[Samba] unix password sync not working: "Error was : RAP86: The specified password is invalid"

roudoud0u at free.fr roudoud0u at free.fr
Sun Nov 5 20:49:47 GMT 2006 

Hi,
we've have a NT domain with samba 3.0.7 on FreeBSD 5.3 and windows XP clients. 
We use NIS as the Unix backend for user authentication. The User home dir are 
setup on a other serveur and  shared via NFS. 
Everything used to work fine but since few days the users are unable to change 
their password either via windows dialog box (the get the usual message "You 
don't have the permissions to change your password") or via smbpasswd after 
login onto the Samba PDC server where they get this error message "machine 
127.0.0.1 rejected the password change: Error was : RAP86: The specified 
password is invalid.
Failed to change password for <user>"

I don't know if this is related, but when trying to change the password, samba 
logs shows that among others debug message  "[2006/11/05 22:50:02, 3] 
smbd/chgpasswd.c:chat_with_program(347)
[2006/11/05 22:50:02, 3] smbd/chgpasswd.c:chat_with_program(347)
[2006/11/05 22:50:02, 3] smbd/chgpasswd.c:chat_with_program(347)
  chat_with_program: Cannot Allocate pty for password change: util
  chat_with_program: Cannot Allocate pty for password change: util
  chat_with_program: Cannot Allocate pty for password change: util
"

Setting "Unix password sync = No"  permits to workaround the problem but it 
would be great if we could use the unix password sync functionnality again. 
I've also noticed than root is able to change the password of any user using 
smbclient. 

As far as i can remember, the only configuration change i've made is to change 
the unix uid of some NIS user and to migrate the server where are kept user 
home dir to a new one.


Here is our minimalistic smb.conf. 
================================================
smb.conf (result of `testparm -s`)
================================================
# Global parameters
[global]
        workgroup = <domaine>
        passdb backend = tdbsam
        passwd program = /usr/bin/yppasswd %u
        passwd chat = *\n*ew\spassword* %n\n *ew\spassword* %n\n *Changed*\n
        password level = 6
        unix password sync = Yes
        log file = /var/log/samba/log.%m
        logon drive = Z:
        domain logons = Yes
        domain master = Yes
        ldap ssl = no

[homes]
        comment =User Home dir
        path = %H
        read only = No

[hp-color]
        comment = HP printer
        path = /tmp
        guest ok = Yes
        printable = Yes
        printer name = hp-color

[netlogon]
        path = /var/samba/netlogon
        guest ok = Yes
        browseable = No
==============================================
Thanks.

More information about the samba mailing list