After a long battle with the having the password hash types that samba
sets in LDAP being incompatibile with anything else that I wanted to do
I finally have the idealx tools set to give me crypt passwords. Now
however I'm running into the familiar "You don't have permission to
change your password" problem, but the passwords are actually set
correctly. My test machine is running XP SP2. Server is 3.0.8. If
there were changes to this in 3.0.9, feel free to tell me to STFU.
I have set the password program to be the idealx script, unix sync = yes
and ldap sync = no, with the following chat:
passwd chat = *New*password* %n\n *Retype*new*password* %n\n.*
Watching the log, it all seems to work properly, but then the text below
is put into the log. It's complainging about not seeing an attribute
that does exist on my user account, and then besides that, the
MustChange time that it complains doesn't exist is set to 45 days in the
future. Not sure where that value is coming from at all since my
machine parameter is 42 days.
I have to believe that this log has something to do with the error
message being returned since this is the only NT_ access code that is
returned during the whole operation. Does anyone know what I could look
at to get the permission denied error message to go away?
[2004/12/01 11:44:33, 11] passdb/pdb_get_set.c:pdb_get_init_flags(220)
element 29: DEFAULT
[2004/12/01 11:44:33, 5] lib/smbldap.c:smbldap_modify(1064)
smbldap_modify: dn => [uid=pgienger,ou=People,dc=ae-solutions,dc=com]
[2004/12/01 11:44:33, 11] lib/smbldap.c:smbldap_open(894)
smbldap_open: already connected to the LDAP server
[2004/12/01 11:44:34, 5] lib/smbldap.c:rebindproc_connect_with_state(753)
rebindproc_connect_with_state: Rebinding as
"cn=Manager,dc=ae-solutions,dc=com"
[2004/12/01 11:44:34, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1516)
ldapsam_modify_entry: Failed to modify user dn=
uid=pgienger,ou=People,dc=ae-solutions,dc=com with: No such attribute
modify/delete: sambaPwdMustChange: no such value
[2004/12/01 11:44:34, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1731)
ldapsam_update_sam_account: failed to modify user with uid = pgienger,
error: modify/delete: sambaPwdMustChange: no such value (Success)
[2004/12/01 11:44:34, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (60001, 60001) - sec_ctx_stack_ndx = 1
[2004/12/01 11:44:34, 5]
rpc_parse/parse_samr.c:init_samr_r_chgpasswd_user(7156)
init_r_chgpasswd_user
[2004/12/01 11:44:34, 5] rpc_server/srv_samr_nt.c:_samr_chgpasswd_user(1495)
_samr_chgpasswd_user: 1495
[2004/12/01 11:44:34, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 samr_io_r_chgpasswd_user
[2004/12/01 11:44:34, 5] rpc_parse/parse_prs.c:prs_ntstatus(665)
0000 status: NT_STATUS_ACCESS_DENIED
[2004/12/01 11:44:34, 0] rpc_parse/parse_prs.c:prs_dump_region(68)
created /tmp/out_samr_55.16.prs
[2004/12/01 11:44:34, 5] rpc_server/srv_pipe.c:api_rpcTNP(1581)
api_rpcTNP: called samr successfully
[2004/12/01 11:44:34, 10] rpc_server/srv_pipe.c:api_rpcTNP(1592)
api_rpcTNP: rpc input buffer underflow (parse error?)
[2004/12/01 11:44:34, 5] rpc_parse/parse_prs.c:prs_uint8s(722)
048c : 00 00 00 00
[2004/12/01 11:44:34, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (60001, 60001) - sec_ctx_stack_ndx = 0
[2004/12/01 11:44:34, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544)
free_pipe_context: destroying talloc pool of size 36
[2004/12/01 11:44:34, 10]
rpc_server/srv_pipe_hnd.c:write_to_internal_pipe(880)
write_to_pipe: data_used = 1200
[2004/12/01 11:44:34, 6] rpc_server/srv_pipe_hnd.c:read_from_pipe(911)
read_from_pipe: 767c name: samr len: 1024
[2004/12/01 11:44:34, 10]
rpc_server/srv_pipe_hnd.c:read_from_internal_pipe(984)
read_from_pipe: samr: fault_state = 0 : data_sent_length = 0,
prs_offset(&p->out_data.rdata) = 4.
[2004/12/01 11:44:34, 10] rpc_server/srv_pipe.c:create_next_pdu(164)
create_next_pdu: adding sign/seal padding of 4
[2004/12/01 11:44:34, 5] rpc_parse/parse_prs.c:prs_debug(82)
--
--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc.
Systems Architect Fax: 701-281-1322
URL: www.ae-solutions.com mailto: pgienger@ae-solutions.com
