[Samba] NT4 user can't change password during logon (but XP can)

Roel Slegers deroel at gmail.com
Tue May 9 09:07:33 GMT 2006

When a password must be changed during logon (pdbedit <user>
--pwd-must-change-time=0) then this is impossible on NT4 SP6a
machines; we always get this error:

"Unable to change the password on this account (C00000BE). Please
consult your system administrator.".

At that time we get these messages in log.smbd:
<<<< log.smbd <<<<
[Tue May  9 10:46:17 2006
, 0] lib/debug.c:reopen_logs(597)
  Unable to open new log file /usr/local/samba/var/log.rsl2: Permission denied
[Tue May  9 10:46:17 2006
, 0] libsmb/ntlmssp_sign.c:ntlmssp_check_packet(217)
  NTLMSSP NTLM1 packet check failed due to invalid signature!
[Tue May  9 10:46:17 2006
, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(577)
  process_request_pdu: failed to do auth processing.
[Tue May  9 10:46:17 2006
, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(578)
  process_request_pdu: error was NT_STATUS_ACCESS_DENIED.
>>>> log.smbd >>>>

However, onced logged on to NT4, the password often can be changed
However in XP, the password can always be changed, even during logon.

Server = HP-UX 11.00 running Samba 3.0.21c PDC.
Backend = OpenLDAP but I also tried using tdbsam and the problem is the same.

More information about the samba mailing list