yes thanks, it works!!! ----- Original Message ----- From: "Sharp, Clint" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, December 30, 2003 5:06 PM Subject: RE: [Samba] Changing password from windows
The passwd program it is is expecting is a program which modifies your UNIX password. Smbpasswd modifies your samba password. Try setting the following: passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* Clint > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of [EMAIL PROTECTED] > Sent: Tuesday, December 30, 2003 9:12 AM > To: [EMAIL PROTECTED] > Subject: [Samba] Changing password from windows > > > Hi all! > I had some problem with LDAP, so I setup a Samba PDC without > LDAP and then I > migrate it to LDAP. > Before that, all worked fine, changing password from Windows > too. But now, a > popup in windows says "username or old password incorrect. > Password is case > sensitive" (it's not the exact sentence for you since I > translated it from my > language) and I got this error in log: > sambaPwdCanChange: value #0 already exists > But the password is REALLY changed and the sync is OK! > --> I got an error message but the command succeeded... > > When I did it in a shell, I got no error... > > Here is smb.conf: > --- BEGIN SMB.CONF --- > [global] > netbios name = PDCLINUX > workgroup = TESTDOMAIN > server string = TestCenter > comment = Controleur de Domaine > time server = yes > > passdb backend = ldapsam:ldap://ldap.mydomain.com > > encrypt passwords = yes > security = user > preferred master = yes > domain master = yes > local master = yes > domain logons = yes > wins support = yes > os level = 80 > hosts allow = 192.168.0. 127. > > # LDAP > ldap admin dn = "cn=Manager,dc=mydomain,dc=com" > ldap ssl = off > ldap delete dn = no > ldap user suffix = ou=People > ldap group suffix = ou=Groups > ldap machine suffix = ou=Computers > ldap suffix = dc=mydomain,dc=com > ldap passwd sync = yes > unix password sync = yes > > log level = 256 > log file = /var/samba/log/%U.log > passwd chat debug = yes > passwd program = /usr/local/samba/bin/smbpasswd %u > passwd chat = *ew*password* %n\n *ew*password* %n\n > > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > > logon path = \\pdc.mydomain.com\profiles\%U > logon drive = H: > logon home = \\pdc.mydomain.com\%U > logon script = %U.bat > > add machine script = /usr/sbin/useradd -d /dev/null -g > machines - s /bin/false -c %U%I %U > > [homes] > comment = Home Directory > guest ok = no > read only = no > create mask = 0664 > directory mask = 0775 > > [netlogon] > comment = Network Logon Service > path = /var/samba/netlogon > read only = yes > guest ok = yes > share modes = no > root preexec = /var/samba/netlogon/login.pl %U %G %L > browseable = no > --- END SMB.CONF --- > > And here the log: > --- BEGIN LOG --- > [2003/12/30 15:43:49, 10] smbd/chgpasswd.c:dochild(217) > Invoking '/usr/local/samba/bin/smbpasswd testuser' as > password change program. [2003/12/30 15:43:49, 10] > lib/util_sock.c:read_socket_with_timeout(263) > read_socket_with_timeout: timeout read. select timed out. > [2003/12/30 15:43:49, 100] smbd/chgpasswd.c:expect(274) > expect: expected [*ew*password*] received [New SMB > password:] match yes [2003/12/30 15:43:49, 10] > smbd/chgpasswd.c:expect(285) > expect: returning True > [2003/12/30 15:43:49, 100] smbd/chgpasswd.c:expect(237) > expect: sending [testuser > ] > [2003/12/30 15:43:49, 10] > lib/util_sock.c:read_socket_with_timeout(263) > read_socket_with_timeout: timeout read. select timed out. > [2003/12/30 15:43:49, 100] smbd/chgpasswd.c:expect(274) > expect: expected [*ew*password*] received [ > Retype new SMB password:] match yes > [2003/12/30 15:43:49, 10] smbd/chgpasswd.c:expect(285) > expect: returning True > [2003/12/30 15:43:49, 100] smbd/chgpasswd.c:expect(237) > expect: sending [testuser > ] > [2003/12/30 15:43:49, 3] smbd/chgpasswd.c:chat_with_program(438) > Password change successful for user testuser > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) > element 32 -> now CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) > element 31 -> now CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) > element 10 -> now CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) > element 20 -> now CHANGED > [2003/12/30 15:43:49, 10] lib/account_pol.c:account_policy_get(134) > account_policy_get: maximum password age:-1 > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) > element 9 -> now CHANGED > [2003/12/30 15:43:49, 10] lib/account_pol.c:account_policy_get(134) > account_policy_get: minimum password age:0 > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) > element 8 -> now CHANGED > [2003/12/30 15:43:49, 4] > passdb/pdb_ldap.c:ldapsam_update_sam_account(1370) > ldapsam_update_sam_account: user testuser to be modified > has dn: uid=testuser, ou=People,dc=phonambule-tv,dc=com > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 11: SET > [2003/12/30 15:43:49, 2] passdb/pdb_ldap.c:init_ldap_from_sam(769) > init_ldap_from_sam: Setting entry for user: testuser > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 17: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 18: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 12: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 22: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 23: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 25: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 1: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 3: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 4: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 2: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 5: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 6: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 7: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 8: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194) > element 8: CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 9: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194) > element 9: CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 31: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194) > element 31: CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 32: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194) > element 32: CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 20: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194) > element 20: CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 19: SET > [2003/12/30 15:43:49, 11] lib/smbldap.c:smbldap_open(822) > smbldap_open: already connected to the LDAP server > [2003/12/30 15:43:49, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1203) > ldapsam_modify_entry: Failed to modify user dn= > uid=testuser,ou=People,dc=phon ambule-tv,dc=com with: Type or > value exists > modify/add: sambaPwdCanChange: value #0 already > exists [2003/12/30 15:43:49, 0] > passdb/pdb_ldap.c:ldapsam_update_sam_account(1397) > ldapsam_update_sam_account: failed to modify user with uid > = testuser, error: > modify/add: sambaPwdCanChange: value #0 already exists > (Success) [2003/12/30 15:43:49, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (1001, 547) - sec_ctx_stack_ndx = 1 > [2003/12/30 15:43:49, 5] > rpc_parse/parse_samr.c:init_samr_r_chgpasswd_user(7120) > init_r_chgpasswd_user > [2003/12/30 15:43:49, 5] > rpc_server/srv_samr_nt.c:_samr_chgpasswd_user(1469) > _samr_chgpasswd_user: 1469 > [2003/12/30 15:43:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_chgpasswd_user > [2003/12/30 15:43:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0000 status: NT_STATUS_ACCESS_DENIED > --- END LOG --- > > Can someone explain me why I got an error with the field > sambaPwdCanChange in > LDAP, when I look it after the command, this field is > changed... Thanks alot! > > S�bastien. > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
