[Samba] Re: Windows client does not recognize password change...
Jason Shaw
jason.shaw at amiwest.com
Fri Oct 6 22:37:39 GMT 2006
Hello,
Does anyone have any suggestions on how I might troubleshoot this issue?
I haven't heard any suggestions and I'd really like to solve this.
I've googled this and every email that has the same "No such attribute -
modify/delete: sambaPwdMustChange" error message has no response to it.
So, if anyone has any suggestions, I'm all ears!
Thank you,
Jason
Jason Shaw wrote:
> Hello!
>
>
> SuSE Linux 10.0
> Samba 3.0.20b
> OpenLDAP backend
> IDEALX scripts v0.9.2
> Windows XP SP2 client
>
> Everything seems to be working except when changing your password from
> the Windows client (CTRL-ALT-DEL and "Change password"). When I try to
> change the password I get the following error message.
>
> "The User name or old password is incorrect. Letters in passwords must
> be typed using the correct case."
>
> But the kicker is that the PDC *did* change both Linux and Windows
> passwords; the client machine is saying there's an error when the
> password was changed.
>
> According to the log file for the machine, it looks like it may have
> failed because it couldn't find the "sambaPwdMustChange" attribute. But
> using a LDAP browser, I see that the "sambaPwdMustChange" is there.
>
> Any suggestions on how to fix this or what the problem may be?
>
>
> Thank you!
>
> Jason
>
>
> [2006/10/04 13:13:00, 5]
> passdb/secrets.c:secrets_fetch_trusted_domain_password(325)
> secrets_fetch failed!
> [2006/10/04 13:13:11, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
> init_sam_from_ldap: Entry found for user: jason
> [2006/10/04 13:13:11, 7] passdb/login_cache.c:login_cache_read(83)
> Looking up login cache for user jason
> [2006/10/04 13:13:11, 7] passdb/login_cache.c:login_cache_read(97)
> No cache entry found
> [2006/10/04 13:13:11, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
> init_sam_from_ldap: Entry found for user: jason
> [2006/10/04 13:13:11, 7] passdb/login_cache.c:login_cache_read(83)
> Looking up login cache for user jason
> [2006/10/04 13:13:11, 7] passdb/login_cache.c:login_cache_read(97)
> No cache entry found
> [2006/10/04 13:13:12, 4] passdb/pdb_ldap.c:ldapsam_update_sam_account(1714)
> ldapsam_update_sam_account: user jason to be modified has dn:
> uid=jason,ou=People,dc=amiwest,dc=com
> [2006/10/04 13:13:12, 2] passdb/pdb_ldap.c:init_ldap_from_sam(926)
> init_ldap_from_sam: Setting entry for user: jason
> [2006/10/04 13:13:12, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1516)
> ldapsam_modify_entry: Failed to modify user dn=
> uid=jason,ou=People,dc=amiwest,dc=com with: No such attribute
> modify/delete: sambaPwdMustChange: no such value
> [2006/10/04 13:13:12, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1741)
> ldapsam_update_sam_account: failed to modify user with uid = jason,
> error: modify/delete: sambaPwdMustChange: no such value (Success)
> [2006/10/04 13:13:12, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499)
> init_sam_from_ldap: Entry found for user: jason
> [2006/10/04 13:13:12, 7] passdb/login_cache.c:login_cache_read(83)
> Looking up login cache for user jason
> [2006/10/04 13:13:12, 7] passdb/login_cache.c:login_cache_read(97)
> No cache entry found
> [2006/10/04 13:13:12, 0] libsmb/smbencrypt.c:decode_pw_buffer(540)
> decode_pw_buffer: incorrect password length (190012133).
> [2006/10/04 13:13:12, 0] libsmb/smbencrypt.c:decode_pw_buffer(541)
> decode_pw_buffer: check that 'encrypt passwords = yes'
>
>
> dn: uid=jason,ou=People,dc=amiwest,dc=com
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> objectClass: posixAccount
> objectClass: shadowAccount
> objectClass: sambaSamAccount
> objectClass: sambaSamAccount
> sambaLogonTime: 0
> sambaLogoffTime: 2147483647
> sambaKickoffTime: 2147483647
> displayName: Jason Shaw
> sambaPasswordHistory:
> 00000000000000000000000000000000000000000000000000000000
> 00000000
> sambaPwdCanChange: 2
> sambaAcctFlags: [UX]
> sambaPwdLastSet: 1159992792
> sambaPwdMustChange: 1163880792
> modifiersName: cn=Manager,dc=amiwest,dc=com
> modifyTimestamp: 20061004201312Z
> (some stuff cut)
>
>
> /etc/openldap/slapd.conf:
> access to
> attr=userPassword,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaPwdMustChange
>
> by self write
> by * auth
>
>
> /etc/samba/smb.conf:
> [global]
> enable privileges = Yes
> username map = /etc/samba/smbusers
> unix password sync = Yes
> passwd program = /opt/IDEALX/sbin/smbldap-passwd %u
> passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> passwd chat debug = Yes
> encrypt passwords = Yes
> log level = 1 passdb:7
> ldap passwd sync = Yes
More information about the samba
mailing list