[Samba] Re: RAP86 error with unix password sync = yes

Dan iskatel at msn.com
Tue Jan 2 20:53:45 GMT 2007


Just so this gets stored to the list for all those who may encounter this in 
the future:

I finally found the answer: pam password change = yes must be set.  This 
fixed the problem completely in my environment.

Dan

"Dan" <iskatel at msn.com> wrote in message news:emvb4t$c7b$1 at sea.gmane.org...
> Hello all,
>
> I  am running 3.0.22 on Ubuntu 6.0.6 LTS and cannot get user passwords to 
> change while unix password sync = yes.  Setting it to no works, but I need 
> it on.  At the user workstation (Win XP) I receive "You don't have the 
> permissions to change your password" and logged in on the server as the 
> user I receive
> "machine 127.0.0.1 rejected the password change: Error was : RAP86: The 
> specified password is invalid.
> Failed to change password for <user>"
>
> I have searched the archives and googled the web.  I have played with my 
> passwd program and passwd chat to no avail.  I set passwd chat debug = 
> yes, log level = 100 and studied the log, but couldn't see anything that 
> helped me.  Using SWAT I reset everything in the security options section 
> to default except unix password sync = yes, passwd chat, passwd program, 
> and passdb backend = tdbsam.  I did find that in Feb 2004 John Terpstra 
> had someone file a bug report for a similar problem, also on a debian 
> system.  I hope that I am overlooking something simple here and we can get 
> this working.  Please respond with any ideas you may have.
>
> My current smb.conf is below.
>
> [global]
> workgroup = DOMAIN
> netbios name = PDC
> server string = Samba PDC
> passdb backend = tdbsam
> enable privileges = Yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\sUnix\spassword:* %n\n 
> *Retype\snew\sUnix\spassword:* %n\n *password\supdated\ssuccessfully .
> unix password sync = Yes
> restrict anonymous = 1
> lanman auth = No
> log level = 1
> log file = /usr/local/samba/var/log.%m
> max log size = 500
> min protocol = NT1
> name resolve order = lmhosts host wins
> add user to group script = /usr/sbin/adduser %u %g
> add machine script = /usr/sbin/useradd -g machines -d /var/lib/nobody -s 
> /bin/false %u
> logon path = \\%N\profiles\%U
> logon drive = H:
> logon home =
> domain logons = Yes
> os level = 65
> preferred master = Yes
> domain master = Yes
> dns proxy = No
> ldap ssl = no
> remote announce = *edited out*
> template shell = /bin/bash
> invalid users = *edited out*
> admin users = *edited out*
> acl group control = Yes
> hosts allow = *edited out*
>
> [netlogon]
> path = /var/lib/samba/netlogon
> guest ok = Yes
> browseable = No
>
> [profiles]
> path = /var/lib/samba/profiles
> read only = No
> create mask = 0600
> directory mask = 0700
> browseable = No
>
>
>
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 





More information about the samba mailing list