[Samba] Password change

Robin G robinghere3 at gmail.com
Thu Apr 26 03:57:12 UTC 2018

Hi Rowland,

I tried that but didn't work.
# CRC32 9033b998
dn: olcDatabase={1}hdb
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=testdom
olcAccess: {0}to attrs=sambaNTPassword,sambaPwdLastSet,sambaPwdMustChange
by dn="cn=admin,dc=testdom" write by self write by * none
olcAccess: {1}to attrs=shadowLastChange by self write by * read
olcLastMod: TRUE

        add user script = /usr/sbin/smbldap-useradd -m '%u'
        delete user script = /usr/sbin/smbldap-userdel '%u'
        add group script = /usr/sbin/smbldap-groupadd -p '%g'
        delete group script = /usr/sbin/smbldap-groupdel '%g'
        add user to group script = /usr/sbin/smbldap-groupmod -m '%g' '%u'
        delete user from group script = /usr/sbin/smbldap-groupmod -x '%g'
        add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
        set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
passwd program = /usr/sbin/smbldap-passwd -u %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:*
%n\n *password\supdated\ssuccessfully*

I get the same message whatever I try, even using smbpasswd %u doesn't
work. If I do ctrl+alt+del and put some rubbish entry in the existing
password, it doesn't even tell me that the existing password is wrong.


On Tue, 24 Apr 2018 23:45:22 +1000

Robin G via samba <samba at lists.samba.org> wrote:

> Hi Guys,


> We are getting the following error when the users are trying to change

> the password from their windows machine: "Configuration information

> could not be read from the domain controller, either machine is

> unavailable or access is denied"


> Our Samba PDC has LDAP backend. We have the following


> Have the following in /etc/ldap/slapd.d/cn=config/olcDatabase{1}.hdb


> olcAccess: {0}to attrs=userPassword by self write by anonymous auth by

> * none

The line should be:

olcAccess: {0}to

attrs=sambaNTPassword,sambaPwdLastSet,sambaPwdMustChange by
dn="cn=admin,dc=example,dc=com" write by self write by * none

> This is a fairly new setup and don't think it has worked before.

I suppose the real question is, if this is a fairly new setup, why was a
PDC chosen instead of an AD DC ?


More information about the samba mailing list