[Samba] [Bulk] Windows Users cannot change password on PDC Samba Server
Dominguez, Gaston Matias
gdominguez at eling.com.ar
Fri Sep 4 21:29:03 MDT 2009
Thanks you David.
It has solutioned my problem just.
Regards.
-----Mensaje original-----
De: David Wells [mailto:david_wells_77 at yahoo.com.ar]
Enviado el: Viernes, 04 de Septiembre de 2009 12:10 p.m.
Para: Dominguez, Gaston Matias
CC: samba at lists.samba.org
Asunto: Re: [Bulk] [Samba] Windows Users cannot change password on PDC Samba
Server
Dominguez, Gaston Matias escribió:
> I've this problems.
>
> I'm using on my smb.conf
>
> # Sincronizacion de cuentas LDAP, NT y LM
> # unix password sync = Yes
> ldap passwd sync = Yes
> passwd program = /usr/sbin/smbldap-passwd -u "%u"
> passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*"
%n\n"
>
>
> [2009/09/03 14:05:16, 1] smbd/chgpasswd.c:change_oem_password(1057)
> Sep 3 14:05:16 eisaIII smbd[4801]: user test1 cannot change password now,
> must wait until vie, 04 sep 2009 17:29:06 ART
>
> I don't find what is the problem.
>
> Someone help me please¡
>
>
>
> Here it's:
>
> [root at SRVDC01 ~]# testparm
> Load smb config files from /etc/samba/smb.conf
> Processing section "[homes]"
> Processing section "[printers]"
> Processing section "[Profiles]"
> Processing section "[netlogon]"
> Loaded services file OK.
> Server role: ROLE_DOMAIN_PDC
> Press enter to see a dump of your service definitions
>
> [global]
> workgroup = EISAIII
> server string = Samba Server Version %v on %L
> smb passwd file = /usr/bin/smbpasswd
> passdb backend = ldapsam:"ldap://127.0.0.1:389 <ldap://127.0.0.1:389%22> "
> username map = /etc/samba/smbusers
> syslog = 2
> log file = /var/log/samba/log.%m
> max log size = 1000
> time server = Yes
> add user script = /usr/sbin/smbldap-useradd -m "%u"
> delete user script = /usr/sbin/smbldap-userdel "%u"
> add group script = /usr/sbin/smbldap-groupadd -p "%g"
> delete group script = /usr/sbin/smbldap-groupdel "%g"
> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
> delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
> set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
> add machine script = /usr/sbin/smbldap-useradd -w %u
> logon script = scripts\logon.bat
> logon path = \\%L\Profiles\%U
> logon drive = Z:
> logon home = \\%L\%U
> domain logons = Yes
> os level = 65
> preferred master = Yes
> domain master = Yes
> wins server = 192.168.6.3
> ldap admin dn = cn=Administrador,dc=eisaIII,dc=com
> ldap delete dn = Yes
> ldap group suffix = ou=Group
> ldap idmap suffix = ou=Idmap
> ldap machine suffix = ou=Computers
> ldap passwd sync = Yes
> ldap suffix = dc=eisaIII,dc=com
> ldap user suffix = ou=People
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> admin users = Administrador, "@Domain Admins"
> cups options = raw
>
> [homes]
> comment = Home Directories
> read only = No
> browseable = No
>
> [printers]
> comment = All Printers
> path = /var/spool/samba
> printable = Yes
> browseable = No
>
> [Profiles]
> comment = Roaming Profile Share
> path = /var/lib/samba/profiles
> read only = No
> profile acls = Yes
>
> [netlogon]
> comment = Network Logon Service
> path = /var/lib/samba/netlogon
> admin users = root, maryo
> guest ok = Yes
> browseable = No
>
>
>
> Dominguez Gastón Matías
>
> Informática y Telecomunicaciones
>
> ELECTROINGENIERIA S.A.
>
> División Nuclear
>
> Tel.: 0054-03487-481880
>
> Fax: 0054-03487-481880 Int. 120/121
>
> E-mail: gdominguez at eling.com.ar
>
> Web: <http://www.eling.com.ar/> www.eling.com.ar
>
>
>
>
Deat Gastón.
I would think that the problem resides in the Minimum Password Age
setting of the PDC.
Please run 'net sam policy show "minimum password age"' and check if
the value is greater than 0. If it is run 'net sam policy set "minimum
password age" 0'.
Best regards,
David Wells.
More information about the samba
mailing list