[Samba] Fwd: Unable to change passwords from Win XP Pro clients
Rowland Penny
rpenny at samba.org
Fri Apr 21 15:30:22 UTC 2017
On Fri, 21 Apr 2017 10:39:58 -0400
Eleuterio Contracampo via samba <samba at lists.samba.org> wrote:
> Hello everyone,
>
> First time with Samba 4.
> I've got it running mostly (with Windows 7 clients, everything works
> like a charm.), but I-m struggling with an issue that is driving me
> nuts (spent countless hours trying out stuff and googleing without
> luck):
>
> When users log in from Win XP Pro terminals, and are forced to change
> initially assigned passwords, they get an error (1728: error in RCP
> protocol) and cannot continue.
>
> **Some background about my setup:*
> PDC: SERV5N
> BDC: SERV6N
You do not have a 'PDC' & 'BDC', you have two AD DCs
> **My smb.conf (PDC):*
>
> # Global parameters
>
> [global]
Remove this lot from smb.conf:
wins support = yes
security = user
os level = 65
domain logons = yes
preferred master = yes
domain master = yes
local master = yes
name resolve order = host wins lmhosts bcast
remote announce = 192.168.40.255
remote browse sync = 192.168.40.255
passdb backend = ldapsam:"ldap://127.0.0.1 ldap://192.168.40.213"
ldap suffix = dc=MYDOMAIN,dc=org,dc=ar
ldap user suffix = ou=users
ldap machine suffix = ou=machines
ldap group suffix = ou=groups
ldap admin dn = cn=admin,dc=MYDOMAIN,dc=org,dc=ar
ldap delete dn = no
acl:search = false
kerberos method = secrets only
vfs objects = fileid acl_xattr
map acl inherit = yes
store dos attributes = yes
ldap passwd sync = yes
They are either default settings or have absolutely no place in an AD
DC smb.conf. The 'ldap' lines should only be used on a ldap based Samba
machine, not an AD DC, 'acl_xattr' is built into the samba binary.
Finally 'ldap passwd sync' only makes sense when you want the local
users passwords to sync with the users in ldap, only problem is, you
cannot have a local user with the same name as an AD user.
Rowland
More information about the samba
mailing list