Fwd: [Samba] Changing LDAP password from Windows XP

Matt Lung matt.lung at midwest-tool.com
Mon Mar 5 18:50:17 GMT 2007 

I've recently got this all up and working and in my testing had to 
reverse the parameters to make this work with FDS. 

I changed the following global parameters from:

unix password sync = no
ldap passwd sync = yes

to:

unix password sync = yes
ldap passwd sync = no

I was then able to change both passwords from 2K/XP w/o error status messages being returned after this change.  We recently had a PDC working with openldap where the former settings worked.  It's almost as if the two parameters were reversed in code somehow, but I doubt that is the case.  

Good Luck,

ML


Daniel Müller wrote:
> You are with ldap aren`t you.
> Then you are missing ldap passwd sync = yes.
> Is your goup mapping correct? Did you made an net rpc grant rights to
> the group DOMAIN ADMINS?
> ex:.
>
> net -S server -U root%passwordroot rpc rights grant 
>       'DOMAIN\Domain Admins' SeMachineAccountPrivilege
>
> -------- Original-Nachricht --------
> Datum: Sat, 3 Mar 2007 11:15:42 -0600 (CST)
> Von: "Andy Colvin" <acolvin at enkitec.com>
> An: samba at lists.samba.org
> CC: 
> Betreff: RE: Fwd: [Samba] Changing LDAP password from Windows XP
>
>   
>> I get a different error if I add "unix password sync = yes"  This time it
>> gives me the error "you do not have permission to change your password"
>> Everything that I've seen related to this error says to upgrade to 3.0.4,
>> but I'm running 3.0.24.
>>
>> Any ideas?
>>
>> Thanks,
>>
>> Andy
>>
>>
>> -----Original Message-----
>> From: Marcin Giedz [mailto:giedz at arise.pl]
>> Sent: Saturday, March 03, 2007 10:46 AM
>> To: Andy Colvin
>> Cc: samba at lists.samba.org
>> Subject: Re: Fwd: [Samba] Changing LDAP password from Windows XP
>>
>> Daniel Müller wrote:
>>
>> Hi
>>
>> your smb.conf file seems to be OK, however to be able to sync
>> sambapasswords with userPassword try to add
>>
>> unix password sync = yes
>>
>> to your smb.conf
>>
>> Regards,
>> Marcin
>>
>>
>>
>>
>>     
>>> Hello,
>>>
>>> remove the line 'passwd program = /usr/sbin/smbldap-passwd %u'
>>> for testing.
>>> On my Suse 10.1 I do not need this and m y users can change their
>>>       
>> passwords.
>>     
>>> greetings
>>> daniel
>>>
>>>
>>>
>>>
>>>
>>>
>>> -------- Original-Nachricht --------
>>> Datum: Fri, 2 Mar 2007 11:55:06 -0600 (CST)
>>> Von: "Andy Colvin" <acolvin at enkitec.com>
>>> An: samba at lists.samba.org
>>> CC:
>>> Betreff: [Samba] Changing LDAP password from Windows XP
>>>
>>> I've got a very simple setup with Samba 3.0.24 running on Fedora Core 6,
>>> talking to Fedora Directory Server 1.0.4.  I've got everything set up so
>>> that I can add computers to the domain, add users using the smbldap-
>>> tools, and have users logging in.  When a user tries to change their
>>> password from within Windows (ctrl-alt-del) they get the error
>>>
>>>   "the user name or old password is incorrect.  letters in passwords
>>>       
>> must
>>     
>>> be typed using the correct case."
>>>
>>> The strange thing is that the samba passwords (sambalmpassword,
>>> sambantpassword) are changed in the LDAP server, but the general account
>>> password (userpassword) is not changed.  I looked everywhere I could,
>>>       
>> and
>>     
>>> couldn't find anything to cause this.  I can set passwords just fine
>>>       
>> using
>>     
>>> smbldap-passwd and it will set all passwords.
>>>
>>> Here is a copy of my smb.conf:
>>>
>>> [global]
>>> workgroup = MAIL
>>> netbios name = YOURMOM
>>> security = user
>>> passdb backend = ldapsam:ldap://mail.yourmom.net
>>> ldap admin dn = cn=Directory Manager
>>> ldap suffix = dc=yourmom,dc=net
>>> ldap user suffix = ou=People
>>> ldap idmap suffix = ou=People
>>> ldap machine suffix = ou=Computers
>>> ldap group suffix = ou=Groups
>>> ldap passwd sync = yes
>>> ldap delete dn = no
>>> obey pam restrictions = no
>>> encrypt passwords = yes
>>> passwd program = /usr/sbin/smbldap-passwd %u
>>> add machine script = /usr/sbin/smbldap-useradd -w "%u"
>>> log file = /var/log/samba/log.%m
>>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>> os level = 255
>>> domain logons = yes
>>> domain master = yes
>>> local master = yes
>>> preferred master = yes
>>> wins support = yes
>>> template shell = /bin/false
>>> winbind use default domain = no
>>> logon path =
>>> logon home =
>>>
>>> [netlogon]
>>>    comment = Network Logon Service
>>>    path = /var/lib/samba/netlogon
>>>    read only = yes
>>>    browseable = no
>>>
>>> [homes]
>>>    comment = Home Directories
>>>    browseable = no
>>>    read only = no
>>>    guest ok = no
>>>    create mode = 0664
>>>    directory mode = 0775
>>>
>>>
>>>
>>> Thanks,
>>>
>>>
>>>
>>> Andy Colvin
>>>
>>>
>>>       
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/listinfo/samba
>>     
>
>   

-- 

Matt Lung | Systems Engineer

Midwest Tool & Die Corp. | 327 Ley Road, Fort Wayne IN, 46825
Phone: (260)483-4282 Ext 155 
Fax: (260) 471-8519
Web: http://www.midwest-tool.com

More information about the samba mailing list