[Samba] RAP86 error with unix password sync = yes

ryan punt rpunt at good-sam.com
Wed Jan 3 14:29:33 GMT 2007

Check your "passwd chat" directive; I've seen the "don't have permission" error when the case of any of the letters is wrong.


>>> "Dan" <iskatel at msn.com> 12/27/2006 8:45:47 PM >>>
Hello all,

I  am running 3.0.22 on Ubuntu 6.0.6 LTS and cannot get user passwords to 
change while unix password sync = yes.  Setting it to no works, but I need 
it on.  At the user workstation (Win XP) I receive "You don't have the 
permissions to change your password" and logged in on the server as the user 
I receive
"machine rejected the password change: Error was : RAP86: The 
specified password is invalid.
Failed to change password for <user>"

I have searched the archives and googled the web.  I have played with my 
passwd program and passwd chat to no avail.  I set passwd chat debug = yes, 
log level = 100 and studied the log, but couldn't see anything that helped 
me.  Using SWAT I reset everything in the security options section to 
default except unix password sync = yes, passwd chat, passwd program, and 
passdb backend = tdbsam.  I did find that in Feb 2004 John Terpstra had 
someone file a bug report for a similar problem, also on a debian system.  I 
hope that I am overlooking something simple here and we can get this 
working.  Please respond with any ideas you may have.

My current smb.conf is below.

	workgroup = DOMAIN
	netbios name = PDC
	server string = Samba PDC
	passdb backend = tdbsam
	enable privileges = Yes
	passwd program = /usr/bin/passwd %u
	passwd chat = *Enter\snew\sUnix\spassword:* %n\n 
*Retype\snew\sUnix\spassword:* %n\n *password\supdated\ssuccessfully .
	unix password sync = Yes
	restrict anonymous = 1
	lanman auth = No
	log level = 1
	log file = /usr/local/samba/var/log.%m
	max log size = 500
	min protocol = NT1
	name resolve order = lmhosts host wins
	add user to group script = /usr/sbin/adduser %u %g
	add machine script = /usr/sbin/useradd -g machines -d /var/lib/nobody -s 
/bin/false %u
	logon path = \\%N\profiles\%U 
	logon drive = H:
	logon home =
	domain logons = Yes
	os level = 65
	preferred master = Yes
	domain master = Yes
	dns proxy = No
	ldap ssl = no
	remote announce = *edited out*
	template shell = /bin/bash
	invalid users = *edited out*
	admin users = *edited out*
	acl group control = Yes
	hosts allow = *edited out*

	path = /var/lib/samba/netlogon
	guest ok = Yes
	browseable = No

	path = /var/lib/samba/profiles
	read only = No
	create mask = 0600
	directory mask = 0700
	browseable = No

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba 

-------------- next part --------------

This email transmission and any documents, files or previous

email messages attached to it may contain information that is

confidential or legally privileged. If you are not the intended

recipient, you are hereby notified that any disclosure, copying,

printing, distributing or use of this transmission is strictly

prohibited. If you have received this transmission in error,

please immediately notify the sender by telephone or return

email and delete the original transmission and its attachments

without reading or saving in any manner.

The Evangelical Lutheran Good Samaritan Society.


More information about the samba mailing list