[Samba] "You do not have permission to change" password issue with XP clients

Brett Charbeneau brett at wrl.org
Fri Feb 5 08:03:34 MST 2010

On Wed, 3 Feb 2010, Gaiseric Vandal wrote:

GV> On 02/02/10 18:07, Brett Charbeneau wrote:
GV> > Greetings all
GV> > 
GV> > I'm running Samba 3.0 on an Ubuntu box as a PDC and I'm having trouble
GV> > changing passwords with XP clients - here's my smb.conf
GV> > http://pastebin.com/m1bb6d4a6
GV> > 
GV> > I've played with a variety of "passwd chat" settings but no joy. I am
GV> > trying to use pam_cracklib.so - here's my /etc/pam.d/common-password file:
GV> > http://pastebin.com/m1a1d5f89
GV> > 
GV> > I've tried the suggestions in this thread, but no luck:
GV> > http://www.mail-archive.com/samba@lists.samba.org/msg104476.html
GV> > 
GV> > Any hints? I'd be very grateful for any suggestions anyone has the time to
GV> > offer!
GV> > 
GV> Are you using an LDAP backend?
GV> I am not sure the samba password chat chat scripts can pass the "old"
GV> password back to unix.    My experience with ldap (Sun LDAP server not
GV> OpenLDAP)  is that that password change either requires the user's old
GV> password or the LDAP admin pw.  The local "root" account does not have
GV> privledges to change ldap passwords.  (Local or NIS password's weren't a
GV> problem.)

	I appreciate the response!
	No, I'm using tdbsam as the back end...

Brett Charbeneau, GSEC Gold, GCIH Gold
Network Administrator
Williamsburg Regional Library
7770 Croaker Road
Williamsburg, VA 23188-7064
(757)259-4044          www.wrl.org
(757)259-4079 (fax)    brett at wrl.org

More information about the samba mailing list