[Samba] changing passwords from Windows XP Pro workstations

Pitti, Raul rdpitti at globaltecsa.com
Thu Mar 30 17:44:07 GMT 2006

Gary Dale wrote:

> Craig White wrote:
>> I'm keeping this on list.
>> On Thu, 2006-03-30 at 08:52 -0500, Gary Dale wrote:
>>> Craig White wrote:
>>>> ----
>>>> if I was going to guess...I think your problems are...
>>>> http://samba.org/samba/docs/man/Samba3-ByExample/small.html#id2525330
>>>> see items #3 through #7
>>>> you don't have a passwd chat script as I recall. That's probably
>>>> important.
>>>> your setup should track this setup as I see it.
>>>> http://samba.org/samba/docs/man/Samba3-ByExample/secure.html
>>>> since you have no interest in advancing your skills, count me out next
>>>> time unless you learn to ask simple questions. The simple truth is, if
>>>> you want know little, point and click Windows network administration,
>>>> you are probably better off using a Microsoft Windows server.
>>>> My interest is in helping people that actually are interested in
>>>> learning something, yes gasp, those that actually do want to become
>>>> expert. Lastly, I would heavily suggest you forget about LDAP until 
>>>> your
>>>> attitude changes because it is hostile to administrators that don't 
>>>> want
>>>> to become knowledgdable.
>>>> Craig
>>> Thanks Craig. I think you'll see a problem here. You suggest that 
>>> the issue may be a lack of a passwd chat script, while two others 
>>> suggest I remove the passwd chat script - which is almost identical 
>>> to the one in the second URL you just gave.
>>> The issue isn't about whether people want to learn. It's about how 
>>> much they have to learn to get things to work. If something takes 
>>> too much effort, in the real world it doesn't get done. There is 
>>> nothing inherently complicated about managing a directory service. 
>>> Look at the simple Linux tools for user  or printer administration 
>>> for proof. I see no virtue in making Samba-LDAP configuration a 
>>> black art. A basic setup should be easy to achieve. In fact, from 
>>> what I have been reading, LDAP should be the standard Samba backend. 
>>> That won't happen if people have to spend a week or more learning 
>>> how to use it.
>> ----
>> You completely do not get it.
>> Samba is infinitely configurable.
>> Windows - at the moment of setup you have to choose the role for a
>> server, whether a domain controller or a member server. The workstation
>> is sold separately.
>> Samba provides all of those roles including a Windows 95/98 server too.
>> There is no way that anyone can solve your problem with any certainty
>> without suitable logs, an inspection of your tdbsam and your /etc/passwd
>> files AND the smb.conf, the whole of which you dumped on us last night
>> and undoubtedly have changed many times since. Proper mail list
>> etiquette and a commitment to demonstrating that you are actually
>> focused on the problem would dictate that you limit those items to only
>> the minimum necessary logs, smb.conf, etc.
>> Your information is incomplete and as I stated last night, I am not
>> going to speculate any further on your problems. In fact, your reply has
>> made me sorry that I even speculated on the solution to your problem.
>> As for my 'seeing' the problem - that being in your mind - different
>> suggestions to solve your problem - that is absolutely absurd.
>> ***The problem*** is you don't know how to provide the information with
>> which someone can tell you what the definitive solution would be.
>> As for your suggestion that Samba-LDAP a black art...Samba is Samba and
>> LDAP is LDAP - you understand neither package so expecting them to work
>> for you is a rather pointless endeavor. Knowledge is power and you
>> appear to be lacking both. Yet you expect them to work for you even
>> though you don't understand them nor wish to understand them - I wish
>> you luck.
>> Let me be blunt - you are a help vampire. Please don't email me any more
>> until you change your ways.
>> Craig
> Under your rules, it is up to the patient to figure out what tests 
> need to be performed before visiting the doctor. :)
> I have always regarded the help process as a dialogue - maybe that 
> comes from my having worked in systems support at one time, or maybe 
> it comes from my being a systems consultant (both inhouse and contract 
> at various times) - but I have never expected the customer to tell me 
> what is wrong in a manner that I can immediately say "here's what you 
> have to do".
> In my experience, the customer/patient comes to the experts with a 
> problem. The experts dig around to determine what the issue really is, 
> including asking for specific tests or more information. Then they 
> make a diagnosis and prescribe a treatment/solution.
> Insulting the patient/customer is usually not a good way to go about 
> things. I've been working with PCs since 1978 and with Linux since 
> 1998. I put a lot of effort into learning about making things work. 
> And according the the Mensa test, I'm not stupid. :) But I'm also not 
> someone who has a narrowly defined role. My customers expect me to be 
> broadly knowledgeable on just about every topic associated with 
> computers. Even if I became an LDAP guru, I'd be unlikely to maintain 
> that level of expertice for long. That is a fact of life in the real 
> world.
> Responding to your particular criticism about what I did post: You 
> have demonstrated on several occaisions that you haven't read or 
> understood my posts. You have said that you weren't sure what setup I 
> was using LDAP or tdbsam) when my post stated I was using tdbsam. You 
> said I didn't have a passwd change dialogue, when the smb.conf I 
> posted did. And you said that I posted the entire smb.conf when I 
> clearly indicated that I had trimmed unnecessary parts from it.
> I note however that this exchange has generated some helpful tips on 
> resolving the problem. This is in sharp contrast to my earlier posts 
> on the topic last September, and my recent posts on problems with 
> LDAP, both of which were largely ignored (except for an exchange with 
> Jeremy Allison which didn't resolve the problem). My "style" of 
> posting this time seems to have achieved results, so if you object to 
> it, perhaps you should look at your "style" of figuring out who to 
> respond to. :) If I'd had this level of response last year, or even in 
> my LDAP posts, things would have been a lot simpler for me.
> BTW: Windows, the last time I looked (which was W2K), allows you to 
> change server roles. You can add or remove domain control 
> functionality easily. And I recall using a third-party tool to promote 
> and demote NT domain controllers before W2K (actually, it was helpful 
> in moving the organization from NT to W2K and in restructuring the 
> domain setup).
> I'm not going to defend Windows, but I'm also not going to resort to 
> hyperbole about Linux being "infinitely configurable". There are only 
> a small number of reasonable backends for Samba. They are tdbsam, LDAP 
> and MySQL. Clear, straightforward configuration of each is not 
> unachievable. It's only one more backend than Windows domains have (NT 
> and ADS).
> Anyway Craig, thanks for your input. You've been quite helpful.

Raúl D. Pittí Palma
Global Engineering and Technologies
mobile (507)-6616-0194
office (507)-264-2362
Republic of Panama

More information about the samba mailing list