Andy Colvin wrote:
I get a different error if I add "unix password sync = yes" This time it
gives me the error "you do not have permission to change your password"
what about ACLs in your LDAP config file regarding userPassword? Do you
have such? For me this kind of error (message) can point to LDAP acls.
What does your LDAP log file say - any errors?
Marcin
Everything that I've seen related to this error says to upgrade to 3.0.4,
but I'm running 3.0.24.
Any ideas?
Thanks,
Andy
-----Original Message-----
From: Marcin Giedz [mailto:[EMAIL PROTECTED]
Sent: Saturday, March 03, 2007 10:46 AM
To: Andy Colvin
Cc: [email protected]
Subject: Re: Fwd: [Samba] Changing LDAP password from Windows XP
Daniel Müller wrote:
Hi
your smb.conf file seems to be OK, however to be able to sync
sambapasswords with userPassword try to add
unix password sync = yes
to your smb.conf
Regards,
Marcin
Hello,
remove the line 'passwd program = /usr/sbin/smbldap-passwd %u'
for testing.
On my Suse 10.1 I do not need this and m y users can change their
passwords.
greetings
daniel
-------- Original-Nachricht --------
Datum: Fri, 2 Mar 2007 11:55:06 -0600 (CST)
Von: "Andy Colvin" <[EMAIL PROTECTED]>
An: [email protected]
CC:
Betreff: [Samba] Changing LDAP password from Windows XP
I've got a very simple setup with Samba 3.0.24 running on Fedora Core 6,
talking to Fedora Directory Server 1.0.4. I've got everything set up so
that I can add computers to the domain, add users using the smbldap-
tools, and have users logging in. When a user tries to change their
password from within Windows (ctrl-alt-del) they get the error
"the user name or old password is incorrect. letters in passwords
must
be typed using the correct case."
The strange thing is that the samba passwords (sambalmpassword,
sambantpassword) are changed in the LDAP server, but the general account
password (userpassword) is not changed. I looked everywhere I could,
and
couldn't find anything to cause this. I can set passwords just fine
using
smbldap-passwd and it will set all passwords.
Here is a copy of my smb.conf:
[global]
workgroup = MAIL
netbios name = YOURMOM
security = user
passdb backend = ldapsam:ldap://mail.yourmom.net
ldap admin dn = cn=Directory Manager
ldap suffix = dc=yourmom,dc=net
ldap user suffix = ou=People
ldap idmap suffix = ou=People
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups
ldap passwd sync = yes
ldap delete dn = no
obey pam restrictions = no
encrypt passwords = yes
passwd program = /usr/sbin/smbldap-passwd %u
add machine script = /usr/sbin/smbldap-useradd -w "%u"
log file = /var/log/samba/log.%m
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
os level = 255
domain logons = yes
domain master = yes
local master = yes
preferred master = yes
wins support = yes
template shell = /bin/false
winbind use default domain = no
logon path =
logon home =
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
read only = yes
browseable = no
[homes]
comment = Home Directories
browseable = no
read only = no
guest ok = no
create mode = 0664
directory mode = 0775
Thanks,
Andy Colvin
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
