[Samba] Password change
Robin G
robinghere3 at gmail.com
Thu Apr 26 03:57:12 UTC 2018
Hi Rowland,
I tried that but didn't work.
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 9033b998
dn: olcDatabase={1}hdb
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=testdom
olcAccess: {0}to attrs=sambaNTPassword,sambaPwdLastSet,sambaPwdMustChange
by dn="cn=admin,dc=testdom" write by self write by * none
olcAccess: {1}to attrs=shadowLastChange by self write by * read
olcLastMod: TRUE
smb.conf
add user script = /usr/sbin/smbldap-useradd -m '%u'
delete user script = /usr/sbin/smbldap-userdel '%u'
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%g' '%u'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%g'
'%u'
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
passwd program = /usr/sbin/smbldap-passwd -u %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:*
%n\n *password\supdated\ssuccessfully*
I get the same message whatever I try, even using smbpasswd %u doesn't
work. If I do ctrl+alt+del and put some rubbish entry in the existing
password, it doesn't even tell me that the existing password is wrong.
Regards,
Robin
On Tue, 24 Apr 2018 23:45:22 +1000
Robin G via samba <samba at lists.samba.org> wrote:
> Hi Guys,
>
> We are getting the following error when the users are trying to change
> the password from their windows machine: "Configuration information
> could not be read from the domain controller, either machine is
> unavailable or access is denied"
>
> Our Samba PDC has LDAP backend. We have the following
>
> Have the following in /etc/ldap/slapd.d/cn=config/olcDatabase{1}.hdb
>
> olcAccess: {0}to attrs=userPassword by self write by anonymous auth by
> * none
The line should be:
olcAccess: {0}to
attrs=sambaNTPassword,sambaPwdLastSet,sambaPwdMustChange by
dn="cn=admin,dc=example,dc=com" write by self write by * none
> This is a fairly new setup and don't think it has worked before.
I suppose the real question is, if this is a fairly new setup, why was a
PDC chosen instead of an AD DC ?
Rowland
More information about the samba
mailing list