[Samba] window, samba and ldap passwords

Dermot paikkos at googlemail.com
Tue Aug 16 05:52:03 MDT 2011 

Thanks you very much. That has fixed it.
Brilliant.
Dp.


On 16 August 2011 12:40, L.P.H. van Belle <belle at bazuin.nl> wrote:
> Hai,
>
> on your master, in smb.conf
>
> change these settings.  ( im also running debian with pdc/bdc ldap master and multiple slaves through syncrepl )
>
> passwd program = /usr/sbin/smbldap-passwd "%u"
> passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated*
> remove : unix password sync = Yes
>
> and try again.
>
> Louis
>
>>-----Oorspronkelijk bericht-----
>>Van: paikkos at googlemail.com
>>[mailto:samba-bounces at lists.samba.org] Namens Dermot
>>Verzonden: 2011-08-16 12:48
>>Aan: samba at lists.samba.org
>>Onderwerp: [Samba] window, samba and ldap passwords
>>
>>Hi,
>>
>>I recently migrated to a Samba3x domain. One issue that has been
>>reported to me is that XP users cannot change their password from
>>their PC. I have done some searching and I haven't seen a straight
>>forward answer to this.
>>
>>My config is
>>
>>ldap primary + Samba PDC on host A
>>ldap slave + samba BDC on host B
>>
>>I see this error in the machine log when someone attempts to change
>>their password:
>>
>>2011/08/16 10:04:11.137313,  0] auth/pampass.c:861(smb_pam_passchange)
>>  smb_pam_passchange: PAM: Password Change Failed for user kreuze!
>>[2011/08/16 10:04:11.200891,  0] auth/pampass.c:705(smb_pam_chauthtok)
>>  PAM: UNKNOWN PAM ERROR (8) for User: kreuze
>>[2011/08/16 10:04:11.201002,  0] auth/pampass.c:861(smb_pam_passchange)
>>  smb_pam_passchange: PAM: Password Change Failed for user kreuze!
>>[2011/08/16 10:04:11.215657,  0] auth/pampass.c:705(smb_pam_chauthtok)
>>  PAM: UNKNOWN PAM ERROR (8) for User: kreuze
>>[2011/08/16 10:04:11.215741,  0] auth/pampass.c:861(smb_pam_passchange)
>>  smb_pam_passchange: PAM: Password Change Failed for user kreuze!
>>
>>
>>I have seen this article:
>>http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/pam.
>>html#id2667199
>>but I am not sure if it's appropriate for my environment. I suspect
>>the answer to this may very dependent on my config.
>>Can anyone offer any advice?
>>Thanks in advance.
>>Dermot.
>>
>>
>>=========== smb.conf on PDC ===========
>>
>>       dos charset = UTF-8
>>       display charset = UTF-8
>>       workgroup = FOO
>>       server string = %h server
>>       map to guest = Bad User
>>       passdb backend = ldapsam:ldap://127.0.0.1/
>>       pam password change = Yes
>>       passwd program = /usr/sbin/smbldap-passwd -u %u
>>       passwd chat = *New*password* %n\n *Retype*new*password* %n\n
>>*all*authentication*tokens*updated*
>>       unix password sync = Yes
>>       log level = 1
>>       syslog = 0
>>       log file = /var/log/samba/log.%m
>>       max log size = 1000
>>       smb ports = 139 445
>>       name resolve order = wins hosts bcast
>>       time server = Yes
>>       socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>       load printers = No
>>       add user script = /usr/sbin/smbldap-useradd -m %u
>>       delete user script = /usr/sbin/smbldap-userdel '%u'
>>       delete group script = /usr/sbin/smbldap-groupdel %g
>>       add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
>>       delete user from group script =
>>/usr/sbin/smbldap-groupmod -x %u %g
>>       set primary group script = /usr/sbin/smbldap-usermod -g %g %u
>>       add machine script = /usr/sbin/smbldap-useradd -w %u
>>       logon script = logon.bat
>>       logon path =
>>       logon drive = U:
>>       logon home =
>>       domain logons = Yes
>>       os level = 65
>>       preferred master = Auto
>>       domain master = Yes
>>       dns proxy = No
>>       ldap admin dn = cn=admin,dc=mydomin,dc=co,dc=uk
>>       ldap delete dn = Yes
>>       ldap group suffix = ou=Groups
>>       ldap idmap suffix = ou=idmap
>>       ldap machine suffix = ou=Computers, ou=Users
>>       ldap passwd sync = yes
>>       ldap suffix = dc=mydomain,dc=co,dc=uk
>>       ldap ssl = no
>>       ldap timeout = 20
>>       ldap user suffix = ou=Users
>>       panic action = /usr/share/samba/panic-action %d
>>       idmap backend = ldap:"ldap://127.0.0.1/"
>>       idmap uid = 15000-20000
>>       idmap gid = 15000-20000
>>       map acl inherit = Yes
>>       case sensitive = No
>>       hide unreadable = Yes
>>--
>>To unsubscribe from this list go to the following URL and read the
>>instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list