[Samba] Password change

Robin G robinghere3 at gmail.com
Tue Apr 24 13:45:22 UTC 2018

Hi Guys,

We are getting the following error when the users are trying to change the
password from their windows machine: "Configuration information could not
be read from the domain controller, either machine is unavailable or access
is denied"

Our Samba PDC has LDAP backend. We have the following

BASE   dc=testdomain
URI    ldap://
TLS_CACERT /etc/ldap/ca_certs.pem

access to attribute=userPassword
access to attrs=userPassword,sambaNTPassword,sambaLMPassword

smb.conf for the smldap-tools bit is here

add user script = /usr/sbin/smbldap-useradd -m '%u'
        passwd program = /usr/sbin/smbldap-passwd -u "%u"
        passwd chat = "Changing *\nNew password*" %n\n "*Retype new
password* "%n\n"

Have the following in /etc/ldap/slapd.d/cn=config/olcDatabase{1}.hdb

olcAccess: {0}to attrs=userPassword by self write by anonymous auth by *
olcAccess: {1}to attrs=shadowLastChange by self write by * read
olcAccess: {2}to * by * read
olcLastMod: TRUE
olcRootDN: cn=admin,dc=testdomain

Couldn't see anything in the /samba/logs so I guess it is an issue with

This is a fairly new setup and don't think it has worked before.

Thank you.

More information about the samba mailing list