[Samba] Unable to change password in windows - SAMBA_LDAP_PDC

Edmundo Valle Neto edmundo.valle at terra.com.br
Tue Nov 27 22:37:25 GMT 2007

jayendren anand maduray escreveu:
> Hi All.
> I have a SAMBA PDC that uses LDAP as its back end.
> The OS, is UBUNTU 6.10 Server.
> SAMBA Version is 3.022
> The problem is, when a client logs onto the Domain, he presses 
> Control+Alt+Del, and chooses Change Password.
> He types in the old password, then the new one, and confirms this.
> When he clicks on OK, it thinks for a bit (about 30 seconds) and then 
> says:
> "The system cannot change your password now because the domain 
> RIVONINGO.HIVSA is not available"
> This used to work before, and works fine on another server, with the 
> identical settings.
> The log file for the computer says:
> [2007/11/27 16:00:11, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2171)
> ldapsam_search_one_group: Problem during the LDAP search: LDAP error: 
> (No such object)

This says that something wasn't found in LDAP, but doesn't say what or 
where it was looked for.


> ldap suffix = dc=rivoningo,dc=hivsa
> ldap group suffix = 
> ou=smbGroups,ou=soul-calibur,ou=smbServers,dc=rivoningo,dc=hivsa
> ldap user suffix = 
> ou=smbUsers,ou=soul-calibur,ou=smbServers,dc=rivoningo,dc=hivsa
> ldap machine suffix = 
> ou=smbComputers,ou=soul-calibur,ou=smbServers,dc=rivoningo,dc=hivsa
> ldap idmap suffix = 
> ou=smbUsers,ou=soul-calibur,ou=smbServers,dc=rivoningo,dc=hivsa

I didn't understood why did you crated your DIT that way, but ...

 From smb.conf man page:

ldap suffix (G)
Specifies the base for all ldap suffixes and for storing the sambaDomain 

The ldap suffix will be appended to the values specified for the ldap 
user suffix, ldap group suffix, ldap
machine suffix, and the ldap idmap suffix. Each of these should be given 
only a DN relative to the ldap suf-

Default: ldap suffix =

Example: ldap suffix = dc=samba,dc=org

ldap user suffix (G)
This parameter specifies where users are added to the tree. If this 
parameter is unset, the value of ldap suf-
fix will be used instead. The suffix string is pre-pended to the ldap 
suffix string SO USE A PARTIAL DN.

Default: ldap user suffix =

Example: ldap user suffix = ou=people


So take a look at the "SO USE A PARTIAL" part, it worth for all 
organizational units suffixes.


Edmundo Valle Neto

More information about the samba mailing list