[Samba] window, samba and ldap passwords
L.P.H. van Belle
belle at bazuin.nl
Tue Aug 16 05:40:33 MDT 2011
Hai,
on your master, in smb.conf
change these settings. ( im also running debian with pdc/bdc ldap master and multiple slaves through syncrepl )
passwd program = /usr/sbin/smbldap-passwd "%u"
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated*
remove : unix password sync = Yes
and try again.
Louis
>-----Oorspronkelijk bericht-----
>Van: paikkos at googlemail.com
>[mailto:samba-bounces at lists.samba.org] Namens Dermot
>Verzonden: 2011-08-16 12:48
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] window, samba and ldap passwords
>
>Hi,
>
>I recently migrated to a Samba3x domain. One issue that has been
>reported to me is that XP users cannot change their password from
>their PC. I have done some searching and I haven't seen a straight
>forward answer to this.
>
>My config is
>
>ldap primary + Samba PDC on host A
>ldap slave + samba BDC on host B
>
>I see this error in the machine log when someone attempts to change
>their password:
>
>2011/08/16 10:04:11.137313, 0] auth/pampass.c:861(smb_pam_passchange)
> smb_pam_passchange: PAM: Password Change Failed for user kreuze!
>[2011/08/16 10:04:11.200891, 0] auth/pampass.c:705(smb_pam_chauthtok)
> PAM: UNKNOWN PAM ERROR (8) for User: kreuze
>[2011/08/16 10:04:11.201002, 0] auth/pampass.c:861(smb_pam_passchange)
> smb_pam_passchange: PAM: Password Change Failed for user kreuze!
>[2011/08/16 10:04:11.215657, 0] auth/pampass.c:705(smb_pam_chauthtok)
> PAM: UNKNOWN PAM ERROR (8) for User: kreuze
>[2011/08/16 10:04:11.215741, 0] auth/pampass.c:861(smb_pam_passchange)
> smb_pam_passchange: PAM: Password Change Failed for user kreuze!
>
>
>I have seen this article:
>http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/pam.
>html#id2667199
>but I am not sure if it's appropriate for my environment. I suspect
>the answer to this may very dependent on my config.
>Can anyone offer any advice?
>Thanks in advance.
>Dermot.
>
>
>=========== smb.conf on PDC ===========
>
> dos charset = UTF-8
> display charset = UTF-8
> workgroup = FOO
> server string = %h server
> map to guest = Bad User
> passdb backend = ldapsam:ldap://127.0.0.1/
> pam password change = Yes
> passwd program = /usr/sbin/smbldap-passwd -u %u
> passwd chat = *New*password* %n\n *Retype*new*password* %n\n
>*all*authentication*tokens*updated*
> unix password sync = Yes
> log level = 1
> syslog = 0
> log file = /var/log/samba/log.%m
> max log size = 1000
> smb ports = 139 445
> name resolve order = wins hosts bcast
> time server = Yes
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> load printers = No
> add user script = /usr/sbin/smbldap-useradd -m %u
> delete user script = /usr/sbin/smbldap-userdel '%u'
> delete group script = /usr/sbin/smbldap-groupdel %g
> add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
> delete user from group script =
>/usr/sbin/smbldap-groupmod -x %u %g
> set primary group script = /usr/sbin/smbldap-usermod -g %g %u
> add machine script = /usr/sbin/smbldap-useradd -w %u
> logon script = logon.bat
> logon path =
> logon drive = U:
> logon home =
> domain logons = Yes
> os level = 65
> preferred master = Auto
> domain master = Yes
> dns proxy = No
> ldap admin dn = cn=admin,dc=mydomin,dc=co,dc=uk
> ldap delete dn = Yes
> ldap group suffix = ou=Groups
> ldap idmap suffix = ou=idmap
> ldap machine suffix = ou=Computers, ou=Users
> ldap passwd sync = yes
> ldap suffix = dc=mydomain,dc=co,dc=uk
> ldap ssl = no
> ldap timeout = 20
> ldap user suffix = ou=Users
> panic action = /usr/share/samba/panic-action %d
> idmap backend = ldap:"ldap://127.0.0.1/"
> idmap uid = 15000-20000
> idmap gid = 15000-20000
> map acl inherit = Yes
> case sensitive = No
> hide unreadable = Yes
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list