[Samba] problems with passwd program =
sisu .
npillao at hotmail.com
Wed Mar 23 04:26:16 MDT 2011
Hi,
Thank you so much for your reply. I've changed my configuration:
encrypt passwords = yes
unix password sync = Yes
passwd chat debug = yes
passwd level = 2
passwd program = /usr/sbin/smbldap-passwd -s %u
passwd chat = *old*password* %o\n *new*password* %n\n *new*password* %n\n *changed*
But now I get a weird error which I do not understand, the case is when I try to change the password through windows xp appears a warning which says: "you do not have permissions to change your password"
and on the log file I can see:
check_ntlm_password: authentication for user [fred] -> [fred] -> [fred] succeeded
[2011/03/22 17:47:18.890451, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: fred
[2011/03/22 17:47:18.894130, 2] passdb/pdb_ldap.c:2446(init_group_from_ldap)
init_group_from_ldap: Entry found for group: 1004
[2011/03/22 17:47:20.893790, 2] smbd/chgpasswd.c:308(expect)
expect: NT_STATUS_IO_TIMEOUT
[2011/03/22 17:47:20.939531, 2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: fred
[2011/03/22 17:47:20.947319, 2] passdb/pdb_ldap.c:2446(init_group_from_ldap)
init_group_from_ldap: Entry found for group: 1004
[2011/03/22 17:47:23.801991, 2] smbd/chgpasswd.c:308(expect)
expect: NT_STATUS_IO_TIMEOUT
and this user has the attribute set to 1: sambaPwdCanChange
I will appreciate any thoughts !!
> > I was trying to adapt the perl script smbldap-passwd to allow to my
> > clients to change his/her password in another application of my
> > company. Seems that the smbldap-passwd is not executed and I do not
> > know why.
>
> > the configuration I use is below:
> >
> > encrypt passwords = yes
> > ldap password sync = Yes
> > passwd chat debug = yes
> > passwd level = 2
> > passwd program = /usr/sbin/smbldap-passwd -s %u
> > passwd chat = *old*password* %o\n *new*password* %n\n *new*password* %n\n *changed*
>
> If you set "ldap password sync = yes", Samba directly changes
> userPassword attribute and any script defined at "passwd program" iss
> never called.
>
> To change LDAP password with a script such as smbldap-passwd, try to
> set "unix password sync = yes" and to remove "ldap password sync = yes".
>
> ---
> TAKAHASHI Motonobu <monyo at monyo.com>
More information about the samba
mailing list