[Samba] Password sync not changing Samba passwords

Daniel O'Connor darius at dons.net.au
Thu Dec 5 15:29:33 MST 2013

I have a FreeBSD 9.2 system running Samaba 3.6.12 and I am trying to setup password syncing so Windows users can change their passwords and have that change reflected in the FreeBSD password DB.

I added the following to my smb.conf
        unix password sync = yes
        passwd program = /usr/bin/passwd %u
        passwd chat timeout = 10

However, when I change a password in Windows it thinks for a while then says 'Access denied', however the unix password has been changed but the Samba one has not (!)

If I runs smbpasswd I get..
[midget 8:56] ~ >smbpasswd
Old SMB password:
New SMB password:
Retype new SMB password:
SAMR connection to machine NT_STATUS_ACCESS_DENIED failed. Error was, but LANMAN password changes are disabled

I've done some googling on that error but haven't found anything definitive.

The account in question looks normal, eg..
[midget 8:58] ~ >sudo pdbedit -Lv darius
WARNING: The "idmap uid" option is deprecated
WARNING: The "idmap gid" option is deprecated
Unix username:        darius
NT username:
Account Flags:        [U          ]
User SID:             S-1-5-21-1045014296-3562119513-1454609323-1000
Primary Group SID:    S-1-5-21-1045014296-3562119513-1454609323-513
Full Name:            Daniel O'Connor
Home Directory:       \\midget\darius
HomeDir Drive:
Logon Script:         scripts/startup.bat
Profile Path:         \\midget\darius\profile
Domain:               LABF
Account desc:
Munged dial:
Logon time:           0
Logoff time:          Mon, 05 Dec 219250468 02:00:07 CST
Kickoff time:         Mon, 05 Dec 219250468 02:00:07 CST
Password last set:    Thu, 05 Dec 2013 22:58:45 CST
Password can change:  Thu, 05 Dec 2013 22:58:45 CST
Password must change: never
Last bad password   : 0
Bad password count  : 0

Any suggestions greatly appreciated :)

Daniel O'Connor software and network engineer
for Genesis Software - http://www.gsoft.com.au
"The nice thing about standards is that there
are so many of them to choose from."
  -- Andrew Tanenbaum
GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C

More information about the samba mailing list