[Samba] problems with passwd program =

sisu . npillao at hotmail.com
Wed Mar 23 04:26:16 MDT 2011 

Hi,
Thank you so much for your reply. I've changed my configuration:

encrypt passwords = yes
unix  password sync = Yes
passwd chat debug = yes
passwd level = 2
passwd program =  /usr/sbin/smbldap-passwd -s %u
passwd chat = *old*password* %o\n *new*password* %n\n *new*password* %n\n *changed*


But now I get a weird error which I do not understand, the case is when I try to change the password through windows xp  appears a warning which says: "you do not have permissions to change your password"

and on the log file I can see:

  check_ntlm_password:  authentication for user [fred] -> [fred] -> [fred] succeeded
[2011/03/22 17:47:18.890451,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: fred
[2011/03/22 17:47:18.894130,  2] passdb/pdb_ldap.c:2446(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 1004
[2011/03/22 17:47:20.893790,  2] smbd/chgpasswd.c:308(expect)
  expect: NT_STATUS_IO_TIMEOUT
[2011/03/22 17:47:20.939531,  2] passdb/pdb_ldap.c:572(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: fred
[2011/03/22 17:47:20.947319,  2] passdb/pdb_ldap.c:2446(init_group_from_ldap)
  init_group_from_ldap: Entry found for group: 1004
[2011/03/22 17:47:23.801991,  2] smbd/chgpasswd.c:308(expect)
  expect: NT_STATUS_IO_TIMEOUT


and this user has the attribute set to 1: sambaPwdCanChange


I will appreciate any thoughts !!



> > I was trying to adapt the perl script smbldap-passwd to allow to my
> > clients to change his/her password in another application of my
> > company. Seems that the smbldap-passwd is not executed and I do not
> > know why.
> 
> > the configuration I use is below:
> > 
> >     encrypt passwords = yes
> >     ldap password sync = Yes
> >     passwd chat debug = yes
> >     passwd level = 2
> >     passwd program =  /usr/sbin/smbldap-passwd -s %u
> >     passwd chat = *old*password* %o\n *new*password* %n\n *new*password* %n\n *changed*
> 
> If you set "ldap password sync = yes", Samba directly changes
> userPassword attribute and any script defined at "passwd program" iss
> never called. 
> 
> To change LDAP password with a script such as smbldap-passwd, try to
> set "unix password sync = yes" and to remove "ldap password sync = yes".
> 
> ---
> TAKAHASHI Motonobu <monyo at monyo.com>

More information about the samba mailing list