Ok I have searched the archives and have tried several different options but cant seem to get this to work. When users try and change their password from windows they get an error saying they do not have permission to change their password. any help wourld be appreciated. I am running Samba3 with an ldap backend. Here is my smb.conf file: [global] workgroup = HGW netbios name = LUCIFER server string = Lucifer PDC interfaces = eth0, lo security = user bind interfaces only = YES encrypt passwords = yes unix password sync = yes pam password change = yes passwd program = /usr/bin/passwd %u ldap password change = yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* passdb backend = ldapsam:ldap://127.0.0.1 username map = /etc/samba/smbusers log level = 1 syslog = 0 log file = /var/log/samba/%m max log size = 50 smb ports = 139 445 name resolve order = wins bcast hosts time server = yes printcap name = CUPS show add printer wizard = no add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u' delete user script = /var/lib/samba/sbin/smbldap-userdel.pl %u add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g' delete user script = /var/lib/samba/sbin/smbldap-groupdel.pl '%g' add user to group script = /var/lib/samba/sbin/smbldap-groupmod.pl -m '%u' '%g' delete user from group script = /var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g' set primary group script = /var/lib/samba/sbin/smbldap-usermod.pl -g '%g' '%u' add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u' logon home = \\%L\%U logon script = %U.bat logon path = \\%L\profiles\%U logon drive = U: domain logons = Yes preferred master = Yes wins support = Yes ldap suffix = dc=hosgonewhack, dc=com ldap machine suffix = ou=People ldap user suffix = ou=People ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap sample entry from ldap: dn: uid=jwerle, ou=People, dc=hosgonewhack,dc=com sambaPrimaryGroupSID: <EDIT> sambaLMPassword: <EDIT> displayName: System User sambaLogonScript: jwerle.cmd objectClass: top objectClass: inetOrgPerson objectClass: posixAccount objectClass: sambaSamAccount userPassword:: <EDIT> sambaLogonTime: 0 sambaHomeDrive: U: uid: jwerle uidNumber: 1000 cn: jwerle sambaLogoffTime: 2147483647 sambaPwdLastSet: 1090989705 sambaAcctFlags: [U] loginShell: /bin/bash sambaProfilePath: \\LUCIFER\profiles\jwerle gidNumber: 512 sambaPwdMustChange: 1094877705 sambaPwdCanChange: 0 sambaNTPassword: <EDIT> gecos: System User sambaSID: <EDIT> description: System User homeDirectory: /home/jwerle sambaKickoffTime: 0 sn: jwerle sambaHomePath: \\LUCIFER\homes
What version of samba are you running? There was a 'bug' related to changing passwords failing after the clients downloaded a certain update from windowsupdate. I believe the fix was in 3.0.4??? Joseph E. Werle wrote:> Ok I have searched the archives and have tried several different > options but cant seem to get this to work. When users try and change > their password from windows they get an error saying they do not have > permission to change their password. any help wourld be appreciated. > I am running Samba3 with an ldap backend. > > Here is my smb.conf file: [global] > workgroup = HGW > netbios name = LUCIFER > server string = Lucifer PDC > interfaces = eth0, lo > security = user > bind interfaces only = YES > encrypt passwords = yes > unix password sync = yes > pam password change = yes > passwd program = /usr/bin/passwd %u > ldap password change = yes > passwd program = /usr/bin/passwd %u > passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n > *passwd:*all*authentication*tokens*updated*successfully* > passdb backend = ldapsam:ldap://127.0.0.1 > username map = /etc/samba/smbusers > log level = 1 > syslog = 0 > log file = /var/log/samba/%m > max log size = 50 > smb ports = 139 445 > name resolve order = wins bcast hosts > time server = yes > printcap name = CUPS > show add printer wizard = no > add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u' > delete user script = /var/lib/samba/sbin/smbldap-userdel.pl %u > add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g' > delete user script = /var/lib/samba/sbin/smbldap-groupdel.pl '%g' > add user to group script = /var/lib/samba/sbin/smbldap-groupmod.pl -m > '%u' '%g' > delete user from group script = > /var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g' > set primary group script = /var/lib/samba/sbin/smbldap-usermod.pl -g > '%g' '%u' > add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u' > logon home = \\%L\%U > logon script = %U.bat > logon path = \\%L\profiles\%U > logon drive = U: > domain logons = Yes > preferred master = Yes > wins support = Yes > ldap suffix = dc=hosgonewhack, dc=com > ldap machine suffix = ou=People > ldap user suffix = ou=People > ldap group suffix = ou=Groups > ldap idmap suffix = ou=Idmap > > sample entry from ldap: > dn: uid=jwerle, ou=People, dc=hosgonewhack,dc=com > sambaPrimaryGroupSID: <EDIT> > sambaLMPassword: <EDIT> > displayName: System User > sambaLogonScript: jwerle.cmd > objectClass: top > objectClass: inetOrgPerson > objectClass: posixAccount > objectClass: sambaSamAccount > userPassword:: <EDIT> > sambaLogonTime: 0 > sambaHomeDrive: U: > uid: jwerle > uidNumber: 1000 > cn: jwerle > sambaLogoffTime: 2147483647 > sambaPwdLastSet: 1090989705 > sambaAcctFlags: [U] > loginShell: /bin/bash > sambaProfilePath: \\LUCIFER\profiles\jwerle > gidNumber: 512 > sambaPwdMustChange: 1094877705 > sambaPwdCanChange: 0 > sambaNTPassword: <EDIT> > gecos: System User > sambaSID: <EDIT> > description: System User > homeDirectory: /home/jwerle > sambaKickoffTime: 0 > sn: jwerle > sambaHomePath: \\LUCIFER\homes > > >-- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.com mailto: pgienger@ae-solutions.com