Fwd: [Samba] Changing LDAP password from Windows XP

Sat Mar 3 17:21:42 GMT 2007

Andy Colvin wrote:
> I get a different error if I add "unix password sync = yes"  This time it
> gives me the error "you do not have permission to change your password"
>   
what about ACLs in your LDAP config file regarding userPassword? Do you 
have such? For me this kind of error (message) can point to LDAP acls. 
What does your LDAP log file say - any errors?

Marcin

> Everything that I've seen related to this error says to upgrade to 3.0.4,
> but I'm running 3.0.24.
>
> Any ideas?
>
> Thanks,
>
> Andy
>
>
> -----Original Message-----
> From: Marcin Giedz [mailto:giedz at arise.pl]
> Sent: Saturday, March 03, 2007 10:46 AM
> To: Andy Colvin
> Cc: samba at lists.samba.org
> Subject: Re: Fwd: [Samba] Changing LDAP password from Windows XP
>
> Daniel Müller wrote:
>
> Hi
>
> your smb.conf file seems to be OK, however to be able to sync
> sambapasswords with userPassword try to add
>
> unix password sync = yes
>
> to your smb.conf
>
> Regards,
> Marcin
>
>
>
>
>   
>> Hello,
>>
>> remove the line 'passwd program = /usr/sbin/smbldap-passwd %u'
>> for testing.
>> On my Suse 10.1 I do not need this and m y users can change their
>>     
> passwords.
>   
>> greetings
>> daniel
>>
>>
>>
>>
>>
>>
>> -------- Original-Nachricht --------
>> Datum: Fri, 2 Mar 2007 11:55:06 -0600 (CST)
>> Von: "Andy Colvin" <acolvin at enkitec.com>
>> An: samba at lists.samba.org
>> CC:
>> Betreff: [Samba] Changing LDAP password from Windows XP
>>
>> I've got a very simple setup with Samba 3.0.24 running on Fedora Core 6,
>> talking to Fedora Directory Server 1.0.4.  I've got everything set up so
>> that I can add computers to the domain, add users using the smbldap-
>> tools, and have users logging in.  When a user tries to change their
>> password from within Windows (ctrl-alt-del) they get the error
>>
>>   "the user name or old password is incorrect.  letters in passwords
>>     
> must
>   
>> be typed using the correct case."
>>
>> The strange thing is that the samba passwords (sambalmpassword,
>> sambantpassword) are changed in the LDAP server, but the general account
>> password (userpassword) is not changed.  I looked everywhere I could,
>>     
> and
>   
>> couldn't find anything to cause this.  I can set passwords just fine
>>     
> using
>   
>> smbldap-passwd and it will set all passwords.
>>
>> Here is a copy of my smb.conf:
>>
>> [global]
>> workgroup = MAIL
>> netbios name = YOURMOM
>> security = user
>> passdb backend = ldapsam:ldap://mail.yourmom.net
>> ldap admin dn = cn=Directory Manager
>> ldap suffix = dc=yourmom,dc=net
>> ldap user suffix = ou=People
>> ldap idmap suffix = ou=People
>> ldap machine suffix = ou=Computers
>> ldap group suffix = ou=Groups
>> ldap passwd sync = yes
>> ldap delete dn = no
>> obey pam restrictions = no
>> encrypt passwords = yes
>> passwd program = /usr/sbin/smbldap-passwd %u
>> add machine script = /usr/sbin/smbldap-useradd -w "%u"
>> log file = /var/log/samba/log.%m
>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>> os level = 255
>> domain logons = yes
>> domain master = yes
>> local master = yes
>> preferred master = yes
>> wins support = yes
>> template shell = /bin/false
>> winbind use default domain = no
>> logon path =
>> logon home =
>>
>> [netlogon]
>>    comment = Network Logon Service
>>    path = /var/lib/samba/netlogon
>>    read only = yes
>>    browseable = no
>>
>> [homes]
>>    comment = Home Directories
>>    browseable = no
>>    read only = no
>>    guest ok = no
>>    create mode = 0664
>>    directory mode = 0775
>>
>>
>>
>> Thanks,
>>
>>
>>
>> Andy Colvin
>>
>>
>>     
>
>
>