Just so this gets stored to the list for all those who may encounter this in the future:
I finally found the answer: pam password change = yes must be set. This fixed the problem completely in my environment. Dan "Dan" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hello all, > > I am running 3.0.22 on Ubuntu 6.0.6 LTS and cannot get user passwords to > change while unix password sync = yes. Setting it to no works, but I need > it on. At the user workstation (Win XP) I receive "You don't have the > permissions to change your password" and logged in on the server as the > user I receive > "machine 127.0.0.1 rejected the password change: Error was : RAP86: The > specified password is invalid. > Failed to change password for <user>" > > I have searched the archives and googled the web. I have played with my > passwd program and passwd chat to no avail. I set passwd chat debug = > yes, log level = 100 and studied the log, but couldn't see anything that > helped me. Using SWAT I reset everything in the security options section > to default except unix password sync = yes, passwd chat, passwd program, > and passdb backend = tdbsam. I did find that in Feb 2004 John Terpstra > had someone file a bug report for a similar problem, also on a debian > system. I hope that I am overlooking something simple here and we can get > this working. Please respond with any ideas you may have. > > My current smb.conf is below. > > [global] > workgroup = DOMAIN > netbios name = PDC > server string = Samba PDC > passdb backend = tdbsam > enable privileges = Yes > passwd program = /usr/bin/passwd %u > passwd chat = *Enter\snew\sUnix\spassword:* %n\n > *Retype\snew\sUnix\spassword:* %n\n *password\supdated\ssuccessfully . > unix password sync = Yes > restrict anonymous = 1 > lanman auth = No > log level = 1 > log file = /usr/local/samba/var/log.%m > max log size = 500 > min protocol = NT1 > name resolve order = lmhosts host wins > add user to group script = /usr/sbin/adduser %u %g > add machine script = /usr/sbin/useradd -g machines -d /var/lib/nobody -s > /bin/false %u > logon path = \\%N\profiles\%U > logon drive = H: > logon home = > domain logons = Yes > os level = 65 > preferred master = Yes > domain master = Yes > dns proxy = No > ldap ssl = no > remote announce = *edited out* > template shell = /bin/bash > invalid users = *edited out* > admin users = *edited out* > acl group control = Yes > hosts allow = *edited out* > > [netlogon] > path = /var/lib/samba/netlogon > guest ok = Yes > browseable = No > > [profiles] > path = /var/lib/samba/profiles > read only = No > create mask = 0600 > directory mask = 0700 > browseable = No > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba