[Samba] Re: Windows client does not recognize password change...

Jason Shaw jason.shaw at amiwest.com
Fri Oct 6 22:37:39 GMT 2006 

Hello,


Does anyone have any suggestions on how I might troubleshoot this issue? 
I haven't heard any suggestions and I'd really like to solve this.

I've googled this and every email that has the same "No such attribute - 
modify/delete: sambaPwdMustChange" error message has no response to it.

So, if anyone has any suggestions, I'm all ears!


Thank you,

Jason

Jason Shaw wrote:
> Hello!
> 
> 
> SuSE Linux 10.0
> Samba 3.0.20b
> OpenLDAP backend
> IDEALX scripts v0.9.2
> Windows XP SP2 client
> 
> Everything seems to be working except when changing your password from 
> the Windows client (CTRL-ALT-DEL and "Change password"). When I try to 
> change the password I get the following error message.
> 
> "The User name or old password is incorrect. Letters in passwords must 
> be typed using the correct case."
> 
> But the kicker is that the PDC *did* change both Linux and Windows 
> passwords; the client machine is saying there's an error when the 
> password was changed.
> 
> According to the log file for the machine, it looks like it may have 
> failed because it couldn't find the "sambaPwdMustChange" attribute. But 
> using a LDAP browser, I see that the "sambaPwdMustChange" is there.
> 
> Any suggestions on how to fix this or what the problem may be?
> 
> 
> Thank you!
> 
> Jason
> 
> 
> [2006/10/04 13:13:00, 5] 
> passdb/secrets.c:secrets_fetch_trusted_domain_password(325)
>   secrets_fetch failed!
> [2006/10/04 13:13:11, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
>   init_sam_from_ldap: Entry found for user: jason
> [2006/10/04 13:13:11, 7] passdb/login_cache.c:login_cache_read(83)
>   Looking up login cache for user jason
> [2006/10/04 13:13:11, 7] passdb/login_cache.c:login_cache_read(97)
>   No cache entry found
> [2006/10/04 13:13:11, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
>   init_sam_from_ldap: Entry found for user: jason
> [2006/10/04 13:13:11, 7] passdb/login_cache.c:login_cache_read(83)
>   Looking up login cache for user jason
> [2006/10/04 13:13:11, 7] passdb/login_cache.c:login_cache_read(97)
>   No cache entry found
> [2006/10/04 13:13:12, 4] passdb/pdb_ldap.c:ldapsam_update_sam_account(1714)
>   ldapsam_update_sam_account: user jason to be modified has dn: 
> uid=jason,ou=People,dc=amiwest,dc=com
> [2006/10/04 13:13:12, 2] passdb/pdb_ldap.c:init_ldap_from_sam(926)
>   init_ldap_from_sam: Setting entry for user: jason
> [2006/10/04 13:13:12, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1516)
>   ldapsam_modify_entry: Failed to modify user dn= 
> uid=jason,ou=People,dc=amiwest,dc=com with: No such attribute
>         modify/delete: sambaPwdMustChange: no such value
> [2006/10/04 13:13:12, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1741)
>   ldapsam_update_sam_account: failed to modify user with uid = jason, 
> error: modify/delete: sambaPwdMustChange: no such value (Success)
> [2006/10/04 13:13:12, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
>   init_sam_from_ldap: Entry found for user: jason
> [2006/10/04 13:13:12, 7] passdb/login_cache.c:login_cache_read(83)
>   Looking up login cache for user jason
> [2006/10/04 13:13:12, 7] passdb/login_cache.c:login_cache_read(97)
>   No cache entry found
> [2006/10/04 13:13:12, 0] libsmb/smbencrypt.c:decode_pw_buffer(540)
>   decode_pw_buffer: incorrect password length (190012133).
> [2006/10/04 13:13:12, 0] libsmb/smbencrypt.c:decode_pw_buffer(541)
>   decode_pw_buffer: check that 'encrypt passwords = yes'
> 
> 
> dn: uid=jason,ou=People,dc=amiwest,dc=com
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: sambaSamAccount
> objectClass: sambaSamAccount
> sambaLogonTime: 0
> sambaLogoffTime: 2147483647
> sambaKickoffTime: 2147483647
> displayName: Jason Shaw
> sambaPasswordHistory: 
> 00000000000000000000000000000000000000000000000000000000
>  00000000
> sambaPwdCanChange: 2
> sambaAcctFlags: [UX]
> sambaPwdLastSet: 1159992792
> sambaPwdMustChange: 1163880792
> modifiersName: cn=Manager,dc=amiwest,dc=com
> modifyTimestamp: 20061004201312Z
> (some stuff cut)
> 
> 
> /etc/openldap/slapd.conf:
> access to 
> attr=userPassword,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaPwdMustChange 
> 
>         by self write
>         by * auth
> 
> 
> /etc/samba/smb.conf:
> [global]
>         enable privileges = Yes
>         username map = /etc/samba/smbusers
>         unix password sync = Yes
>         passwd program = /opt/IDEALX/sbin/smbldap-passwd %u
>         passwd chat = *New*password* %n\n *Retype*new*password* %n\n
>         passwd chat debug = Yes
>         encrypt passwords = Yes
>         log level = 1 passdb:7
>         ldap passwd sync = Yes

More information about the samba mailing list