[Samba] Users not able to change password

Adam Williams awilliam at mdah.state.ms.us
Tue Nov 18 18:45:02 GMT 2008


take these out of your smb.conf, you don't need them since you have ldap 
passwd sync = yes

passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*all*authentication*tokens*updated*
  unix password sync = yes
  passwd program = /usr/bin/passwd %u
  passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

Peter Van den Wildenbergh wrote:
>
> -- 
> Can somebody point me into the right direction please?
> Is this a windows issue/setting or samba or both ...
>
> Thanks
>
> Peter
> -- 
>
> Hi list,
>
> My brand new samba network is working pretty good, ironing out some
> glitches.
>
> Win XP users cannot change their password.
> I use SaMBa as a domain-controller with an LDAP backend.
>
> A stripped down version of the config is below.
>
> I set minimum password length to 8, trying to change the password to a 7
> char long gives me the messages that the password does not meet
> requirements. So that part seems to be working.
>
> However using an 8 char long pass (with numbers etc) gives me the msg
> that I don't have enough permissions to change the passwd.
> This is going to be an issue in 30 days, when users are required to
> change their passwd...
> Used pdbedit to set those requirements
>
> Tips and hints are welcome.
>
> The log shows:
>
> 2008/11/13 12:54:19, 0] auth/auth_util.c:create_builtin_users(758)
>  create_builtin_users: Failed to create Users
> [2008/11/13 12:54:19, 0] lib/util_sock.c:read_socket_with_timeout(497)
>  read_socket_with_timeout: timeout read. read error = Input/output error.
> [2008/11/13 12:54:19, 0] lib/util_sock.c:read_socket_with_timeout(497)
>  read_socket_with_timeout: timeout read. read error = Input/output error.
> [2008/11/13 12:55:02, 0] 
> auth/auth_util.c:create_builtin_administrators(792)
>  create_builtin_administrators: Failed to create Administrators
> [2008/11/13 12:55:02, 0] auth/auth_util.c:create_builtin_users(758)
>  create_builtin_users: Failed to create Users
>
>
> Thanks
>
> Peter
>
>
>
> [global]
>   workgroup = ENGIN
>   server string =  fileserver
>   dns proxy = no
>   log file = /var/log/samba/log.%m
>   max log size = 1000
>   syslog = 0
>   panic action = /usr/share/samba/panic-action %d
> security = user
>   encrypt passwords = true
> passdb backend = ldapsam:ldap://localhost/
> obey pam restrictions = no
> ldap admin dn = cn=xxx,dc=xxx,dc=xxx
> ldap suffix = dc=xxx, dc=xxx
> ldap group suffix = ou=Groups
> ldap user suffix = ou=Users
> ldap machine suffix = ou=Computers
> ldap idmap suffix = ou=Users
> ldap passwd sync = Yes
> passwd program = /usr/sbin/smbldap-passwd %u
> passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> *all*authentication*tokens*updated*
> add user script = /usr/sbin/smbldap-useradd -m "%u"
> ldap delete dn = Yes
> delete user script = /usr/sbin/smbldap-userdel "%u"
> add machine script = /usr/sbin/smbldap-useradd -w "%u"
> add group script = /usr/sbin/smbldap-groupadd -p "%g"
> delete group script = /usr/sbin/smbldap-groupdel "%g"
> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
> delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
> set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
> domain logons = yes
>   unix password sync = yes
>   passwd program = /usr/bin/passwd %u
>   passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> logon path =
> logon script = allusers.bat
> load printers = yes
> printcap name = cups
> printing = cups
> use client driver = yes
> cups options = raw
>   socket options = TCP_NODELAY
> [homes]
>  comment = Home directories
>  browseable = no
>  read only = no
>  create mask = 0700
>  directory mask = 0700
>  valid users = %S
>  hide dot files = yes
> [netlogon]
>   comment = Network Logon Service
>   path = /home/samba/netlogon
>   guest ok = yes
>   read only = yes
>   share modes = no
> [shared]
>  comment = Shared by all
>  path = /data/shares/shared
>  create mask = 0770
>  directory mask = 0770
>  users = %S
>  force group = "Domain users"
>  read only = no
>


More information about the samba mailing list