Hello, I have a working samba (2.0.7) server (Debian GNU/Linux 2.2) configured with security = user, but NOT domain. The clients are Windows 98. I whish windows users to be able to change their password without logging on the server (unix account on the server are disabled). I tried from the Password applet of the Control Panel, but I was able only to change the password stored on the Windows client itself, nothing happened in the /etc/samba/smbpasswd. I think I need a smbpasswd client program running on Windows, or I just missing some thing? Niccolo Firenze - Italy
Hi, It's possible for Windows users to change their Samba password: 1. Start->Settings->Control Panel 2. Security (translated from Dutch, so I hope it's correct) 3. Change Windows-password. 4. Select Microsoft Networking and click OK. 5. Enter the old & new password and click OK. 6. Done :) This works for me, but I don't know if it will work when Samba is not acting as a Domain Controller. Regards, Jan-Pieter van den Heuvel Piozum Computer & Webpagebuilding -----Oorspronkelijk bericht----- Van: samba-admin@lists.samba.org [mailto:samba-admin@lists.samba.org]Namens Niccolo Rigacci Verzonden: zondag 11 november 2001 12:37 Aan: samba@lists.samba.org Onderwerp: Changing password from Windows Hello, I have a working samba (2.0.7) server (Debian GNU/Linux 2.2) configured with security = user, but NOT domain. The clients are Windows 98. I whish windows users to be able to change their password without logging on the server (unix account on the server are disabled). I tried from the Password applet of the Control Panel, but I was able only to change the password stored on the Windows client itself, nothing happened in the /etc/samba/smbpasswd. I think I need a smbpasswd client program running on Windows, or I just missing some thing? Niccolo Firenze - Italy -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Good Morning jari Please, help - me. I see your answer about "cahnge password with win98" and I trying, but don?t work. I have samba 2.07 instaled in solaris 2.6+NIS. Every time, I have to create user in windows2000, in solaris (NIS) and samba. It needs to type the password this user 06 times. Do you know how create/change password an user in windows and automaticly create/change password in solaris and samba (that command is passwd to unix and smbpasswd samba)? I search this answer since 11 month. "Sorry to my bad english" Alexandre Message: 33 Date: Sun, 11 Nov 2001 09:57:42 -0800 (PST) From: Sean Elble < <mailto:s_elble@yahoo.com> s_elble@yahoo.com> Subject: RE: Changing password from Windows To: Jan-Pieter van den Heuvel < <mailto:jan-pieter@piozum.com> jan-pieter@piozum.com>, Niccolo Rigacci < <mailto:niccolo@rigacci.org> niccolo@rigacci.org>, <mailto:samba@lists.samba.org> samba@lists.samba.org To enable the changing of passwords from a Windows client, you must enable and setup the following parameters (the options given to each parameter are the settings I use on my RH 6.1 system; YMMV): passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *success* The passwd chat option should all be on one line (WebMail mangles it). HTH. -------------- next part -------------- HTML attachment scrubbed and removed
There was a samba 2.0 in a rh 7.0 running and working without problems before i install suse 7.3 pro. In this case, i moved all password files from rh 7.0 to suse 7.3 (samba and systems files). Then in the suse 7.3, i compiled version 2.2.2, and is working with the only exceptions of changing password. Just the samba password, sync with system password is not required. Every time somebody tries to change password from windows, an message about wrong old password appears. I haven't found any references about changes in the smbpasswd file structure, but it seems the problem is with the old smbpasswd file, since in other suse 7.3 with samba 2.2.2, but without previous smbpasswd file, changing password from windows is working. -- -.Francisco Acosta.--.chesco@idea.com.py.-
Hi all! I had some problem with LDAP, so I setup a Samba PDC without LDAP and then I migrate it to LDAP. Before that, all worked fine, changing password from Windows too. But now, a popup in windows says "username or old password incorrect. Password is case sensitive" (it's not the exact sentence for you since I translated it from my language) and I got this error in log: sambaPwdCanChange: value #0 already exists But the password is REALLY changed and the sync is OK! --> I got an error message but the command succeeded... When I did it in a shell, I got no error... Here is smb.conf: --- BEGIN SMB.CONF --- [global] netbios name = PDCLINUX workgroup = TESTDOMAIN server string = TestCenter comment = Controleur de Domaine time server = yes passdb backend = ldapsam:ldap://ldap.mydomain.com encrypt passwords = yes security = user preferred master = yes domain master = yes local master = yes domain logons = yes wins support = yes os level = 80 hosts allow = 192.168.0. 127. # LDAP ldap admin dn = "cn=Manager,dc=mydomain,dc=com" ldap ssl = off ldap delete dn = no ldap user suffix = ou=People ldap group suffix = ou=Groups ldap machine suffix = ou=Computers ldap suffix = dc=mydomain,dc=com ldap passwd sync = yes unix password sync = yes log level = 256 log file = /var/samba/log/%U.log passwd chat debug = yes passwd program = /usr/local/samba/bin/smbpasswd %u passwd chat = *ew*password* %n\n *ew*password* %n\n socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 logon path = \\pdc.mydomain.com\profiles\%U logon drive = H: logon home = \\pdc.mydomain.com\%U logon script = %U.bat add machine script = /usr/sbin/useradd -d /dev/null -g machines - s /bin/false -c %U%I %U [homes] comment = Home Directory guest ok = no read only = no create mask = 0664 directory mask = 0775 [netlogon] comment = Network Logon Service path = /var/samba/netlogon read only = yes guest ok = yes share modes = no root preexec = /var/samba/netlogon/login.pl %U %G %L browseable = no --- END SMB.CONF --- And here the log: --- BEGIN LOG --- [2003/12/30 15:43:49, 10] smbd/chgpasswd.c:dochild(217) Invoking '/usr/local/samba/bin/smbpasswd testuser' as password change program. [2003/12/30 15:43:49, 10] lib/util_sock.c:read_socket_with_timeout(263) read_socket_with_timeout: timeout read. select timed out. [2003/12/30 15:43:49, 100] smbd/chgpasswd.c:expect(274) expect: expected [*ew*password*] received [New SMB password:] match yes [2003/12/30 15:43:49, 10] smbd/chgpasswd.c:expect(285) expect: returning True [2003/12/30 15:43:49, 100] smbd/chgpasswd.c:expect(237) expect: sending [testuser ] [2003/12/30 15:43:49, 10] lib/util_sock.c:read_socket_with_timeout(263) read_socket_with_timeout: timeout read. select timed out. [2003/12/30 15:43:49, 100] smbd/chgpasswd.c:expect(274) expect: expected [*ew*password*] received [ Retype new SMB password:] match yes [2003/12/30 15:43:49, 10] smbd/chgpasswd.c:expect(285) expect: returning True [2003/12/30 15:43:49, 100] smbd/chgpasswd.c:expect(237) expect: sending [testuser ] [2003/12/30 15:43:49, 3] smbd/chgpasswd.c:chat_with_program(438) Password change successful for user testuser [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 32 -> now CHANGED [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 31 -> now CHANGED [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 10 -> now CHANGED [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 20 -> now CHANGED [2003/12/30 15:43:49, 10] lib/account_pol.c:account_policy_get(134) account_policy_get: maximum password age:-1 [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 9 -> now CHANGED [2003/12/30 15:43:49, 10] lib/account_pol.c:account_policy_get(134) account_policy_get: minimum password age:0 [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) element 8 -> now CHANGED [2003/12/30 15:43:49, 4] passdb/pdb_ldap.c:ldapsam_update_sam_account(1370) ldapsam_update_sam_account: user testuser to be modified has dn: uid=testuser, ou=People,dc=phonambule-tv,dc=com [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) element 11: SET [2003/12/30 15:43:49, 2] passdb/pdb_ldap.c:init_ldap_from_sam(769) init_ldap_from_sam: Setting entry for user: testuser [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) element 17: SET [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) element 18: SET [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) element 12: SET [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) element 22: DEFAULT [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) element 23: DEFAULT [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) element 25: DEFAULT [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) element 1: DEFAULT [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) element 3: DEFAULT [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) element 4: DEFAULT [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) element 2: DEFAULT [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) element 5: DEFAULT [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) element 6: DEFAULT [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) element 7: DEFAULT [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) element 8: SET [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194) element 8: CHANGED [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) element 9: SET [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194) element 9: CHANGED [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) element 31: SET [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194) element 31: CHANGED [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) element 32: SET [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194) element 32: CHANGED [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) element 20: SET [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194) element 20: CHANGED [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) element 19: SET [2003/12/30 15:43:49, 11] lib/smbldap.c:smbldap_open(822) smbldap_open: already connected to the LDAP server [2003/12/30 15:43:49, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1203) ldapsam_modify_entry: Failed to modify user dn= uid=testuser,ou=People,dc=phon ambule-tv,dc=com with: Type or value exists modify/add: sambaPwdCanChange: value #0 already exists [2003/12/30 15:43:49, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1397) ldapsam_update_sam_account: failed to modify user with uid = testuser, error: modify/add: sambaPwdCanChange: value #0 already exists (Success) [2003/12/30 15:43:49, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (1001, 547) - sec_ctx_stack_ndx = 1 [2003/12/30 15:43:49, 5] rpc_parse/parse_samr.c:init_samr_r_chgpasswd_user(7120) init_r_chgpasswd_user [2003/12/30 15:43:49, 5] rpc_server/srv_samr_nt.c:_samr_chgpasswd_user(1469) _samr_chgpasswd_user: 1469 [2003/12/30 15:43:49, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_chgpasswd_user [2003/12/30 15:43:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0000 status: NT_STATUS_ACCESS_DENIED --- END LOG --- Can someone explain me why I got an error with the field sambaPwdCanChange in LDAP, when I look it after the command, this field is changed... Thanks alot! S?bastien.
The passwd program it is is expecting is a program which modifies your UNIX password. Smbpasswd modifies your samba password. Try setting the following: passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* Clint> -----Original Message----- > From: samba-bounces+clint=typhoon.org@lists.samba.org > [mailto:samba-bounces+clint=typhoon.org@lists.samba.org] On > Behalf Of s.jousse@free.fr > Sent: Tuesday, December 30, 2003 9:12 AM > To: samba@lists.samba.org > Subject: [Samba] Changing password from windows > > > Hi all! > I had some problem with LDAP, so I setup a Samba PDC without > LDAP and then I > migrate it to LDAP. > Before that, all worked fine, changing password from Windows > too. But now, a > popup in windows says "username or old password incorrect. > Password is case > sensitive" (it's not the exact sentence for you since I > translated it from my > language) and I got this error in log: > sambaPwdCanChange: value #0 already exists > But the password is REALLY changed and the sync is OK! > --> I got an error message but the command succeeded... > > When I did it in a shell, I got no error... > > Here is smb.conf: > --- BEGIN SMB.CONF --- > [global] > netbios name = PDCLINUX > workgroup = TESTDOMAIN > server string = TestCenter > comment = Controleur de Domaine > time server = yes > > passdb backend = ldapsam:ldap://ldap.mydomain.com > > encrypt passwords = yes > security = user > preferred master = yes > domain master = yes > local master = yes > domain logons = yes > wins support = yes > os level = 80 > hosts allow = 192.168.0. 127. > > # LDAP > ldap admin dn = "cn=Manager,dc=mydomain,dc=com" > ldap ssl = off > ldap delete dn = no > ldap user suffix = ou=People > ldap group suffix = ou=Groups > ldap machine suffix = ou=Computers > ldap suffix = dc=mydomain,dc=com > ldap passwd sync = yes > unix password sync = yes > > log level = 256 > log file = /var/samba/log/%U.log > passwd chat debug = yes > passwd program = /usr/local/samba/bin/smbpasswd %u > passwd chat = *ew*password* %n\n *ew*password* %n\n > > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > > logon path = \\pdc.mydomain.com\profiles\%U > logon drive = H: > logon home = \\pdc.mydomain.com\%U > logon script = %U.bat > > add machine script = /usr/sbin/useradd -d /dev/null -g > machines - s /bin/false -c %U%I %U > > [homes] > comment = Home Directory > guest ok = no > read only = no > create mask = 0664 > directory mask = 0775 > > [netlogon] > comment = Network Logon Service > path = /var/samba/netlogon > read only = yes > guest ok = yes > share modes = no > root preexec = /var/samba/netlogon/login.pl %U %G %L > browseable = no > --- END SMB.CONF --- > > And here the log: > --- BEGIN LOG --- > [2003/12/30 15:43:49, 10] smbd/chgpasswd.c:dochild(217) > Invoking '/usr/local/samba/bin/smbpasswd testuser' as > password change program. [2003/12/30 15:43:49, 10] > lib/util_sock.c:read_socket_with_timeout(263) > read_socket_with_timeout: timeout read. select timed out. > [2003/12/30 15:43:49, 100] smbd/chgpasswd.c:expect(274) > expect: expected [*ew*password*] received [New SMB > password:] match yes [2003/12/30 15:43:49, 10] > smbd/chgpasswd.c:expect(285) > expect: returning True > [2003/12/30 15:43:49, 100] smbd/chgpasswd.c:expect(237) > expect: sending [testuser > ] > [2003/12/30 15:43:49, 10] > lib/util_sock.c:read_socket_with_timeout(263) > read_socket_with_timeout: timeout read. select timed out. > [2003/12/30 15:43:49, 100] smbd/chgpasswd.c:expect(274) > expect: expected [*ew*password*] received [ > Retype new SMB password:] match yes > [2003/12/30 15:43:49, 10] smbd/chgpasswd.c:expect(285) > expect: returning True > [2003/12/30 15:43:49, 100] smbd/chgpasswd.c:expect(237) > expect: sending [testuser > ] > [2003/12/30 15:43:49, 3] smbd/chgpasswd.c:chat_with_program(438) > Password change successful for user testuser > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) > element 32 -> now CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) > element 31 -> now CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) > element 10 -> now CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) > element 20 -> now CHANGED > [2003/12/30 15:43:49, 10] lib/account_pol.c:account_policy_get(134) > account_policy_get: maximum password age:-1 > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) > element 9 -> now CHANGED > [2003/12/30 15:43:49, 10] lib/account_pol.c:account_policy_get(134) > account_policy_get: minimum password age:0 > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) > element 8 -> now CHANGED > [2003/12/30 15:43:49, 4] > passdb/pdb_ldap.c:ldapsam_update_sam_account(1370) > ldapsam_update_sam_account: user testuser to be modified > has dn: uid=testuser, ou=People,dc=phonambule-tv,dc=com > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 11: SET > [2003/12/30 15:43:49, 2] passdb/pdb_ldap.c:init_ldap_from_sam(769) > init_ldap_from_sam: Setting entry for user: testuser > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 17: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 18: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 12: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 22: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 23: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 25: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 1: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 3: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 4: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 2: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 5: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 6: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 7: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 8: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194) > element 8: CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 9: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194) > element 9: CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 31: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194) > element 31: CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 32: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194) > element 32: CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 20: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194) > element 20: CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 19: SET > [2003/12/30 15:43:49, 11] lib/smbldap.c:smbldap_open(822) > smbldap_open: already connected to the LDAP server > [2003/12/30 15:43:49, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1203) > ldapsam_modify_entry: Failed to modify user dn= > uid=testuser,ou=People,dc=phon ambule-tv,dc=com with: Type or > value exists > modify/add: sambaPwdCanChange: value #0 already > exists [2003/12/30 15:43:49, 0] > passdb/pdb_ldap.c:ldapsam_update_sam_account(1397) > ldapsam_update_sam_account: failed to modify user with uid > = testuser, error: > modify/add: sambaPwdCanChange: value #0 already exists > (Success) [2003/12/30 15:43:49, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (1001, 547) - sec_ctx_stack_ndx = 1 > [2003/12/30 15:43:49, 5] > rpc_parse/parse_samr.c:init_samr_r_chgpasswd_user(7120) > init_r_chgpasswd_user > [2003/12/30 15:43:49, 5] > rpc_server/srv_samr_nt.c:_samr_chgpasswd_user(1469) > _samr_chgpasswd_user: 1469 > [2003/12/30 15:43:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_chgpasswd_user > [2003/12/30 15:43:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0000 status: NT_STATUS_ACCESS_DENIED > --- END LOG --- > > Can someone explain me why I got an error with the field > sambaPwdCanChange in > LDAP, when I look it after the command, this field is > changed... Thanks alot! > > S?bastien. > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
yes thanks, it works!!! ----- Original Message ----- From: "Sharp, Clint" <clint.sharp@attws.com> To: <s.jousse@free.fr>; <samba@lists.samba.org> Sent: Tuesday, December 30, 2003 5:06 PM Subject: RE: [Samba] Changing password from windows The passwd program it is is expecting is a program which modifies your UNIX password. Smbpasswd modifies your samba password. Try setting the following: passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* Clint> -----Original Message----- > From: samba-bounces+clint=typhoon.org@lists.samba.org > [mailto:samba-bounces+clint=typhoon.org@lists.samba.org] On > Behalf Of s.jousse@free.fr > Sent: Tuesday, December 30, 2003 9:12 AM > To: samba@lists.samba.org > Subject: [Samba] Changing password from windows > > > Hi all! > I had some problem with LDAP, so I setup a Samba PDC without > LDAP and then I > migrate it to LDAP. > Before that, all worked fine, changing password from Windows > too. But now, a > popup in windows says "username or old password incorrect. > Password is case > sensitive" (it's not the exact sentence for you since I > translated it from my > language) and I got this error in log: > sambaPwdCanChange: value #0 already exists > But the password is REALLY changed and the sync is OK! > --> I got an error message but the command succeeded... > > When I did it in a shell, I got no error... > > Here is smb.conf: > --- BEGIN SMB.CONF --- > [global] > netbios name = PDCLINUX > workgroup = TESTDOMAIN > server string = TestCenter > comment = Controleur de Domaine > time server = yes > > passdb backend = ldapsam:ldap://ldap.mydomain.com > > encrypt passwords = yes > security = user > preferred master = yes > domain master = yes > local master = yes > domain logons = yes > wins support = yes > os level = 80 > hosts allow = 192.168.0. 127. > > # LDAP > ldap admin dn = "cn=Manager,dc=mydomain,dc=com" > ldap ssl = off > ldap delete dn = no > ldap user suffix = ou=People > ldap group suffix = ou=Groups > ldap machine suffix = ou=Computers > ldap suffix = dc=mydomain,dc=com > ldap passwd sync = yes > unix password sync = yes > > log level = 256 > log file = /var/samba/log/%U.log > passwd chat debug = yes > passwd program = /usr/local/samba/bin/smbpasswd %u > passwd chat = *ew*password* %n\n *ew*password* %n\n > > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > > logon path = \\pdc.mydomain.com\profiles\%U > logon drive = H: > logon home = \\pdc.mydomain.com\%U > logon script = %U.bat > > add machine script = /usr/sbin/useradd -d /dev/null -g > machines - s /bin/false -c %U%I %U > > [homes] > comment = Home Directory > guest ok = no > read only = no > create mask = 0664 > directory mask = 0775 > > [netlogon] > comment = Network Logon Service > path = /var/samba/netlogon > read only = yes > guest ok = yes > share modes = no > root preexec = /var/samba/netlogon/login.pl %U %G %L > browseable = no > --- END SMB.CONF --- > > And here the log: > --- BEGIN LOG --- > [2003/12/30 15:43:49, 10] smbd/chgpasswd.c:dochild(217) > Invoking '/usr/local/samba/bin/smbpasswd testuser' as > password change program. [2003/12/30 15:43:49, 10] > lib/util_sock.c:read_socket_with_timeout(263) > read_socket_with_timeout: timeout read. select timed out. > [2003/12/30 15:43:49, 100] smbd/chgpasswd.c:expect(274) > expect: expected [*ew*password*] received [New SMB > password:] match yes [2003/12/30 15:43:49, 10] > smbd/chgpasswd.c:expect(285) > expect: returning True > [2003/12/30 15:43:49, 100] smbd/chgpasswd.c:expect(237) > expect: sending [testuser > ] > [2003/12/30 15:43:49, 10] > lib/util_sock.c:read_socket_with_timeout(263) > read_socket_with_timeout: timeout read. select timed out. > [2003/12/30 15:43:49, 100] smbd/chgpasswd.c:expect(274) > expect: expected [*ew*password*] received [ > Retype new SMB password:] match yes > [2003/12/30 15:43:49, 10] smbd/chgpasswd.c:expect(285) > expect: returning True > [2003/12/30 15:43:49, 100] smbd/chgpasswd.c:expect(237) > expect: sending [testuser > ] > [2003/12/30 15:43:49, 3] smbd/chgpasswd.c:chat_with_program(438) > Password change successful for user testuser > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) > element 32 -> now CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) > element 31 -> now CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) > element 10 -> now CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) > element 20 -> now CHANGED > [2003/12/30 15:43:49, 10] lib/account_pol.c:account_policy_get(134) > account_policy_get: maximum password age:-1 > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) > element 9 -> now CHANGED > [2003/12/30 15:43:49, 10] lib/account_pol.c:account_policy_get(134) > account_policy_get: minimum password age:0 > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482) > element 8 -> now CHANGED > [2003/12/30 15:43:49, 4] > passdb/pdb_ldap.c:ldapsam_update_sam_account(1370) > ldapsam_update_sam_account: user testuser to be modified > has dn: uid=testuser, ou=People,dc=phonambule-tv,dc=com > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 11: SET > [2003/12/30 15:43:49, 2] passdb/pdb_ldap.c:init_ldap_from_sam(769) > init_ldap_from_sam: Setting entry for user: testuser > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 17: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 18: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 12: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 22: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 23: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 25: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 1: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 3: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 4: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 2: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 5: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 6: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199) > element 7: DEFAULT > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 8: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194) > element 8: CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 9: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194) > element 9: CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 31: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194) > element 31: CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 32: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194) > element 32: CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 20: SET > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194) > element 20: CHANGED > [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189) > element 19: SET > [2003/12/30 15:43:49, 11] lib/smbldap.c:smbldap_open(822) > smbldap_open: already connected to the LDAP server > [2003/12/30 15:43:49, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1203) > ldapsam_modify_entry: Failed to modify user dn> uid=testuser,ou=People,dc=phon ambule-tv,dc=com with: Type or > value exists > modify/add: sambaPwdCanChange: value #0 already > exists [2003/12/30 15:43:49, 0] > passdb/pdb_ldap.c:ldapsam_update_sam_account(1397) > ldapsam_update_sam_account: failed to modify user with uid > = testuser, error: > modify/add: sambaPwdCanChange: value #0 already exists > (Success) [2003/12/30 15:43:49, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (1001, 547) - sec_ctx_stack_ndx = 1 > [2003/12/30 15:43:49, 5] > rpc_parse/parse_samr.c:init_samr_r_chgpasswd_user(7120) > init_r_chgpasswd_user > [2003/12/30 15:43:49, 5] > rpc_server/srv_samr_nt.c:_samr_chgpasswd_user(1469) > _samr_chgpasswd_user: 1469 > [2003/12/30 15:43:49, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_chgpasswd_user > [2003/12/30 15:43:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0000 status: NT_STATUS_ACCESS_DENIED > --- END LOG --- > > Can someone explain me why I got an error with the field > sambaPwdCanChange in > LDAP, when I look it after the command, this field is > changed... Thanks alot! > > S?bastien. > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
Hi, I am also getting same kind of error message with samab 2.2.8a LDAP PDC. Here my smb.conf file. [global] coding system client code page = 850 code page directory = /usr/share/samba/codepages netbios aliases netbios scope server string = Percipia PDC Server interfaces bind interfaces only = No security = USER encrypt passwords = Yes update encrypted = No allow trusted domains = Yes hosts equiv min passwd length = 5 map to guest = Never null passwords = No obey pam restrictions = Yes password server smb passwd file = /etc/samba/smbpasswd root directory pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n*passwd:*all*authentication*tokens*updated*successfully* passwd chat debug = Yes username map password level = 0 username level = 0 unix password sync = Yes restrict anonymous = No lanman auth = Yes use rhosts = No admin log = No log level = 103 syslog = 1 syslog only = No log file = /var/log/samba/%m.log max log size = 50 timestamp logs = Yes debug hires timestamp = No debug pid = No debug uid = No protocol = NT1 large readwrite = Yes max protocol = NT1 min protocol = CORE read bmpx = No read raw = Yes write raw = Yes acl compatibility nt smb support = Yes nt pipe support = Yes nt status support = Yes announce version = 4.9 announce as = NT max mux = 50 max xmit = 16644 name resolve order = lmhosts host wins bcast max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No unix extensions = No change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 10 max smbd processes = 0 max disk size = 0 max open files = 10000 name cache timeout = 660 read size = 16384 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 stat cache size = 50 use mmap = Yes total print jobs = 0 load printers = Yes printcap name = /etc/printcap disable spoolss = No enumports command addprinter command deleteprinter command show add printer wizard = Yes os2 driver map strip dot = No mangling method = hash character set = ISO8859-1 mangled stack = 50 stat cache = Yes domain admin group domain guest group machine password timeout = 604800 add user script = /usr/local/sbin/smbldap-useradd.pl -m -d /dev/null -g "Domain Computers" -s /bin/false delete user script logon script logon path = \\%N\%U\profile logon drive = H: logon home = \\%N\%U domain logons = Yes os level = 64 lm announce = Auto lm interval = 60 preferred master = Yes local master = Yes domain master = Yes browse list = Yes enhanced browsing = Yes dns proxy = Yes wins proxy = No wins server wins support = Yes wins hook kernel oplocks = Yes lock spin count = 3 lock spin time = 10 oplock break wait time = 0 ldap server = 127.0.0.1 ldap port = 389 ldap suffix = "dc=sfgroup,dc=com" ldap filter = "(&(uid=%u)(objectclass=sambaAccount))" ldap admin dn = "cn=Manager,dc=sfgroup,dc=com" ldap ssl = no add share command change share command delete share command config file preload lock dir = /var/cache/samba pid directory = /var/run utmp directory wtmp directory utmp = No default service message command dfree command valid chars remote announce remote browse sync socket address = 0.0.0.0 homedir map = auto.home time offset = 0 NIS homedir = No source environment panic action hide local users = No host msdfs = No winbind uid winbind gid template homedir = /home/%D/%U template shell = /bin/false winbind separator = \ winbind cache time = 15 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = No comment path alternate permissions = No username guest account = nobody invalid users valid users admin users read list write list printer admin force user force group read only = Yes create mask = 0744 force create mode = 00 security mask = 0777 force security mode = 00 directory mask = 0755 force directory mode = 00 directory security mask = 0777 force directory security mode = 00 force unknown acl user = 00 inherit permissions = No inherit acls = No guest only = No guest ok = No only user = No hosts allow hosts deny status = Yes nt acl support = Yes profile acls = No block size = 1024 max connections = 0 min print space = 0 strict allocate = No strict sync = No sync always = No write cache size = 0 max print jobs = 1000 printable = No postscript = No printing = cups print command = lpr -r -P%p %s lpq command = lpq -P%p lprm command = lprm -P%p %j lppause command lpresume command queuepause command queueresume command printer name use client driver = No default devmode = No printer driver printer driver file = /etc/samba/printers.def printer driver location default case = lower case sensitive = No preserve case = Yes short preserve case = Yes mangle case = No mangling char = ~ hide dot files = Yes hide unreadable = No delete veto files = No veto files hide files veto oplock files map system = No map hidden = No map archive = Yes mangled names = Yes mangled map browseable = Yes blocking locks = Yes csc policy = manual fake oplocks = No locking = Yes oplocks = Yes level2 oplocks = Yes oplock contention limit = 2 posix locking = Yes strict locking = No share modes = Yes copy include exec preexec close = No postexec root preexec root preexec close = No root postexec available = Yes volume fstype = NTFS set directory = No wide links = Yes follow symlinks = Yes dont descend magic script magic output delete readonly = No dos filemode = No dos filetimes = No dos filetime resolution = No fake directory create times = No vfs object vfs options msdfs root = No [homes] comment = Home Directories valid users = %S read only = No create mask = 0664 directory mask = 0775 browseable = No Here my password char log message:- smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: trying to match || to |Enter login(LDAP) password:| smb_pam_passchange_conv: Could not find reply for PAM prompt: Enter login(LDAP) password: PAM: unable to obtain the new authentication token - is password to weak? smb_pam_error_handler: PAM: Password Change Failed : Authentication token manipulation error smb_pam_passchange: PAM: Password Change Failed for user sundaram! smb_pam_end: PAM: PAM_END OK. pop_sec_ctx (1023, 100) - sec_ctx_stack_ndx = 1 init_r_chgpasswd_user _samr_chgpasswd_user: 1270 000000 samr_io_r_chgpasswd_user 0000 status: NT_STATUS_WRONG_PASSWORD created /tmp/out_api_samr_rpc_55.3.prs api_rpcTNP: called api_samr_rpc successfully api_rpcTNP: rpc input buffer underflow (parse error?) 048c : 86 11 19 1b pop_sec_ctx (1023, 100) - sec_ctx_stack_ndx = 0 free_pipe_context: destroying talloc pool of size 36 write_to_pipe: data_used = 1200 read_from_pipe: 732c name: samr len: 1024 read_from_pipe: samr: fault_state = 0 : data_sent_length = 0, prs_offset(&p->out_data.rdata) = 4. 000000 smb_io_rpc_hdr hdr 0000 major : 05 0001 minor : 00 0002 pkt_type : 02 0003 flags : 03 0004 pack_type0: 10 0005 pack_type1: 00 0006 pack_type2: 00 0007 pack_type3: 00 0008 frag_len : 0034 000a auth_len : 0010 000c call_id : 00000002 000010 smb_io_rpc_hdr_resp resp 0010 alloc_hint: 00000004 0014 context_id: 0000 0016 cancel_ct : 00 0017 reserved : 00 create_next_pdu: sign: Yes seal: Yes data 4 auth 16 crc32_calc_buffer: eebb0acb [000] 6A 00 00 C0 j... 00001c smb_io_rpc_hdr_auth hdr_auth 001c auth_type : 0a 001d auth_level : 06 001e stub_type_len: 08 001f padding : 00 0020 unknown : 00000001 000024 smb_io_rpc_auth_ntlmssp_chk auth_sign 0024 ver : 00000001 0028 reserved: 00000000 002c crc32 : eebb0acb 0030 seq_num : 00000003 copy_trans_params_and_data: params[0..0] data[0..52] size=108 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=236 smb_uid=100 smb_mid=48128 smt_wct=10 smb_vwv[0]=0 (0x0) smb_vwv[1]=52 (0x34) smb_vwv[2]=0 (0x0) smb_vwv[3]=0 (0x0) smb_vwv[4]=56 (0x38) smb_vwv[5]=0 (0x0) smb_vwv[6]=52 (0x34) smb_vwv[7]=56 (0x38) smb_vwv[8]=0 (0x0) smb_vwv[9]=0 (0x0) smb_bcc=53 [000] 00 05 00 02 03 10 00 00 00 34 00 10 00 02 00 00 ........ .4...... [010] 00 04 00 00 00 00 00 00 00 75 D9 E6 97 0A 06 08 ........ .u...... [020] 00 01 00 00 00 01 00 00 00 9E 6F 43 67 0E 07 83 ........ ..oCg... [030] 4C 75 EA 08 B8 Lu... write_socket(12,112) write_socket(12,112) wrote 112 got smb length of 41 got message type 0x0 of len 0x29 Transaction 8 of length 45 size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=18439 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=48192 smt_wct=3 smb_vwv[0]=29484 (0x732C) smb_vwv[1]=65535 (0xFFFF) smb_vwv[2]=65535 (0xFFFF) smb_bcc=0 switch message SMBclose (pid 30566) change_to_user: Skipping user change - already user search for pipe pnum=732c pipe name samr pnum=732c (pipes_open=1) reply_pipe_close: pnum:732c close_policy_by_pipe: deleted handle list for pipe samr closed pipe name samr pnum=732c (pipes_open=0) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=48192 smt_wct=0 smb_bcc=0 write_socket(12,39) write_socket(12,39) wrote 39 got smb length of 35 got message type 0x0 of len 0x23 Transaction 9 of length 39 size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=18439 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=48256 smt_wct=0 smb_bcc=0 switch message SMBtdis (pid 30566) created /tmp/SMBtdis.13.req len 39 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 change_to_root_user: now uid=(0,0) gid=(0,0) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 change_to_root_user: now uid=(0,0) gid=(0,0) rsundaram (192.168.1.140) closed connection to service IPC$ Yielding connection to IPC$ setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 change_to_root_user: now uid=(0,0) gid=(0,0) vfs_ChDir to / created /tmp/SMBtdis.13.resp len 39 size=35 smb_com=0x71 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=48256 smt_wct=0 smb_bcc=0 write_socket(12,39) write_socket(12,39) wrote 39 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 change_to_root_user: now uid=(0,0) gid=(0,0) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 change_to_root_user: now uid=(0,0) gid=(0,0) Closing idle connection setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 change_to_root_user: now uid=(0,0) gid=(0,0) Closing connections tdb_unpack(fffdd, 37) -> 37 smb_pam_start: PAM: Init user: sundaram smb_pam_start: PAM: setting rhost to: 192.168.1.140 smb_pam_start: PAM: setting tty smb_pam_start: PAM: Init passed for user: sundaram smb_internal_pam_session: PAM: tty set to: smb/2 smb_pam_end: PAM: PAM_END OK. Yielding connection to receive_local_message: doing select with timeout of 1 ms Server exit (normal exit)
Seemingly Similar Threads
- samba3.0+pdc+ldap adding machines to domain
- Samba 3 PDC with LDAP - Error when changing userpasswordfrom windows
- samba pdc issue
- ldapsync, Samba LDAP bug?: win clients return error when change passwd in samba3 PDC
- Debian Lenny - Samba 3.2.5 + OpenLDAP (slapd) 2.4.11