Toby Schaefer
2003-Dec-18 17:58 UTC
[Samba] Samba 3 PDC with LDAP - Error when changing userpasswordfrom windows
-----Original Message-----
From: samba-bounces+toby-list=mail.nixa.k12.mo.us@lists.samba.org
[mailto:samba-bounces+toby-list=mail.nixa.k12.mo.us@lists.samba.org] On
Behalf Of s.jousse@free.fr
Sent: Thursday, December 18, 2003 11:38 AM
To: Craig White
Cc: samba@lists.samba.org
Subject: Re: [Samba] Samba 3 PDC with LDAP - Error when changing
userpasswordfrom windows
here my passwd chat log (sorry, it's long):
---------BEGIN-----------------
[2003/12/18 18:33:31, 3] smbd/chgpasswd.c:chat_with_program(419)
Dochild for user jchomarat3 (uid=0,gid=0) (as_root = Yes)
[2003/12/18 18:33:31, 10] smbd/chgpasswd.c:dochild(217)
Invoking '/usr/local/sbin/smbldap-passwd.pl -o jchomarat3' as password
change
program.
[2003/12/18 18:33:32, 10] lib/util_sock.c:read_socket_with_timeout(263)
read_socket_with_timeout: timeout read. select timed out.
[2003/12/18 18:33:32, 100] smbd/chgpasswd.c:expect(271)
expect: expected [*New*password*] received [Changing password for
jchomarat3
New password : ] match yes
[2003/12/18 18:33:32, 10] smbd/chgpasswd.c:expect(282)
expect: returning True
....
[2003/12/18 18:33:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 19: SET
[2003/12/18 18:33:32, 11] lib/smbldap.c:smbldap_open(820)
smbldap_open: already connected to the LDAP server
[2003/12/18 18:33:32, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1173)
ldapsam_modify_entry: Failed to modify user dnuid=jchomarat3,ou=People,dc=ph
onambule-tv,dc=com with: Type or value exists
modify/add: sambaLMPassword: value #0 already exists
[2003/12/18 18:33:32, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1366)
ldapsam_update_sam_account: failed to modify user with uid = jchomarat3,
error
: modify/add: sambaLMPassword: value #0 already exists (Success)
[2003/12/18 18:33:32, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (1003, 512) - sec_ctx_stack_ndx = 1
[2003/12/18 18:33:32, 5]
rpc_parse/parse_samr.c:init_samr_r_chgpasswd_user(7177)
init_r_chgpasswd_user
[2003/12/18 18:33:32, 5] rpc_server/srv_samr_nt.c:_samr_chgpasswd_user(1553)
_samr_chgpasswd_user: 1553
[2003/12/18 18:33:32, 5] rpc_parse/parse_prs.c:prs_debug(81)
000000 samr_io_r_chgpasswd_user
[2003/12/18 18:33:32, 5] rpc_parse/parse_prs.c:prs_ntstatus(664)
0000 status: NT_STATUS_ACCESS_DENIED
----------END-----------------
>From what it looks like, you are most likely setup correctly... A few
questions:
1. In your smb.conf, is pw change as such:
passwd chat debug = Yes
passwd program =/usr/local/bin/smbldap-passwd.pl -o %u
passwd chat = *new*password* %n\n *new*password:* %n\ *successfully*
(I'm guessing it is due to your logs showing it correctly.)
2. It seems that it's dying trying to open a second connection to your LDAP
server that it isn't closing. Have you the latest smbldap-tools (the ones
that came with Samba3?), and have you modified them at all.
3. You may want to do a test - It seems to not be updating all your tokens
correctly. To test this, make a note of what the sambaLMPassword is, then
try to change the password. See if this value changes. If it doesn't, then
it's going to get rather confusing having multiple hashes!
4. Finally, has the password chat ever worked over there? It's working in
our domain beautifully; however, YMMV. :) If it has never worked correctly,
I'd at this point look to make sure your schema is correct and that somehow
the sambaLMPassword portion didn't get hosed during setup.
Cheers,
Toby Schaefer
Toby Schaefer
2003-Dec-18 17:59 UTC
[Samba] Samba 3 PDC with LDAP - Error when changing userpasswordfrom windows
-----Original Message-----
From: samba-bounces+toby-list=mail.nixa.k12.mo.us@lists.samba.org
[mailto:samba-bounces+toby-list=mail.nixa.k12.mo.us@lists.samba.org] On
Behalf Of s.jousse@free.fr
Sent: Thursday, December 18, 2003 11:38 AM
To: Craig White
Cc: samba@lists.samba.org
Subject: Re: [Samba] Samba 3 PDC with LDAP - Error when changing
userpasswordfrom windows
here my passwd chat log (sorry, it's long):
---------BEGIN-----------------
[2003/12/18 18:33:31, 3] smbd/chgpasswd.c:chat_with_program(419)
Dochild for user jchomarat3 (uid=0,gid=0) (as_root = Yes)
[2003/12/18 18:33:31, 10] smbd/chgpasswd.c:dochild(217)
Invoking '/usr/local/sbin/smbldap-passwd.pl -o jchomarat3' as password
change
program.
[2003/12/18 18:33:32, 10] lib/util_sock.c:read_socket_with_timeout(263)
read_socket_with_timeout: timeout read. select timed out.
[2003/12/18 18:33:32, 100] smbd/chgpasswd.c:expect(271)
expect: expected [*New*password*] received [Changing password for
jchomarat3
New password : ] match yes
[2003/12/18 18:33:32, 10] smbd/chgpasswd.c:expect(282)
expect: returning True
....
[2003/12/18 18:33:32, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 19: SET
[2003/12/18 18:33:32, 11] lib/smbldap.c:smbldap_open(820)
smbldap_open: already connected to the LDAP server
[2003/12/18 18:33:32, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1173)
ldapsam_modify_entry: Failed to modify user dnuid=jchomarat3,ou=People,dc=ph
onambule-tv,dc=com with: Type or value exists
modify/add: sambaLMPassword: value #0 already exists
[2003/12/18 18:33:32, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1366)
ldapsam_update_sam_account: failed to modify user with uid = jchomarat3,
error
: modify/add: sambaLMPassword: value #0 already exists (Success)
[2003/12/18 18:33:32, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (1003, 512) - sec_ctx_stack_ndx = 1
[2003/12/18 18:33:32, 5]
rpc_parse/parse_samr.c:init_samr_r_chgpasswd_user(7177)
init_r_chgpasswd_user
[2003/12/18 18:33:32, 5] rpc_server/srv_samr_nt.c:_samr_chgpasswd_user(1553)
_samr_chgpasswd_user: 1553
[2003/12/18 18:33:32, 5] rpc_parse/parse_prs.c:prs_debug(81)
000000 samr_io_r_chgpasswd_user
[2003/12/18 18:33:32, 5] rpc_parse/parse_prs.c:prs_ntstatus(664)
0000 status: NT_STATUS_ACCESS_DENIED
----------END-----------------
>From what it looks like, you are most likely setup correctly... A few
questions:
1. In your smb.conf, is pw change as such:
passwd chat debug = Yes
passwd program =/usr/local/bin/smbldap-passwd.pl -o %u
passwd chat = *new*password* %n\n *new*password:* %n\ *successfully*
(I'm guessing it is due to your logs showing it correctly.)
2. It seems that it's dying trying to open a second connection to your LDAP
server that it isn't closing. Have you the latest smbldap-tools (the ones
that came with Samba3?), and have you modified them at all.
3. You may want to do a test - It seems to not be updating all your tokens
correctly. To test this, make a note of what the sambaLMPassword is, then
try to change the password. See if this value changes. If it doesn't, then
it's going to get rather confusing having multiple hashes!
4. Finally, has the password chat ever worked over there? It's working in
our domain beautifully; however, YMMV. :) If it has never worked correctly,
I'd at this point look to make sure your schema is correct and that somehow
the sambaLMPassword portion didn't get hosed during setup.
Cheers,
Toby Schaefer