[Samba] changing passwords from Windows XP Pro workstations

Gary Dale garydale at torfree.net
Wed Mar 29 22:36:52 GMT 2006

Back to square 1!  I stripped out my unsuccessful attempts to get Samba 
working with LDAP on my Debian Sarge server and am back with a tdbsam 
backend. I actually tried to purge as much of the old Samba & LDAP as I 
could then reinstalled fresh. This included removing the Windows groups 
and users and even the old tdbsam data.

Unfortunately, I'm back where I started - users can't change their own 
passwords using the Windows password change dialogue. Their system will 
go away for a very long time (more than 15 minutes) then silently fail 
to change the password.

For those not familiar with Debian Sarge, it uses Samba 3.0.14a (Debian) 
on a 2.6.8 kernel. This should mean that this is NOT the old Windows 
security patch issue.

I've attached my smb.conf (minus the shares definitions) if that helps.

Also, for what it's worth, the user accounts are all in Domain Users and 
users. All but mine use /bin/false as the login shell (but none of us 
can change passwords). My account is also in Domain Admins - and I can 
add machine accounts with it.

Any ideas anyone?
-------------- next part --------------
# Samba config file created using SWAT
# from (
# Date: 2006/03/28 22:32:02

# Global parameters
	workgroup = RAHIM-DALE
	server string = %h PDC (Samba %v)
	passdb backend = tdbsam, guest
	passwd program = /usr/bin/passwd %u
	passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
	unix password sync = Yes
	log level = 0
	syslog = 0
	log file = /var/log/samba/log.%m
	max log size = 1000
	printcap name = cups
	add user script = /usr/sbin/useradd -g samba -c %u
	delete user script = /usr/sbin/userdel -r %u
	add group script = /usr/sbin/groupadd
	delete group script = /usr/sbin/groupdel %g
	add user to group script = /usr/sbin/usermod -G `/usr/bin/id -G %g %u
	add machine script = /usr/sbin/useradd -g machines -c Machine -d /dev/null -s /bin/false %u
	logon script = scripts\logon.bat
	logon path = \\%L\Profiles\%U
	logon drive = M:
	logon home = \\%L\%U
	domain logons = Yes
	os level = 35
	preferred master = Yes
	domain master = Yes
	wins support = no
	ldap ssl = no
	panic action = /usr/share/samba/panic-action %d
	idmap uid = 10000-20000
	idmap gid = 10000-20000
	invalid users = root
	admin users = garydale, root

	hosts allow = 192.168.2. 127.
	printing = cups
	print command = 
	lpq command = %p
	lprm command = 

	comment = Logon Server Share
	path = /home/samba/netlogon
	read only = No

	path = /home/samba/profiles
	read only = No
	profile acls = Yes

	comment = All Printers
	path = /var/spool/samba
	printer admin = root, garydale
	create mask = 0600
	guest ok = Yes
	printable = Yes
	browseable = No

	comment = Printer Drivers
	path = /var/lib/samba/printers
	printer admin = root, garydale

More information about the samba mailing list