Hi everybody,
I'm an italian system administration (newbie about Samba).
I have installed on Mandrake 9.1 the rpm samba3-*-3.0.2a downloaded from
a Samba.org's mirror.
I have configured a PDC based on ldapsam (OpenLDAP 2.1.29) that works
fine, i use smbldap tools to manage sincronization account.
Now the problem, when I try from my W2000 Workstation to change my
domain password I reach a error message:
UserName or Old password are wrong....Obviously these are right, not wrong.
On the same machine I had installed Samba 2.2.8a and password change worked.
Analizing samba log this is the message that I found:
[2004/04/15 12:07:29, 0] smbd/chgpasswd.c:check_oem_password(832)
check_oem_password: incorrect password length (1211185023).
My old password is of 7 chars, the new of 8 chars but I have the same
problems with password of other lengths, less and more.
If I try to change the password with:
smbpasswd -U <username> -r <PDC> i get this message on video
machine <PDC> rejected the password change: Error was : RAP86: The
specified pas
sword is invalid.
Failed to modify password entry for user <username>
This is the section of Samba's log about this operation
[2004/04/15 12:40:00, 2] passdb/pdb_ldap.c:init_ldap_from_sam(769)
init_ldap_from_sam: Setting entry for user: <username>
[2004/04/15 12:40:00, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1217)
ldapsam_modify_entry: Failed to modify user dn=
uid=<username>,ou=Users,dc=usl11,d
c=net with: No such attribute
modify/delete: sambaPwdMustChange: no such value
[2004/04/15 12:40:00, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1417)
ldapsam_update_sam_account: failed to modify user with uid =
<username>, error: mo
dify/delete: sambaPwdMustChange: no such value (Success)
[2004/04/15 12:40:00, 2] smbd/server.c:exit_server(558)
Closing connections
Obviously the sambaPwdMustChange attribute is one of the entry, it's
value has no sense for me but it's present.
If I try to change the password from root with
smbpasswd -L <username> works
If I try to change the password from <username> with
smbpasswd -D 10 -L i get on video these messages:
Netbios name list:-
my_netbios_names[0]="ICARO"
tdb(unnamed): tdb_open_ex: could not open file /etc/samba3/secrets.tdb:
Permissi
on denied
Failed to open /etc/samba3/secrets.tdb
New SMB password:
Retype new SMB password:
Trying to load: ldapsam:ldap://127.0.0.1
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match ldapsam:ldap://127.0.0.1
(ldapsam)
Found pdb backend ldapsam
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=USL11-NT))]
smbldap_search: base => [dc=usl11,dc=net], filter =>
[(&(objectClass=sambaDomain
)(sambaDomainName=USL11-NT))], scope => [2]
smbldap_open: cannot access LDAP when not root..
Connection to LDAP Server failed for the 1 try!
smbldap_search_suffix: Problem during the LDAP search: (unknown)
(Insufficient a
ccess)
Problem during LDAPsearch: Insufficient access
Query was: dc=usl11,dc=net,
(&(objectClass=sambaDomain)(sambaDomainName=USL11-NT
))
pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the
domain
pdb_init_ldapsam: Continuing on regardless, will be unable to allocate
new users
/groups, and will risk BDCs having inconsistant SIDs
tdb(unnamed): tdb_open_ex: could not open file /etc/samba3/secrets.tdb:
Permissi
on denied
Failed to open /etc/samba3/secrets.tdb
tdb(unnamed): tdb_open_ex: could not open file /etc/samba3/secrets.tdb:
Permissi
on denied
Failed to open /etc/samba3/secrets.tdb
tdb(unnamed): tdb_open_ex: could not open file /etc/samba3/secrets.tdb:
Permissi
on denied
Failed to open /etc/samba3/secrets.tdb
pdb_generate_sam_sid: Failed to store generated machine SID.
PANIC: Could not generate a machine SID
BACKTRACE: 1 stack frames:
#0 smbpasswd3(smb_panic+0x11b) [0x80c96ab]
Aborted
This is a section of my smb.conf :
workgroup = USL11-NT
netbios name = Icaro
server string = Samba Server %v
log file = /var/log/samba3/log.%m
max log size = 50
log level = 2
map to guest = bad user
security = user
encrypt passwords = yes
unix password sync = Yes
passwd program = /usr/bin/smbldap-passwd3 -o %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*all*authentication*tokens*updated*successfully*
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
os level = 65
domain master = yes
preferred master = yes
domain logons = yes
add user script = /usr/bin/smbldap-useradd3 -m "%u"
delete user script = /usr/bin/smbldap-serdel3 "%u"
add group script = /usr/bin/smbldap-groupadd3 -p "%g"
delete group script = /usr/bin/smbldap-groupdel3 "%g"
add machine script = /usr/bin/smbldap-useradd3 -w "%u"
passdb backend = ldapsam:ldap://127.0.0.1
ldap admin dn = "cn=Manager,dc=usl11,dc=net"
; ldap ssl = start_tls
ldap ssl = off
ldap suffix = dc=usl11,dc=net
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computer
Please, help me...
Thanks in advance for your help
Roberto Morelli
Azienda U.S.L. 11 Empoli
------------------------------------------------------------------------
-- To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
