I've got a very simple setup with Samba 3.0.24 running on Fedora Core 6,
talking to Fedora Directory Server 1.0.4. I've got everything set up so
that I can add computers to the domain, add users using the smbldap-
tools, and have users logging in. When a user tries to change their
password from within Windows (ctrl-alt-del) they get the error
"the user name or old password is incorrect. letters in passwords must
be typed using the correct case."
The strange thing is that the samba passwords (sambalmpassword,
sambantpassword) are changed in the LDAP server, but the general account
password (userpassword) is not changed. I looked everywhere I could, and
couldn't find anything to cause this. I can set passwords just fine using
smbldap-passwd and it will set all passwords.
Here is a copy of my smb.conf:
[global]
workgroup = MAIL
netbios name = YOURMOM
security = user
passdb backend = ldapsam:ldap://mail.yourmom.net
ldap admin dn = cn=Directory Manager
ldap suffix = dc=yourmom,dc=net
ldap user suffix = ou=People
ldap idmap suffix = ou=People
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups
ldap passwd sync = yes
ldap delete dn = no
obey pam restrictions = no
encrypt passwords = yes
passwd program = /usr/sbin/smbldap-passwd %u
add machine script = /usr/sbin/smbldap-useradd -w "%u"
log file = /var/log/samba/log.%m
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
os level = 255
domain logons = yes
domain master = yes
local master = yes
preferred master = yes
wins support = yes
template shell = /bin/false
winbind use default domain = no
logon path logon home
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
read only = yes
browseable = no
[homes]
comment = Home Directories
browseable = no
read only = no
guest ok = no
create mode = 0664
directory mode = 0775
Thanks,
Andy Colvin