[Samba] Changing LDAP userPassword fails: Internal (implementation specific) error

Adam Tauno Williams adamtaunowilliams at gmail.com
Sun Feb 22 19:02:15 GMT 2009


An smbpasswd by root to change a user's password fails with:

[root at littleboy samba]# smbpasswd adam
New SMB password:
Retype new SMB password:
ldapsam_modify_entry: LDAP Password could not be changed for user adam:
Internal (implementation specific) error
	password hash failed
Failed to modify entry for user adam.
Failed to modify password entry for user adam

This changes the Samba password but fails to change the user's
userPassword (LDAP sync) password.  But I can "manually" change the
password using the DC's bind DN and password:

# ldappasswd -S -H ldapi://%2fvar%2frun%2fldap2.4%2fldapi -vvvvvvvvv -x
-W   -D "uid=CIFSDC,ou=System,ou=Entities,ou=SAM,o=Morrison
Industries,c=US"   "cn=Adam
Williams,ou=People,ou=Entities,ou=SAM,o=Morrison Industries,c=US"
New password: 
Re-enter new password: 
Enter LDAP Password: 
ldap_initialize( ldapi://%2fvar%2frun%2fldap2.4%2fldapi )
Result: Success (0)

Samba LDAP configuration:
passdb backend = ldapsam:ldapi://%2fvar%2frun%2fldap2.4%2fldapi
ldap ssl = no
ldap admin dn = uid=CIFSDC,ou=System,ou=Entities,ou=SAM,o=Morrison
ldap suffix = o=Morrison Industries,c=US
ldapsam:trusted = yes
ldap passwd sync = Yes

Oddly, attempting to change the password AS THE USER fails with a
different error message, either via smbpasswd or via the password change
dialog on a Win32 workstation:

bash-3.2$ smbpasswd -U adam
Old SMB password:
New SMB password:
Retype new SMB password:
machine rejected the (anonymous) password change: Error was :
Wrong Password.
Failed to change password for adam

It always just says the user's password is wrong,  although the user can
login, navigate, etc...

Is this https://bugzilla.samba.org/show_bug.cgi?id=5886 ?

More information about the samba mailing list