Stephane ARMANET
2007-Mar-29 15:57 UTC
[Fedora-directory-users] samba CTRL ALT DEL password sync problem
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#ffffff" text="#000000"> <br> Hello List<br> <br> I try to configure samba workig with FDS.<br> <br> <br> It''s look OK I can connect but when user try to change his password using CTRL + ALT + DEL from<br> windows, after typing the passwords it returns:<br> "current password or user''s name is incorrect...." The samba-pasword is change but not the userPassword attribute<br> <br> <br> The logs of samba tells:<br> <br> <i>[2007/03/19 12:28:51, 0] passdb/pdb_ldap.c:ldapsam_modify_entry(1574)<br> ldapsam_modify_entry: LDAP Password could not be changed for user user1: Confidentiality required<br> Operation requires a secure connection.<br> <br> [2007/03/19 12:28:51, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1720)<br> ldapsam_update_sam_account: failed to modify user with uid = user1, error: Operation requires a secure connection.<br> (Success)<br> [2007/03/19 12:28:51, 0] libsmb/smbencrypt.c:decode_pw_buffer(539)<br> decode_pw_buffer: incorrect password length (-1886846999).<br> [2007/03/19 12:28:51, 0] libsmb/smbencrypt.c:decode_pw_buffer(540)<br> decode_pw_buffer: check that ''encrypt passwords = yes''</i><br> <br> <br> My smb.conf:<br> <i>[global]<br> <br> <br> workgroup = TEST2DOM<br> netbios name = SERVADM<br> os level = 65<br> domain logons = yes<br> domain master = yes<br> local master = yes<br> security = user<br> encrypt passwords = true<br> pam password change = no<br> <br> ####### CONFIG LDAP ################<br> <br> add machine script = /usr/sbin/smbldap-useradd -w -d /dev/null -g 515 -c ''Machine Account'' -s /bin/false %u<br> add user script = /usr/sbin/smbldap-useradd -a -m ''%u''<br> delete user script = /usr/sbin/smbldap-userdel -r ''%u''<br> add group script = /usr/sbin/smbldap-groupadd ''%g''<br> delete group script = /usr/sbin/smbldap-groupdel ''%g''<br> add user to group script = /usr/sbin/smbldap-groupmod -m ''%u'' ''%g''<br> delete user from group script = /usr/sbin/smbldap-groupmod -x ''%u'' ''%g''<br> set primary group script = /usr/sbin/smbldap-usermod -g ''%g'' ''%u''<br> <br> # Connexion LDAP<br> passdb backend = ldapsam:ldap://ds.ch-st-julien.intra<br> ldap admin dn = uid=admin,dc=ch-st-julien,dc=fr<br> ldap suffix = dc=ch-st-julien,dc=fr<br> ldap user suffix = ou=People<br> ldap group suffix = ou=Groups<br> ldap machine suffix = ou=Computers<br> <br> passwd chat debug = Yes<br> <br> ldap passwd sync = yes<br> <br> unix password sync = no<br> passwd program = /usr/bin/smbldap-passwd -u %U<br> passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\spassword:* %n\n .<br> <br> <br> ###### Gestion des ACL #######<br> nt acl support = yes<br> <br> # gestion heritage<br> inherit acls = yes<br> <br> </i><br> <br> Is anyone has ever meet this problem ???<br> <br> Thank''s <pre class="moz-signature" cols="72">-- ARMANET Stephane </pre> </body> </html>
Roger Spencer
2007-Mar-29 17:20 UTC
Re: [Fedora-directory-users] samba CTRL ALT DEL password sync problem
Trying changing: ldap passwd sync = no unix password sync = Yes Works for me. ----- Original Message ----- From: "Stephane ARMANET" <stephane.armanet@ch-st-julien.fr> To: Fedora-directory-users@redhat.com Sent: Thursday, March 29, 2007 11:57:22 AM (GMT-0500) America/New_York Subject: [Fedora-directory-users] samba CTRL ALT DEL password sync problem Hello List I try to configure samba workig with FDS. It''s look OK I can connect but when user try to change his password using CTRL + ALT + DEL from windows, after typing the passwords it returns: "current password or user''s name is incorrect...." The samba-pasword is change but not the userPassword attribute The logs of samba tells: [2007/03/19 12:28:51, 0] passdb/pdb_ldap.c:ldapsam_modify_entry(1574) ldapsam_modify_entry: LDAP Password could not be changed for user user1: Confidentiality required Operation requires a secure connection. [2007/03/19 12:28:51, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1720) ldapsam_update_sam_account: failed to modify user with uid = user1, error: Operation requires a secure connection. (Success) [2007/03/19 12:28:51, 0] libsmb/smbencrypt.c:decode_pw_buffer(539) decode_pw_buffer: incorrect password length (-1886846999). [2007/03/19 12:28:51, 0] libsmb/smbencrypt.c:decode_pw_buffer(540) decode_pw_buffer: check that ''encrypt passwords = yes'' My smb.conf: [global] workgroup = TEST2DOM netbios name = SERVADM os level = 65 domain logons = yes domain master = yes local master = yes security = user encrypt passwords = true pam password change = no ####### CONFIG LDAP ################ add machine script = /usr/sbin/smbldap-useradd -w -d /dev/null -g 515 -c ''Machine Account'' -s /bin/false %u add user script = /usr/sbin/smbldap-useradd -a -m ''%u'' delete user script = /usr/sbin/smbldap-userdel -r ''%u'' add group script = /usr/sbin/smbldap-groupadd ''%g'' delete group script = /usr/sbin/smbldap-groupdel ''%g'' add user to group script = /usr/sbin/smbldap-groupmod -m ''%u'' ''%g'' delete user from group script = /usr/sbin/smbldap-groupmod -x ''%u'' ''%g'' set primary group script = /usr/sbin/smbldap-usermod -g ''%g'' ''%u'' # Connexion LDAP passdb backend = ldapsam:ldap://ds.ch-st-julien.intra ldap admin dn = uid=admin,dc=ch-st-julien,dc=fr ldap suffix = dc=ch-st-julien,dc=fr ldap user suffix = ou=People ldap group suffix = ou=Groups ldap machine suffix = ou=Computers passwd chat debug = Yes ldap passwd sync = yes unix password sync = no passwd program = /usr/bin/smbldap-passwd -u %U passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\spassword:* %n\n . ###### Gestion des ACL ####### nt acl support = yes # gestion heritage inherit acls = yes Is anyone has ever meet this problem ??? Thank''s -- ARMANET Stephane