[Samba] samba ssh change password Error was: Wrong password

Rowland Penny rowlandpenny at googlemail.com
Wed Oct 29 07:23:25 MDT 2014


On 29/10/14 13:10, barış tombul wrote:
> i testing 4.1.13 and 4.2rc2 versions.
> yes, provisioned.
> samba-tool domain provision ..........
> i configured this smb.conf file.
> thanks..
>

I would suggest that you start again, quite a lot of what you have added 
is not required or will not work with a samba4 AD DC. The smb.conf that 
you get after provision, is, in most cases, all that you need and if 
modifications are required, they are usually minor. One glaring error 
that you have is 'dns forwarder = 127.0.0.1', with this setting, you are 
saying 'I don't know this address, I will ask myself'. Re-instate your 
original smb.conf (you did keep a copy, didn't you?) and see where this 
gets you.

Rowland

>
> 2014-10-29 14:51 GMT+02:00 Rowland Penny <rowlandpenny at googlemail.com 
> <mailto:rowlandpenny at googlemail.com>>:
>
>     On 29/10/14 12:25, barış tombul wrote:
>
>         new smb.conf​ here.. same problem.
>
>         [global]
>            server services = s3fs, winbindd, rpc, nbt, wrepl, cldap,
>         ldap, kdc, drepl, ntp_signd, kcc, dnsupdate
>            dcerpc endpoint servers = +winreg +srvsvc +netlogon +samr
>         +epmapper +rpcecho +lsarpc +dssetup +unixinfo +browser
>         +eventlog6 +backupkey +remote
>            obey pam restrictions = yes
>            bind interfaces only = yes
>            interfaces = ens192 lo
>            max protocol = smb3
>            logon path =
>            logon script =
>            logon home =
>            kerberos method = system keytab
>            name resolve order = wins bcast hosts
>            server string = Samba Server
>            security = user
>            server role = active directory domain controller
>            netbios name = SAMBA
>            disable netbios = no
>            preferred master = yes
>            domain master = yes
>            local master = yes
>            domain logons = yes
>            workgroup = FACILITY
>            password server = samba.facility.local
>            realm = FACILITY.LOCAL
>            client ldap sasl wrapping = sign
>            winbind separator = /
>            winbind enum users = yes
>            winbind enum groups = yes
>            winbind expand groups = 1
>            winbind nss info = rfc2307
>            winbind nested groups = yes
>            winbind offline logon = yes
>            winbind refresh tickets = yes
>            winbind normalize names = yes
>            winbind rpc only = yes
>            winbind sealed pipes = no
>            winbind trusted domains only = no
>            winbind cache time = 3600
>            winbind reconnect delay = 30
>            winbind max clients = 2000
>            winbind use default domain = true
>            hosts allow = ALL, 127.0.0.1
>            encrypt passwords = yes
>            machine password timeout = 0
>            wins proxy = yes
>            wins support = yes
>            lanman auth = yes
>            ntlm auth = yes
>            client lanman auth = yes
>            client ntlmv2 auth = yes
>            client plaintext auth = yes
>            hostname lookups = no
>            nt pipe support = yes
>            dns forwarder = 127.0.0.1
>            allow dns updates = secure
>            dns proxy = no
>            passdb backend = tdbsam
>            dead time = 0
>            nsupdate command = /usr/local/bin/nsupdate -g
>            dbwrap_tdb_mutexes:* = yes
>            idmap config ALL:backend = tdb
>            idmap config ALL:default = yes
>            idmap config ALL:readonly = yes
>            idmap_ldb:use rfc2307 = yes
>            idmap config * : range = 2000000-2999999
>            idmap config * : backend = tdb
>            idmap config * : schema_mode = rfc2307
>            idmap config * : readonly = no
>            idmap config * : default = yes
>            idmap config * : range = 2000000-2999999
>            idmap config FACILITY : schema_mode = rfc2307
>            idmap config FACILITY : readonly = no
>            idmap config FACILITY : backend = tdb
>            idmap config FACILITY : default = yes
>            idmap config FACILITY : range = 2000000-2999999
>            pam password change = yes
>            passwd program = /usr/local/samba/bin/smbpasswd %u
>            passwd chat = *Enter\snew\s*\spassword:* %n\n
>         *Retype\snew\s*\spassword:* %n\n
>         *password\supdated\ssuccessfully* .
>
>     Hi, can I ask where you are getting these smb.conf's from ? have
>     you provisioned samba4 ? what version of samba4 ?
>
>     Rowland
>
>     -- 
>     To unsubscribe from this list go to the following URL and read the
>     instructions: https://lists.samba.org/mailman/options/samba
>
>



More information about the samba mailing list