included removing the Windows groups
and users and even the old tdbsam data.
Unfortunately, I'm back where I started - users can't change their own
passwords using the Windows password change dialogue. Their system will
go away for a very long time (more than 15 minutes) then silently fail
to change the password.
For those not familiar with Debian Sarge, it uses Samba 3.0.14a (Debian)
on a 2.6.8 kernel. This should mean that this is NOT the old Windows
security patch issue.
I've attached my smb.conf (minus the shares definitions) if that helps.
Also, for what it's worth, the user accounts are all in Domain Users and
users. All but mine use /bin/false as the login shell (but none of us
can change passwords). My account is also in Domain Admins - and I can
add machine accounts with it.
Any ideas anyone?
-------------- next part --------------
# Samba config file created using SWAT
# from 127.0.0.1 (127.0.0.1)
# Date: 2006/03/28 22:32:02
# Global parameters
[global]
workgroup = RAHIM-DALE
server string = %h PDC (Samba %v)
passdb backend = tdbsam, guest
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
unix password sync = Yes
log level = 0
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
printcap name = cups
add user script = /usr/sbin/useradd -g samba -c %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/usermod -G `/usr/bin/id -G %g %u
add machine script = /usr/sbin/useradd -g machines -c Machine -d /dev/null -s /bin/false %u
logon script = scripts\logon.bat
logon path = \\%L\Profiles\%U
logon drive = M:
logon home = \\%L\%U
domain logons = Yes
os level = 35
preferred master = Yes
domain master = Yes
wins support = no
ldap ssl = no
panic action = /usr/share/samba/panic-action %d
idmap uid = 10000-20000
idmap gid = 10000-20000
invalid users = root
admin users = garydale, root
hosts allow = 192.168.2. 127.
printing = cups
print command =
lpq command = %p
lprm command =
[netlogon]
comment = Logon Server Share
path = /home/samba/netlogon
read only = No
[profiles]
path = /home/samba/profiles
read only = No
profile acls = Yes
[printers]
comment = All Printers
path = /var/spool/samba
printer admin = root, garydale
create mask = 0600
guest ok = Yes
printable = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
printer admin = root, garydale
More information about the samba
mailing list