[Samba] Unable to change password in windows - SAMBA_LDAP_PDC
Edmundo Valle Neto
edmundo.valle at terra.com.br
Tue Nov 27 22:37:25 GMT 2007
jayendren anand maduray escreveu:
> Hi All.
>
> I have a SAMBA PDC that uses LDAP as its back end.
> The OS, is UBUNTU 6.10 Server.
> SAMBA Version is 3.022
>
> The problem is, when a client logs onto the Domain, he presses
> Control+Alt+Del, and chooses Change Password.
> He types in the old password, then the new one, and confirms this.
> When he clicks on OK, it thinks for a bit (about 30 seconds) and then
> says:
> "The system cannot change your password now because the domain
> RIVONINGO.HIVSA is not available"
>
> This used to work before, and works fine on another server, with the
> identical settings.
>
> The log file for the computer says:
> [2007/11/27 16:00:11, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2171)
> ldapsam_search_one_group: Problem during the LDAP search: LDAP error:
> (No such object)
This says that something wasn't found in LDAP, but doesn't say what or
where it was looked for.
(...)
> ldap suffix = dc=rivoningo,dc=hivsa
> ldap group suffix =
> ou=smbGroups,ou=soul-calibur,ou=smbServers,dc=rivoningo,dc=hivsa
> ldap user suffix =
> ou=smbUsers,ou=soul-calibur,ou=smbServers,dc=rivoningo,dc=hivsa
> ldap machine suffix =
> ou=smbComputers,ou=soul-calibur,ou=smbServers,dc=rivoningo,dc=hivsa
> ldap idmap suffix =
> ou=smbUsers,ou=soul-calibur,ou=smbServers,dc=rivoningo,dc=hivsa
I didn't understood why did you crated your DIT that way, but ...
From smb.conf man page:
ldap suffix (G)
Specifies the base for all ldap suffixes and for storing the sambaDomain
object.
The ldap suffix will be appended to the values specified for the ldap
user suffix, ldap group suffix, ldap
machine suffix, and the ldap idmap suffix. Each of these should be given
only a DN relative to the ldap suf-
fix.
Default: ldap suffix =
Example: ldap suffix = dc=samba,dc=org
ldap user suffix (G)
This parameter specifies where users are added to the tree. If this
parameter is unset, the value of ldap suf-
fix will be used instead. The suffix string is pre-pended to the ldap
suffix string SO USE A PARTIAL DN.
Default: ldap user suffix =
Example: ldap user suffix = ou=people
(...)
So take a look at the "SO USE A PARTIAL" part, it worth for all
organizational units suffixes.
Regards.
Edmundo Valle Neto
More information about the samba
mailing list