Hello, I have a working samba (2.0.7) server (Debian GNU/Linux 2.2) configured with security = user, but NOT domain. The clients are Windows 98. I whish windows users to be able to change their password without logging on the server (unix account on the server are disabled). I tried from the Password applet of the Control Panel, but I was able only to change the password stored on the Windows client itself, nothing happened in the /etc/samba/smbpasswd. I think I need a smbpasswd client program running on Windows, or I just missing some thing? Niccolo Firenze - Italy
Hi, It's possible for Windows users to change their Samba password: 1. Start->Settings->Control Panel 2. Security (translated from Dutch, so I hope it's correct) 3. Change Windows-password. 4. Select Microsoft Networking and click OK. 5. Enter the old & new password and click OK. 6. Done :) This works for me, but I don't know if it will work when Samba is not acting as a Domain Controller. Regards, Jan-Pieter van den Heuvel Piozum Computer & Webpagebuilding -----Oorspronkelijk bericht----- Van: samba-admin@lists.samba.org [mailto:samba-admin@lists.samba.org]Namens Niccolo Rigacci Verzonden: zondag 11 november 2001 12:37 Aan: samba@lists.samba.org Onderwerp: Changing password from Windows Hello, I have a working samba (2.0.7) server (Debian GNU/Linux 2.2) configured with security = user, but NOT domain. The clients are Windows 98. I whish windows users to be able to change their password without logging on the server (unix account on the server are disabled). I tried from the Password applet of the Control Panel, but I was able only to change the password stored on the Windows client itself, nothing happened in the /etc/samba/smbpasswd. I think I need a smbpasswd client program running on Windows, or I just missing some thing? Niccolo Firenze - Italy -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Good Morning jari Please, help - me. I see your answer about "cahnge password with win98" and I trying, but don?t work. I have samba 2.07 instaled in solaris 2.6+NIS. Every time, I have to create user in windows2000, in solaris (NIS) and samba. It needs to type the password this user 06 times. Do you know how create/change password an user in windows and automaticly create/change password in solaris and samba (that command is passwd to unix and smbpasswd samba)? I search this answer since 11 month. "Sorry to my bad english" Alexandre Message: 33 Date: Sun, 11 Nov 2001 09:57:42 -0800 (PST) From: Sean Elble < <mailto:s_elble@yahoo.com> s_elble@yahoo.com> Subject: RE: Changing password from Windows To: Jan-Pieter van den Heuvel < <mailto:jan-pieter@piozum.com> jan-pieter@piozum.com>, Niccolo Rigacci < <mailto:niccolo@rigacci.org> niccolo@rigacci.org>, <mailto:samba@lists.samba.org> samba@lists.samba.org To enable the changing of passwords from a Windows client, you must enable and setup the following parameters (the options given to each parameter are the settings I use on my RH 6.1 system; YMMV): passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *success* The passwd chat option should all be on one line (WebMail mangles it). HTH. -------------- next part -------------- HTML attachment scrubbed and removed
There was a samba 2.0 in a rh 7.0 running and working without problems before i install suse 7.3 pro. In this case, i moved all password files from rh 7.0 to suse 7.3 (samba and systems files). Then in the suse 7.3, i compiled version 2.2.2, and is working with the only exceptions of changing password. Just the samba password, sync with system password is not required. Every time somebody tries to change password from windows, an message about wrong old password appears. I haven't found any references about changes in the smbpasswd file structure, but it seems the problem is with the old smbpasswd file, since in other suse 7.3 with samba 2.2.2, but without previous smbpasswd file, changing password from windows is working. -- -.Francisco Acosta.--.chesco@idea.com.py.-
Hi all!
I had some problem with LDAP, so I setup a Samba PDC without LDAP and then I
migrate it to LDAP.
Before that, all worked fine, changing password from Windows too. But now, a
popup in windows says "username or old password incorrect. Password is case
sensitive" (it's not the exact sentence for you since I translated it
from my
language) and I got this error in log:
sambaPwdCanChange: value #0 already exists
But the password is REALLY changed and the sync is OK!
--> I got an error message but the command succeeded...
When I did it in a shell, I got no error...
Here is smb.conf:
--- BEGIN SMB.CONF ---
[global]
netbios name = PDCLINUX
workgroup = TESTDOMAIN
server string = TestCenter
comment = Controleur de Domaine
time server = yes
passdb backend = ldapsam:ldap://ldap.mydomain.com
encrypt passwords = yes
security = user
preferred master = yes
domain master = yes
local master = yes
domain logons = yes
wins support = yes
os level = 80
hosts allow = 192.168.0. 127.
# LDAP
ldap admin dn = "cn=Manager,dc=mydomain,dc=com"
ldap ssl = off
ldap delete dn = no
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap suffix = dc=mydomain,dc=com
ldap passwd sync = yes
unix password sync = yes
log level = 256
log file = /var/samba/log/%U.log
passwd chat debug = yes
passwd program = /usr/local/samba/bin/smbpasswd %u
passwd chat = *ew*password* %n\n *ew*password* %n\n
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
logon path = \\pdc.mydomain.com\profiles\%U
logon drive = H:
logon home = \\pdc.mydomain.com\%U
logon script = %U.bat
add machine script = /usr/sbin/useradd -d /dev/null -g machines -
s /bin/false -c %U%I %U
[homes]
comment = Home Directory
guest ok = no
read only = no
create mask = 0664
directory mask = 0775
[netlogon]
comment = Network Logon Service
path = /var/samba/netlogon
read only = yes
guest ok = yes
share modes = no
root preexec = /var/samba/netlogon/login.pl %U %G %L
browseable = no
--- END SMB.CONF ---
And here the log:
--- BEGIN LOG ---
[2003/12/30 15:43:49, 10] smbd/chgpasswd.c:dochild(217)
Invoking '/usr/local/samba/bin/smbpasswd testuser' as password change
program.
[2003/12/30 15:43:49, 10] lib/util_sock.c:read_socket_with_timeout(263)
read_socket_with_timeout: timeout read. select timed out.
[2003/12/30 15:43:49, 100] smbd/chgpasswd.c:expect(274)
expect: expected [*ew*password*] received [New SMB password:] match yes
[2003/12/30 15:43:49, 10] smbd/chgpasswd.c:expect(285)
expect: returning True
[2003/12/30 15:43:49, 100] smbd/chgpasswd.c:expect(237)
expect: sending [testuser
]
[2003/12/30 15:43:49, 10] lib/util_sock.c:read_socket_with_timeout(263)
read_socket_with_timeout: timeout read. select timed out.
[2003/12/30 15:43:49, 100] smbd/chgpasswd.c:expect(274)
expect: expected [*ew*password*] received [
Retype new SMB password:] match yes
[2003/12/30 15:43:49, 10] smbd/chgpasswd.c:expect(285)
expect: returning True
[2003/12/30 15:43:49, 100] smbd/chgpasswd.c:expect(237)
expect: sending [testuser
]
[2003/12/30 15:43:49, 3] smbd/chgpasswd.c:chat_with_program(438)
Password change successful for user testuser
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
element 32 -> now CHANGED
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
element 31 -> now CHANGED
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
element 10 -> now CHANGED
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
element 20 -> now CHANGED
[2003/12/30 15:43:49, 10] lib/account_pol.c:account_policy_get(134)
account_policy_get: maximum password age:-1
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
element 9 -> now CHANGED
[2003/12/30 15:43:49, 10] lib/account_pol.c:account_policy_get(134)
account_policy_get: minimum password age:0
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
element 8 -> now CHANGED
[2003/12/30 15:43:49, 4] passdb/pdb_ldap.c:ldapsam_update_sam_account(1370)
ldapsam_update_sam_account: user testuser to be modified has dn: uid=testuser,
ou=People,dc=phonambule-tv,dc=com
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 11: SET
[2003/12/30 15:43:49, 2] passdb/pdb_ldap.c:init_ldap_from_sam(769)
init_ldap_from_sam: Setting entry for user: testuser
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 17: SET
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 18: SET
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 12: SET
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
element 22: DEFAULT
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
element 23: DEFAULT
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
element 25: DEFAULT
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
element 1: DEFAULT
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
element 3: DEFAULT
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
element 4: DEFAULT
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
element 2: DEFAULT
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
element 5: DEFAULT
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
element 6: DEFAULT
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
element 7: DEFAULT
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 8: SET
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194)
element 8: CHANGED
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 9: SET
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194)
element 9: CHANGED
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 31: SET
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194)
element 31: CHANGED
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 32: SET
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194)
element 32: CHANGED
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 20: SET
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194)
element 20: CHANGED
[2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 19: SET
[2003/12/30 15:43:49, 11] lib/smbldap.c:smbldap_open(822)
smbldap_open: already connected to the LDAP server
[2003/12/30 15:43:49, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1203)
ldapsam_modify_entry: Failed to modify user dn= uid=testuser,ou=People,dc=phon
ambule-tv,dc=com with: Type or value exists
modify/add: sambaPwdCanChange: value #0 already exists
[2003/12/30 15:43:49, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1397)
ldapsam_update_sam_account: failed to modify user with uid = testuser, error:
modify/add: sambaPwdCanChange: value #0 already exists (Success)
[2003/12/30 15:43:49, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (1001, 547) - sec_ctx_stack_ndx = 1
[2003/12/30 15:43:49, 5] rpc_parse/parse_samr.c:init_samr_r_chgpasswd_user(7120)
init_r_chgpasswd_user
[2003/12/30 15:43:49, 5] rpc_server/srv_samr_nt.c:_samr_chgpasswd_user(1469)
_samr_chgpasswd_user: 1469
[2003/12/30 15:43:49, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 samr_io_r_chgpasswd_user
[2003/12/30 15:43:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(665)
0000 status: NT_STATUS_ACCESS_DENIED
--- END LOG ---
Can someone explain me why I got an error with the field sambaPwdCanChange in
LDAP, when I look it after the command, this field is changed...
Thanks alot!
S?bastien.
The passwd program it is is expecting is a program which modifies your UNIX password. Smbpasswd modifies your samba password. Try setting the following: passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* Clint> -----Original Message----- > From: samba-bounces+clint=typhoon.org@lists.samba.org > [mailto:samba-bounces+clint=typhoon.org@lists.samba.org] On > Behalf Of s.jousse@free.fr > Sent: Tuesday, December 30, 2003 9:12 AM > To: samba@lists.samba.org > Subject: [Samba] Changing password from windows > > > Hi all! > I had some problem with LDAP, so I setup a Samba PDC without > LDAP and then I > migrate it to LDAP. > Before that, all worked fine, changing password from Windows > too. But now, a > popup in windows says "username or old password incorrect. > Password is case > sensitive" (it's not the exact sentence for you since I > translated it from my > language) and I got this error in log: > sambaPwdCanChange: value #0 already exists > But the password is REALLY changed and the sync is OK! > --> I got an error message but the command succeeded... > > When I did it in a shell, I got no error... > > Here is smb.conf: > --- BEGIN SMB.CONF --- > [global] > netbios name = PDCLINUX > workgroup = TESTDOMAIN > server string = TestCenter > comment = Controleur de Domaine > time server = yes > > passdb backend = ldapsam:ldap://ldap.mydomain.com > > encrypt passwords = yes > security = user > preferred master = yes > domain master = yes > local master = yes > domain logons = yes > wins support = yes > os level = 80 > hosts allow = 192.168.0. 127. > > # LDAP > ldap admin dn = "cn=Manager,dc=mydomain,dc=com" > ldap ssl = off > ldap delete dn = no > ldap user suffix = ou=People > ldap group suffix = ou=Groups > ldap machine suffix = ou=Computers > ldap suffix = dc=mydomain,dc=com > ldap passwd sync = yes > unix password sync = yes > > log level = 256 > log file = /var/samba/log/%U.log > passwd chat debug = yes > passwd program = /usr/local/samba/bin/smbpasswd %u > passwd chat = *ew*password* %n\n *ew*password* %n\n > > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > > logon path = \\pdc.mydomain.com\profiles\%U > logon drive = H: > logon home = \\pdc.mydomain.com\%U > logon script = %U.bat > > add machine script = /usr/sbin/useradd -d /dev/null -g > machines - s /bin/false -c %U%I %U > > [homes] > comment = Home Directory > guest ok = no > read only = no > create mask = 0664 > directory mask = 0775 > > [netlogon] > comment = Network Logon Service > path = /var/samba/netlogon > read only = yes > guest ok = yes > share modes = no > root preexec = /var/samba/netlogon/login.pl %U %G %L > browseable = no > --- END SMB.CONF --- > > And here the log: > --- BEGIN LOG --- > [2003/12/30 15:43:49, 10] smbd/chgpasswd.c:dochild(217) > Invoking '/usr/local/samba/bin/smbpasswd testuser' as > password change program. [2003/12/30 15:43:49, 10] > lib/util_sock.c:read_socket_with_timeout(263) > read_socket_with_timeout: timeout read. select timed out. > [2003/12/30 15:43:49, 100] smbd/chgpasswd.c:expect(274) > expect: expected [*ew*password*] received [New SMB > password:] match yes [2003/12/30 15:43:49, 10] > smbd/chgpasswd.c:expect(285) > expect: returning True > [2003/12/30 15:43:49, 100] smbd/chgpasswd.c:expect(237) > expect: sending [testuser > ] > [2003/12/30 15:43:49, 10] > lib/util_sock.c:read_socket_with_timeout(263) > read_socket_with_timeout: timeout read. select timed out. > [2003/12/30 15:43:49, 100] smbd/chgpasswd.c:expect(274) > expect: expected [*ew*password*] received [ > Retype new SMB password:] match yes > [2003/12/30 15:43:49, 10] smbd/chgpasswd.c:expect(285) > expect: returning True > [2003/12/30 15:43:49, 100] smbd/chgpasswd.c:expect(237) > expect: sending [testuser > ] > [2003/12/30 15:43:49, 3] smbd/chgpasswd.c:chat_with_program(438) > Password change successful for user testuser > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) > element 32 -> now CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) > element 31 -> now CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) > element 10 -> now CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) > element 20 -> now CHANGED > [2003/12/30 15:43:49, 10] lib/account_pol.c:account_policy_get(134) > account_policy_get: maximum password age:-1 > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) > element 9 -> now CHANGED > [2003/12/30 15:43:49, 10] lib/account_pol.c:account_policy_get(134) > account_policy_get: minimum password age:0 > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) > element 8 -> now CHANGED > [2003/12/30 15:43:49, 4] > passdb/pdb_ldap.c:ldapsam_update_sam_account(1370) > ldapsam_update_sam_account: user testuser to be modified > has dn: uid=testuser, ou=People,dc=phonambule-tv,dc=com > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 11: SET > [2003/12/30 15:43:49, 2] passdb/pdb_ldap.c:init_ldap_from_sam(769) > init_ldap_from_sam: Setting entry for user: testuser > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 17: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 18: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 12: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 22: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 23: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 25: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 1: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 3: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 4: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 2: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 5: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 6: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 7: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 8: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194) > element 8: CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 9: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194) > element 9: CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 31: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194) > element 31: CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 32: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194) > element 32: CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 20: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194) > element 20: CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 19: SET > [2003/12/30 15:43:49, 11] lib/smbldap.c:smbldap_open(822) > smbldap_open: already connected to the LDAP server > [2003/12/30 15:43:49, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1203) > ldapsam_modify_entry: Failed to modify user dn= > uid=testuser,ou=People,dc=phon ambule-tv,dc=com with: Type or > value exists > modify/add: sambaPwdCanChange: value #0 already > exists [2003/12/30 15:43:49, 0] > passdb/pdb_ldap.c:ldapsam_update_sam_account(1397) > ldapsam_update_sam_account: failed to modify user with uid > = testuser, error: > modify/add: sambaPwdCanChange: value #0 already exists > (Success) [2003/12/30 15:43:49, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (1001, 547) - sec_ctx_stack_ndx = 1 > [2003/12/30 15:43:49, 5] > rpc_parse/parse_samr.c:init_samr_r_chgpasswd_user(7120) > init_r_chgpasswd_user > [2003/12/30 15:43:49, 5] > rpc_server/srv_samr_nt.c:_samr_chgpasswd_user(1469) > _samr_chgpasswd_user: 1469 > [2003/12/30 15:43:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_chgpasswd_user > [2003/12/30 15:43:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0000 status: NT_STATUS_ACCESS_DENIED > --- END LOG --- > > Can someone explain me why I got an error with the field > sambaPwdCanChange in > LDAP, when I look it after the command, this field is > changed... Thanks alot! > > S?bastien. > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
yes thanks, it works!!! ----- Original Message ----- From: "Sharp, Clint" <clint.sharp@attws.com> To: <s.jousse@free.fr>; <samba@lists.samba.org> Sent: Tuesday, December 30, 2003 5:06 PM Subject: RE: [Samba] Changing password from windows The passwd program it is is expecting is a program which modifies your UNIX password. Smbpasswd modifies your samba password. Try setting the following: passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* Clint> -----Original Message----- > From: samba-bounces+clint=typhoon.org@lists.samba.org > [mailto:samba-bounces+clint=typhoon.org@lists.samba.org] On > Behalf Of s.jousse@free.fr > Sent: Tuesday, December 30, 2003 9:12 AM > To: samba@lists.samba.org > Subject: [Samba] Changing password from windows > > > Hi all! > I had some problem with LDAP, so I setup a Samba PDC without > LDAP and then I > migrate it to LDAP. > Before that, all worked fine, changing password from Windows > too. But now, a > popup in windows says "username or old password incorrect. > Password is case > sensitive" (it's not the exact sentence for you since I > translated it from my > language) and I got this error in log: > sambaPwdCanChange: value #0 already exists > But the password is REALLY changed and the sync is OK! > --> I got an error message but the command succeeded... > > When I did it in a shell, I got no error... > > Here is smb.conf: > --- BEGIN SMB.CONF --- > [global] > netbios name = PDCLINUX > workgroup = TESTDOMAIN > server string = TestCenter > comment = Controleur de Domaine > time server = yes > > passdb backend = ldapsam:ldap://ldap.mydomain.com > > encrypt passwords = yes > security = user > preferred master = yes > domain master = yes > local master = yes > domain logons = yes > wins support = yes > os level = 80 > hosts allow = 192.168.0. 127. > > # LDAP > ldap admin dn = "cn=Manager,dc=mydomain,dc=com" > ldap ssl = off > ldap delete dn = no > ldap user suffix = ou=People > ldap group suffix = ou=Groups > ldap machine suffix = ou=Computers > ldap suffix = dc=mydomain,dc=com > ldap passwd sync = yes > unix password sync = yes > > log level = 256 > log file = /var/samba/log/%U.log > passwd chat debug = yes > passwd program = /usr/local/samba/bin/smbpasswd %u > passwd chat = *ew*password* %n\n *ew*password* %n\n > > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > > logon path = \\pdc.mydomain.com\profiles\%U > logon drive = H: > logon home = \\pdc.mydomain.com\%U > logon script = %U.bat > > add machine script = /usr/sbin/useradd -d /dev/null -g > machines - s /bin/false -c %U%I %U > > [homes] > comment = Home Directory > guest ok = no > read only = no > create mask = 0664 > directory mask = 0775 > > [netlogon] > comment = Network Logon Service > path = /var/samba/netlogon > read only = yes > guest ok = yes > share modes = no > root preexec = /var/samba/netlogon/login.pl %U %G %L > browseable = no > --- END SMB.CONF --- > > And here the log: > --- BEGIN LOG --- > [2003/12/30 15:43:49, 10] smbd/chgpasswd.c:dochild(217) > Invoking '/usr/local/samba/bin/smbpasswd testuser' as > password change program. [2003/12/30 15:43:49, 10] > lib/util_sock.c:read_socket_with_timeout(263) > read_socket_with_timeout: timeout read. select timed out. > [2003/12/30 15:43:49, 100] smbd/chgpasswd.c:expect(274) > expect: expected [*ew*password*] received [New SMB > password:] match yes [2003/12/30 15:43:49, 10] > smbd/chgpasswd.c:expect(285) > expect: returning True > [2003/12/30 15:43:49, 100] smbd/chgpasswd.c:expect(237) > expect: sending [testuser > ] > [2003/12/30 15:43:49, 10] > lib/util_sock.c:read_socket_with_timeout(263) > read_socket_with_timeout: timeout read. select timed out. > [2003/12/30 15:43:49, 100] smbd/chgpasswd.c:expect(274) > expect: expected [*ew*password*] received [ > Retype new SMB password:] match yes > [2003/12/30 15:43:49, 10] smbd/chgpasswd.c:expect(285) > expect: returning True > [2003/12/30 15:43:49, 100] smbd/chgpasswd.c:expect(237) > expect: sending [testuser > ] > [2003/12/30 15:43:49, 3] smbd/chgpasswd.c:chat_with_program(438) > Password change successful for user testuser > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) > element 32 -> now CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) > element 31 -> now CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) > element 10 -> now CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) > element 20 -> now CHANGED > [2003/12/30 15:43:49, 10] lib/account_pol.c:account_policy_get(134) > account_policy_get: maximum password age:-1 > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) > element 9 -> now CHANGED > [2003/12/30 15:43:49, 10] lib/account_pol.c:account_policy_get(134) > account_policy_get: minimum password age:0 > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) > element 8 -> now CHANGED > [2003/12/30 15:43:49, 4] > passdb/pdb_ldap.c:ldapsam_update_sam_account(1370) > ldapsam_update_sam_account: user testuser to be modified > has dn: uid=testuser, ou=People,dc=phonambule-tv,dc=com > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 11: SET > [2003/12/30 15:43:49, 2] passdb/pdb_ldap.c:init_ldap_from_sam(769) > init_ldap_from_sam: Setting entry for user: testuser > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 17: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 18: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 12: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 22: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 23: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 25: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 1: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 3: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 4: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 2: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 5: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 6: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 7: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 8: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194) > element 8: CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 9: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194) > element 9: CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 31: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194) > element 31: CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 32: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194) > element 32: CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 20: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194) > element 20: CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 19: SET > [2003/12/30 15:43:49, 11] lib/smbldap.c:smbldap_open(822) > smbldap_open: already connected to the LDAP server > [2003/12/30 15:43:49, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1203) > ldapsam_modify_entry: Failed to modify user dn> uid=testuser,ou=People,dc=phon ambule-tv,dc=com with: Type or > value exists > modify/add: sambaPwdCanChange: value #0 already > exists [2003/12/30 15:43:49, 0] > passdb/pdb_ldap.c:ldapsam_update_sam_account(1397) > ldapsam_update_sam_account: failed to modify user with uid > = testuser, error: > modify/add: sambaPwdCanChange: value #0 already exists > (Success) [2003/12/30 15:43:49, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (1001, 547) - sec_ctx_stack_ndx = 1 > [2003/12/30 15:43:49, 5] > rpc_parse/parse_samr.c:init_samr_r_chgpasswd_user(7120) > init_r_chgpasswd_user > [2003/12/30 15:43:49, 5] > rpc_server/srv_samr_nt.c:_samr_chgpasswd_user(1469) > _samr_chgpasswd_user: 1469 > [2003/12/30 15:43:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_chgpasswd_user > [2003/12/30 15:43:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0000 status: NT_STATUS_ACCESS_DENIED > --- END LOG --- > > Can someone explain me why I got an error with the field > sambaPwdCanChange in > LDAP, when I look it after the command, this field is > changed... Thanks alot! > > S?bastien. > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
Hi,
I am also getting same kind of error message with samab 2.2.8a LDAP PDC.
Here my smb.conf file.
[global]
coding system client code page = 850
code page directory = /usr/share/samba/codepages
netbios aliases netbios scope server string = Percipia
PDC Server
interfaces bind interfaces only = No
security = USER
encrypt passwords = Yes
update encrypted = No
allow trusted domains = Yes
hosts equiv min passwd length = 5
map to guest = Never
null passwords = No
obey pam restrictions = Yes
password server smb passwd file = /etc/samba/smbpasswd
root directory pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password*
%n\n*passwd:*all*authentication*tokens*updated*successfully*
passwd chat debug = Yes
username map password level = 0
username level = 0
unix password sync = Yes
restrict anonymous = No
lanman auth = Yes
use rhosts = No
admin log = No
log level = 103
syslog = 1
syslog only = No
log file = /var/log/samba/%m.log
max log size = 50
timestamp logs = Yes
debug hires timestamp = No
debug pid = No
debug uid = No
protocol = NT1
large readwrite = Yes
max protocol = NT1
min protocol = CORE
read bmpx = No
read raw = Yes
write raw = Yes
acl compatibility nt smb support = Yes
nt pipe support = Yes
nt status support = Yes
announce version = 4.9
announce as = NT
max mux = 50
max xmit = 16644
name resolve order = lmhosts host wins bcast
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
time server = No
unix extensions = No
change notify timeout = 60
deadtime = 0
getwd cache = Yes
keepalive = 300
lpq cache time = 10
max smbd processes = 0
max disk size = 0
max open files = 10000
name cache timeout = 660
read size = 16384
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
stat cache size = 50
use mmap = Yes
total print jobs = 0
load printers = Yes
printcap name = /etc/printcap
disable spoolss = No
enumports command addprinter command deleteprinter
command show add printer wizard = Yes
os2 driver map strip dot = No
mangling method = hash
character set = ISO8859-1
mangled stack = 50
stat cache = Yes
domain admin group domain guest group machine password
timeout = 604800
add user script = /usr/local/sbin/smbldap-useradd.pl -m -d
/dev/null -g "Domain Computers" -s /bin/false
delete user script logon script logon path =
\\%N\%U\profile
logon drive = H:
logon home = \\%N\%U
domain logons = Yes
os level = 64
lm announce = Auto
lm interval = 60
preferred master = Yes
local master = Yes
domain master = Yes
browse list = Yes
enhanced browsing = Yes
dns proxy = Yes
wins proxy = No
wins server wins support = Yes
wins hook kernel oplocks = Yes
lock spin count = 3
lock spin time = 10
oplock break wait time = 0
ldap server = 127.0.0.1
ldap port = 389
ldap suffix = "dc=sfgroup,dc=com"
ldap filter = "(&(uid=%u)(objectclass=sambaAccount))"
ldap admin dn = "cn=Manager,dc=sfgroup,dc=com"
ldap ssl = no
add share command change share command delete share
command config file preload lock dir = /var/cache/samba
pid directory = /var/run
utmp directory wtmp directory utmp = No
default service message command dfree command
valid chars remote announce remote browse sync socket
address = 0.0.0.0
homedir map = auto.home
time offset = 0
NIS homedir = No
source environment panic action hide local users = No
host msdfs = No
winbind uid winbind gid template homedir = /home/%D/%U
template shell = /bin/false
winbind separator = \
winbind cache time = 15
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = No
comment path alternate permissions = No
username guest account = nobody
invalid users valid users admin users read list
write list printer admin force user force group
read only = Yes
create mask = 0744
force create mode = 00
security mask = 0777
force security mode = 00
directory mask = 0755
force directory mode = 00
directory security mask = 0777
force directory security mode = 00
force unknown acl user = 00
inherit permissions = No
inherit acls = No
guest only = No
guest ok = No
only user = No
hosts allow hosts deny status = Yes
nt acl support = Yes
profile acls = No
block size = 1024
max connections = 0
min print space = 0
strict allocate = No
strict sync = No
sync always = No
write cache size = 0
max print jobs = 1000
printable = No
postscript = No
printing = cups
print command = lpr -r -P%p %s
lpq command = lpq -P%p
lprm command = lprm -P%p %j
lppause command lpresume command queuepause command
queueresume command printer name use client driver = No
default devmode = No
printer driver printer driver file = /etc/samba/printers.def
printer driver location default case = lower
case sensitive = No
preserve case = Yes
short preserve case = Yes
mangle case = No
mangling char = ~
hide dot files = Yes
hide unreadable = No
delete veto files = No
veto files hide files veto oplock files map
system = No
map hidden = No
map archive = Yes
mangled names = Yes
mangled map browseable = Yes
blocking locks = Yes
csc policy = manual
fake oplocks = No
locking = Yes
oplocks = Yes
level2 oplocks = Yes
oplock contention limit = 2
posix locking = Yes
strict locking = No
share modes = Yes
copy include exec preexec close = No
postexec root preexec root preexec close = No
root postexec available = Yes
volume fstype = NTFS
set directory = No
wide links = Yes
follow symlinks = Yes
dont descend magic script magic output delete
readonly = No
dos filemode = No
dos filetimes = No
dos filetime resolution = No
fake directory create times = No
vfs object vfs options msdfs root = No
[homes]
comment = Home Directories
valid users = %S
read only = No
create mask = 0664
directory mask = 0775
browseable = No
Here my password char log message:-
smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: trying to match || to
|Enter login(LDAP) password:|
smb_pam_passchange_conv: Could not find reply for PAM prompt: Enter
login(LDAP) password:
PAM: unable to obtain the new authentication token - is password to weak?
smb_pam_error_handler: PAM: Password Change Failed : Authentication
token manipulation error
smb_pam_passchange: PAM: Password Change Failed for user sundaram!
smb_pam_end: PAM: PAM_END OK.
pop_sec_ctx (1023, 100) - sec_ctx_stack_ndx = 1
init_r_chgpasswd_user
_samr_chgpasswd_user: 1270
000000 samr_io_r_chgpasswd_user
0000 status: NT_STATUS_WRONG_PASSWORD
created /tmp/out_api_samr_rpc_55.3.prs
api_rpcTNP: called api_samr_rpc successfully
api_rpcTNP: rpc input buffer underflow (parse error?)
048c : 86 11 19 1b
pop_sec_ctx (1023, 100) - sec_ctx_stack_ndx = 0
free_pipe_context: destroying talloc pool of size 36
write_to_pipe: data_used = 1200
read_from_pipe: 732c name: samr len: 1024
read_from_pipe: samr: fault_state = 0 : data_sent_length = 0,
prs_offset(&p->out_data.rdata) = 4.
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 02
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 0034
000a auth_len : 0010
000c call_id : 00000002
000010 smb_io_rpc_hdr_resp resp
0010 alloc_hint: 00000004
0014 context_id: 0000
0016 cancel_ct : 00
0017 reserved : 00
create_next_pdu: sign: Yes seal: Yes data 4 auth 16
crc32_calc_buffer: eebb0acb
[000] 6A 00 00 C0 j...
00001c smb_io_rpc_hdr_auth hdr_auth
001c auth_type : 0a
001d auth_level : 06
001e stub_type_len: 08
001f padding : 00
0020 unknown : 00000001
000024 smb_io_rpc_auth_ntlmssp_chk auth_sign
0024 ver : 00000001
0028 reserved: 00000000
002c crc32 : eebb0acb
0030 seq_num : 00000003
copy_trans_params_and_data: params[0..0] data[0..52]
size=108
smb_com=0x25
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=1
smb_tid=1
smb_pid=236
smb_uid=100
smb_mid=48128
smt_wct=10
smb_vwv[0]=0 (0x0)
smb_vwv[1]=52 (0x34)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=56 (0x38)
smb_vwv[5]=0 (0x0)
smb_vwv[6]=52 (0x34)
smb_vwv[7]=56 (0x38)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_bcc=53
[000] 00 05 00 02 03 10 00 00 00 34 00 10 00 02 00 00 ........ .4......
[010] 00 04 00 00 00 00 00 00 00 75 D9 E6 97 0A 06 08 ........ .u......
[020] 00 01 00 00 00 01 00 00 00 9E 6F 43 67 0E 07 83 ........ ..oCg...
[030] 4C 75 EA 08 B8 Lu...
write_socket(12,112)
write_socket(12,112) wrote 112
got smb length of 41
got message type 0x0 of len 0x29
Transaction 8 of length 45
size=41
smb_com=0x4
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=18439
smb_tid=1
smb_pid=65279
smb_uid=100
smb_mid=48192
smt_wct=3
smb_vwv[0]=29484 (0x732C)
smb_vwv[1]=65535 (0xFFFF)
smb_vwv[2]=65535 (0xFFFF)
smb_bcc=0
switch message SMBclose (pid 30566)
change_to_user: Skipping user change - already user
search for pipe pnum=732c
pipe name samr pnum=732c (pipes_open=1)
reply_pipe_close: pnum:732c
close_policy_by_pipe: deleted handle list for pipe samr
closed pipe name samr pnum=732c (pipes_open=0)
size=35
smb_com=0x4
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=1
smb_tid=1
smb_pid=65279
smb_uid=100
smb_mid=48192
smt_wct=0
smb_bcc=0
write_socket(12,39)
write_socket(12,39) wrote 39
got smb length of 35
got message type 0x0 of len 0x23
Transaction 9 of length 39
size=35
smb_com=0x71
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=24
smb_flg2=18439
smb_tid=1
smb_pid=65279
smb_uid=100
smb_mid=48256
smt_wct=0
smb_bcc=0
switch message SMBtdis (pid 30566)
created /tmp/SMBtdis.13.req len 39
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
change_to_root_user: now uid=(0,0) gid=(0,0)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
change_to_root_user: now uid=(0,0) gid=(0,0)
rsundaram (192.168.1.140) closed connection to service IPC$
Yielding connection to IPC$
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
change_to_root_user: now uid=(0,0) gid=(0,0)
vfs_ChDir to /
created /tmp/SMBtdis.13.resp len 39
size=35
smb_com=0x71
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=1
smb_tid=1
smb_pid=65279
smb_uid=100
smb_mid=48256
smt_wct=0
smb_bcc=0
write_socket(12,39)
write_socket(12,39) wrote 39
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
change_to_root_user: now uid=(0,0) gid=(0,0)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
change_to_root_user: now uid=(0,0) gid=(0,0)
Closing idle connection
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
change_to_root_user: now uid=(0,0) gid=(0,0)
Closing connections
tdb_unpack(fffdd, 37) -> 37
smb_pam_start: PAM: Init user: sundaram
smb_pam_start: PAM: setting rhost to: 192.168.1.140
smb_pam_start: PAM: setting tty
smb_pam_start: PAM: Init passed for user: sundaram
smb_internal_pam_session: PAM: tty set to: smb/2
smb_pam_end: PAM: PAM_END OK.
Yielding connection to
receive_local_message: doing select with timeout of 1 ms
Server exit (normal exit)
Maybe Matching Threads
- samba3.0+pdc+ldap adding machines to domain
- Samba 3 PDC with LDAP - Error when changing userpasswordfrom windows
- samba pdc issue
- ldapsync, Samba LDAP bug?: win clients return error when change passwd in samba3 PDC
- Debian Lenny - Samba 3.2.5 + OpenLDAP (slapd) 2.4.11