[Samba] Windows Users cannot change password on PDC Samba Server

Dominguez, Gaston Matias gdominguez at eling.com.ar
Fri Sep 4 18:05:17 MDT 2009

I've this problems.

I'm using on my smb.conf 

# Sincronizacion de cuentas LDAP, NT y LM
# unix password sync = Yes
ldap passwd sync = Yes
passwd program = /usr/sbin/smbldap-passwd -u "%u"
passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*" %n\n"

[2009/09/03 14:05:16, 1] smbd/chgpasswd.c:change_oem_password(1057)
Sep 3 14:05:16 eisaIII smbd[4801]: user test1 cannot change password now,
must wait until vie, 04 sep 2009 17:29:06 ART

I don't find what is the problem.

Someone help me please¡


Here it's:

[root at SRVDC01 ~]# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Processing section "[Profiles]"
Processing section "[netlogon]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

workgroup = EISAIII
server string = Samba Server Version %v on %L
smb passwd file = /usr/bin/smbpasswd
passdb backend = ldapsam:"ldap:// <ldap://> "
username map = /etc/samba/smbusers
syslog = 2
log file = /var/log/samba/log.%m
max log size = 1000
time server = Yes
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -w %u
logon script = scripts\logon.bat
logon path = \\%L\Profiles\%U
logon drive = Z:
logon home = \\%L\%U
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins server =
ldap admin dn = cn=Administrador,dc=eisaIII,dc=com
ldap delete dn = Yes
ldap group suffix = ou=Group
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap passwd sync = Yes
ldap suffix = dc=eisaIII,dc=com
ldap user suffix = ou=People
idmap uid = 10000-20000
idmap gid = 10000-20000
admin users = Administrador, "@Domain Admins"
cups options = raw

comment = Home Directories
read only = No
browseable = No

comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No

comment = Roaming Profile Share
path = /var/lib/samba/profiles
read only = No
profile acls = Yes

comment = Network Logon Service
path = /var/lib/samba/netlogon
admin users = root, maryo
guest ok = Yes
browseable = No


Dominguez Gastón Matías

Informática y Telecomunicaciones


División Nuclear

Tel.: 0054-03487-481880

Fax: 0054-03487-481880 Int. 120/121

E-mail: gdominguez at eling.com.ar

Web:  <http://www.eling.com.ar/> www.eling.com.ar


More information about the samba mailing list