[Samba] Windows client does not recognize password change...

Jason Shaw jason.shaw at amiwest.com
Wed Oct 4 21:12:16 GMT 2006 

Hello!


SuSE Linux 10.0
Samba 3.0.20b
OpenLDAP backend
IDEALX scripts v0.9.2
Windows XP SP2 client

Everything seems to be working except when changing your password from 
the Windows client (CTRL-ALT-DEL and "Change password"). When I try to 
change the password I get the following error message.

"The User name or old password is incorrect. Letters in passwords must 
be typed using the correct case."

But the kicker is that the PDC *did* change both Linux and Windows 
passwords; the client machine is saying there's an error when the 
password was changed.

According to the log file for the machine, it looks like it may have 
failed because it couldn't find the "sambaPwdMustChange" attribute. But 
using a LDAP browser, I see that the "sambaPwdMustChange" is there.

Any suggestions on how to fix this or what the problem may be?


Thank you!

Jason


[2006/10/04 13:13:00, 5] 
passdb/secrets.c:secrets_fetch_trusted_domain_password(325)
   secrets_fetch failed!
[2006/10/04 13:13:11, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
   init_sam_from_ldap: Entry found for user: jason
[2006/10/04 13:13:11, 7] passdb/login_cache.c:login_cache_read(83)
   Looking up login cache for user jason
[2006/10/04 13:13:11, 7] passdb/login_cache.c:login_cache_read(97)
   No cache entry found
[2006/10/04 13:13:11, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
   init_sam_from_ldap: Entry found for user: jason
[2006/10/04 13:13:11, 7] passdb/login_cache.c:login_cache_read(83)
   Looking up login cache for user jason
[2006/10/04 13:13:11, 7] passdb/login_cache.c:login_cache_read(97)
   No cache entry found
[2006/10/04 13:13:12, 4] passdb/pdb_ldap.c:ldapsam_update_sam_account(1714)
   ldapsam_update_sam_account: user jason to be modified has dn: 
uid=jason,ou=People,dc=amiwest,dc=com
[2006/10/04 13:13:12, 2] passdb/pdb_ldap.c:init_ldap_from_sam(926)
   init_ldap_from_sam: Setting entry for user: jason
[2006/10/04 13:13:12, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1516)
   ldapsam_modify_entry: Failed to modify user dn= 
uid=jason,ou=People,dc=amiwest,dc=com with: No such attribute
         modify/delete: sambaPwdMustChange: no such value
[2006/10/04 13:13:12, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1741)
   ldapsam_update_sam_account: failed to modify user with uid = jason, 
error: modify/delete: sambaPwdMustChange: no such value (Success)
[2006/10/04 13:13:12, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
   init_sam_from_ldap: Entry found for user: jason
[2006/10/04 13:13:12, 7] passdb/login_cache.c:login_cache_read(83)
   Looking up login cache for user jason
[2006/10/04 13:13:12, 7] passdb/login_cache.c:login_cache_read(97)
   No cache entry found
[2006/10/04 13:13:12, 0] libsmb/smbencrypt.c:decode_pw_buffer(540)
   decode_pw_buffer: incorrect password length (190012133).
[2006/10/04 13:13:12, 0] libsmb/smbencrypt.c:decode_pw_buffer(541)
   decode_pw_buffer: check that 'encrypt passwords = yes'


dn: uid=jason,ou=People,dc=amiwest,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
objectClass: sambaSamAccount
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
displayName: Jason Shaw
sambaPasswordHistory: 
00000000000000000000000000000000000000000000000000000000
  00000000
sambaPwdCanChange: 2
sambaAcctFlags: [UX]
sambaPwdLastSet: 1159992792
sambaPwdMustChange: 1163880792
modifiersName: cn=Manager,dc=amiwest,dc=com
modifyTimestamp: 20061004201312Z
(some stuff cut)


/etc/openldap/slapd.conf:
access to 
attr=userPassword,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaPwdMustChange
         by self write
         by * auth


/etc/samba/smb.conf:
[global]
         enable privileges = Yes
         username map = /etc/samba/smbusers
         unix password sync = Yes
         passwd program = /opt/IDEALX/sbin/smbldap-passwd %u
         passwd chat = *New*password* %n\n *Retype*new*password* %n\n
         passwd chat debug = Yes
         encrypt passwords = Yes
         log level = 1 passdb:7
         ldap passwd sync = Yes

More information about the samba mailing list