I've recently got this all up and working and in my testing had to
reverse the parameters to make this work with FDS.
I changed the following global parameters from:
unix password sync = no
ldap passwd sync = yes
to:
unix password sync = yes
ldap passwd sync = no
I was then able to change both passwords from 2K/XP w/o error status messages being returned after this change. We recently had a PDC working with openldap where the former settings worked. It's almost as if the two parameters were reversed in code somehow, but I doubt that is the case.
Good Luck,
ML
Daniel Müller wrote:
You are with ldap aren`t you.
Then you are missing ldap passwd sync = yes.
Is your goup mapping correct? Did you made an net rpc grant rights to
the group DOMAIN ADMINS?
ex:.
net -S server -U root%passwordroot rpc rights grant
'DOMAIN\Domain Admins' SeMachineAccountPrivilege
-------- Original-Nachricht --------
Datum: Sat, 3 Mar 2007 11:15:42 -0600 (CST)
Von: "Andy Colvin" <[EMAIL PROTECTED]>
An: [email protected]
CC:
Betreff: RE: Fwd: [Samba] Changing LDAP password from Windows XP
I get a different error if I add "unix password sync = yes" This time it
gives me the error "you do not have permission to change your password"
Everything that I've seen related to this error says to upgrade to 3.0.4,
but I'm running 3.0.24.
Any ideas?
Thanks,
Andy
-----Original Message-----
From: Marcin Giedz [mailto:[EMAIL PROTECTED]
Sent: Saturday, March 03, 2007 10:46 AM
To: Andy Colvin
Cc: [email protected]
Subject: Re: Fwd: [Samba] Changing LDAP password from Windows XP
Daniel Müller wrote:
Hi
your smb.conf file seems to be OK, however to be able to sync
sambapasswords with userPassword try to add
unix password sync = yes
to your smb.conf
Regards,
Marcin
Hello,
remove the line 'passwd program = /usr/sbin/smbldap-passwd %u'
for testing.
On my Suse 10.1 I do not need this and m y users can change their
passwords.
greetings
daniel
-------- Original-Nachricht --------
Datum: Fri, 2 Mar 2007 11:55:06 -0600 (CST)
Von: "Andy Colvin" <[EMAIL PROTECTED]>
An: [email protected]
CC:
Betreff: [Samba] Changing LDAP password from Windows XP
I've got a very simple setup with Samba 3.0.24 running on Fedora Core 6,
talking to Fedora Directory Server 1.0.4. I've got everything set up so
that I can add computers to the domain, add users using the smbldap-
tools, and have users logging in. When a user tries to change their
password from within Windows (ctrl-alt-del) they get the error
"the user name or old password is incorrect. letters in passwords
must
be typed using the correct case."
The strange thing is that the samba passwords (sambalmpassword,
sambantpassword) are changed in the LDAP server, but the general account
password (userpassword) is not changed. I looked everywhere I could,
and
couldn't find anything to cause this. I can set passwords just fine
using
smbldap-passwd and it will set all passwords.
Here is a copy of my smb.conf:
[global]
workgroup = MAIL
netbios name = YOURMOM
security = user
passdb backend = ldapsam:ldap://mail.yourmom.net
ldap admin dn = cn=Directory Manager
ldap suffix = dc=yourmom,dc=net
ldap user suffix = ou=People
ldap idmap suffix = ou=People
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups
ldap passwd sync = yes
ldap delete dn = no
obey pam restrictions = no
encrypt passwords = yes
passwd program = /usr/sbin/smbldap-passwd %u
add machine script = /usr/sbin/smbldap-useradd -w "%u"
log file = /var/log/samba/log.%m
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
os level = 255
domain logons = yes
domain master = yes
local master = yes
preferred master = yes
wins support = yes
template shell = /bin/false
winbind use default domain = no
logon path =
logon home =
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
read only = yes
browseable = no
[homes]
comment = Home Directories
browseable = no
read only = no
guest ok = no
create mode = 0664
directory mode = 0775
Thanks,
Andy Colvin
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
Matt Lung | Systems Engineer
Midwest Tool & Die Corp. | 327 Ley Road, Fort Wayne IN, 46825
Phone: (260)483-4282 Ext 155
Fax: (260) 471-8519
Web: http://www.midwest-tool.com
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
