You are with ldap aren`t you. Then you are missing ldap passwd sync = yes. Is your goup mapping correct? Did you made an net rpc grant rights to the group DOMAIN ADMINS? ex:.
net -S server -U root%passwordroot rpc rights grant 'DOMAIN\Domain Admins' SeMachineAccountPrivilege -------- Original-Nachricht -------- Datum: Sat, 3 Mar 2007 11:15:42 -0600 (CST) Von: "Andy Colvin" <[EMAIL PROTECTED]> An: samba@lists.samba.org CC: Betreff: RE: Fwd: [Samba] Changing LDAP password from Windows XP > I get a different error if I add "unix password sync = yes" This time it > gives me the error "you do not have permission to change your password" > Everything that I've seen related to this error says to upgrade to 3.0.4, > but I'm running 3.0.24. > > Any ideas? > > Thanks, > > Andy > > > -----Original Message----- > From: Marcin Giedz [mailto:[EMAIL PROTECTED] > Sent: Saturday, March 03, 2007 10:46 AM > To: Andy Colvin > Cc: samba@lists.samba.org > Subject: Re: Fwd: [Samba] Changing LDAP password from Windows XP > > Daniel Müller wrote: > > Hi > > your smb.conf file seems to be OK, however to be able to sync > sambapasswords with userPassword try to add > > unix password sync = yes > > to your smb.conf > > Regards, > Marcin > > > > > > Hello, > > > > remove the line 'passwd program = /usr/sbin/smbldap-passwd %u' > > for testing. > > On my Suse 10.1 I do not need this and m y users can change their > passwords. > > > > greetings > > daniel > > > > > > > > > > > > > > -------- Original-Nachricht -------- > > Datum: Fri, 2 Mar 2007 11:55:06 -0600 (CST) > > Von: "Andy Colvin" <[EMAIL PROTECTED]> > > An: samba@lists.samba.org > > CC: > > Betreff: [Samba] Changing LDAP password from Windows XP > > > > I've got a very simple setup with Samba 3.0.24 running on Fedora Core 6, > > talking to Fedora Directory Server 1.0.4. I've got everything set up so > > that I can add computers to the domain, add users using the smbldap- > > tools, and have users logging in. When a user tries to change their > > password from within Windows (ctrl-alt-del) they get the error > > > > "the user name or old password is incorrect. letters in passwords > must > > be typed using the correct case." > > > > The strange thing is that the samba passwords (sambalmpassword, > > sambantpassword) are changed in the LDAP server, but the general account > > password (userpassword) is not changed. I looked everywhere I could, > and > > couldn't find anything to cause this. I can set passwords just fine > using > > smbldap-passwd and it will set all passwords. > > > > Here is a copy of my smb.conf: > > > > [global] > > workgroup = MAIL > > netbios name = YOURMOM > > security = user > > passdb backend = ldapsam:ldap://mail.yourmom.net > > ldap admin dn = cn=Directory Manager > > ldap suffix = dc=yourmom,dc=net > > ldap user suffix = ou=People > > ldap idmap suffix = ou=People > > ldap machine suffix = ou=Computers > > ldap group suffix = ou=Groups > > ldap passwd sync = yes > > ldap delete dn = no > > obey pam restrictions = no > > encrypt passwords = yes > > passwd program = /usr/sbin/smbldap-passwd %u > > add machine script = /usr/sbin/smbldap-useradd -w "%u" > > log file = /var/log/samba/log.%m > > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > > os level = 255 > > domain logons = yes > > domain master = yes > > local master = yes > > preferred master = yes > > wins support = yes > > template shell = /bin/false > > winbind use default domain = no > > logon path = > > logon home = > > > > [netlogon] > > comment = Network Logon Service > > path = /var/lib/samba/netlogon > > read only = yes > > browseable = no > > > > [homes] > > comment = Home Directories > > browseable = no > > read only = no > > guest ok = no > > create mode = 0664 > > directory mode = 0775 > > > > > > > > Thanks, > > > > > > > > Andy Colvin > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba