samba - Feb 2010 - "You do not have permission to change" password issue with XP clients

Greetings all

I'm running Samba 3.0 on an Ubuntu box as a PDC and I'm having trouble
changing
passwords with XP clients - here's my smb.conf http://pastebin.com/m1bb6d4a6

I've played with a variety of "passwd chat" settings but no joy. I
am trying to
use pam_cracklib.so - here's my /etc/pam.d/common-password file: 
http://pastebin.com/m1a1d5f89

I've tried the suggestions in this thread, but no luck: 
http://www.mail-archive.com/samba at lists.samba.org/msg104476.html

Any hints? I'd be very grateful for any suggestions anyone has the time to 
offer!

-- 
********************************************************************
Brett Charbeneau, GSEC Gold, GCIH Gold
Network Administrator
Williamsburg Regional Library
7770 Croaker Road
Williamsburg, VA 23188-7064
(757)259-4044          www.wrl.org
(757)259-4079 (fax)    brett at wrl.org
********************************************************************

On 02/02/10 18:07, Brett Charbeneau wrote:
> Greetings all
>
> I'm running Samba 3.0 on an Ubuntu box as a PDC and I'm having
trouble
> changing passwords with XP clients - here's my smb.conf 
> http://pastebin.com/m1bb6d4a6
>
> I've played with a variety of "passwd chat" settings but no
joy. I am
> trying to use pam_cracklib.so - here's my /etc/pam.d/common-password 
> file: http://pastebin.com/m1a1d5f89
>
> I've tried the suggestions in this thread, but no luck: 
> http://www.mail-archive.com/samba at lists.samba.org/msg104476.html
>
> Any hints? I'd be very grateful for any suggestions anyone has the 
> time to offer!
>

Are you using an LDAP backend?

I am not sure the samba password chat chat scripts can pass the "old" 
password back to unix.    My experience with ldap (Sun LDAP server not 
OpenLDAP)  is that that password change either requires the user's old 
password or the LDAP admin pw.  The local "root" account does not have
privledges to change ldap passwords.  (Local or NIS password's weren't a
problem.)