[Samba] Changing LDAP userPassword fails: Internal (implementation specific) error

François Legal devel at thom.fr.eu.org
Mon Feb 23 08:21:19 GMT 2009

Well, you usually have some specific acl in ldap for the userPassword
attribute, that restrict access to only the owner of the entry and an
administrator. You should make sure that the dn used by samba to bind the
directory (ldap admin dn) has access to the userPassword attribute.
Also, you should check that ldap is not setup with smbpasswd overlay, in
which case you should change the ldap sync parameter to only.


On Sun, 22 Feb 2009 14:02:15 -0500, Adam Tauno Williams
<adamtaunowilliams at gmail.com> wrote:
> openldap-2.3.27-8.el5_2.4,samba3-3.2.8-38
> An smbpasswd by root to change a user's password fails with:
> [root at littleboy samba]# smbpasswd adam
> New SMB password:
> Retype new SMB password:
> ldapsam_modify_entry: LDAP Password could not be changed for user adam:
> Internal (implementation specific) error
> 	password hash failed
> Failed to modify entry for user adam.
> Failed to modify password entry for user adam
> This changes the Samba password but fails to change the user's
> userPassword (LDAP sync) password.  But I can "manually" change the
> password using the DC's bind DN and password:
> # ldappasswd -S -H ldapi://%2fvar%2frun%2fldap2.4%2fldapi -vvvvvvvvv -x
> -W   -D "uid=CIFSDC,ou=System,ou=Entities,ou=SAM,o=Morrison
> Industries,c=US"   "cn=Adam
> Williams,ou=People,ou=Entities,ou=SAM,o=Morrison Industries,c=US"
> New password: 
> Re-enter new password: 
> Enter LDAP Password: 
> ldap_initialize( ldapi://%2fvar%2frun%2fldap2.4%2fldapi )
> Result: Success (0)
> Samba LDAP configuration:
> passdb backend = ldapsam:ldapi://%2fvar%2frun%2fldap2.4%2fldapi
> ldap ssl = no
> ldap admin dn = uid=CIFSDC,ou=System,ou=Entities,ou=SAM,o=Morrison
> Industries,c=US
> ldap suffix = o=Morrison Industries,c=US
> ldapsam:trusted = yes
> ldap passwd sync = Yes
> Oddly, attempting to change the password AS THE USER fails with a
> different error message, either via smbpasswd or via the password change
> dialog on a Win32 workstation:
> bash-3.2$ smbpasswd -U adam
> Old SMB password:
> New SMB password:
> Retype new SMB password:
> machine rejected the (anonymous) password change: Error was :
> Wrong Password.
> Failed to change password for adam
> It always just says the user's password is wrong,  although the user can
> login, navigate, etc...
> Is this https://bugzilla.samba.org/show_bug.cgi?id=5886 ?

More information about the samba mailing list