samba - Oct 2004 - You have no permission to change your password

Error when you try to change your password
from Windows XP, SP1, latest patches
(ctrl-Alt-Del)

Server configuration
Fedora Core 1
samba-3.0.7-2FC1


Samba is configured as PDC with roaming profiles.

I've just noticed testparm gives the following error
ERROR: the 'passwd chat' script [*old password* %o\n *new password* %n\n
*new password* %n\n *changed*] expects to use the old plaintext password via the
%o substitution. With encrypted passwords this is not possible.

        workgroup = EWS-NET
        netbios name = EWS-SRV1
        server string = EWS Network
        obey pam restrictions = Yes
        pam password change = Yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *old password* %o\n *new password* %n\n *new password*
%n\n *changed*
        passwd chat debug = Yes
        username map = /etc/samba/smbusers
        password level = 8
        username level = 8
        unix password sync = Yes
        log level = 1
        log file = /var/log/samba/%m.log
        max log size = 50
        name resolve order = wins lmhosts bcast
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        show add printer wizard = No
        add user script = /usr/sbin/useradd -m %u
        delete user script = /usr/sbin/userdel -r %u
        add group script = /usr/sbin/groupadd %g
        delete group script = /usr/sbin/groupdel %g
        add user to group script = /usr/sbin/usermod -G %g %u
        add machine script = /usr/sbin/adduser -n -g machines -c Machine -d
/dev/null -s /bin/false %u
        logon script = %U.bat
        logon path = \\%L\%U\.profile
        logon drive = H:
        domain logons = Yes
        os level = 66
        preferred master = Yes
        domain master = Yes
        dns proxy = No
        wins support = Yes
        hosts allow = 192.168.5., 127.
        hide special files = Yes


I had initially used the default passwd chat line which is
;   passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
with no luck!


Is there something that I have missed or ....
please help.




Steve Simeonidis

Is it possible that account has "User Cannot Change Password" set?

Igor

Steve Simeonidis wrote:
> Error when you try to change your password
> from Windows XP, SP1, latest patches
> (ctrl-Alt-Del)
> 
> Server configuration
> Fedora Core 1
> samba-3.0.7-2FC1
> 
> 
> Samba is configured as PDC with roaming profiles.
> 
> I've just noticed testparm gives the following error
> ERROR: the 'passwd chat' script [*old password* %o\n *new password*
%n\n *new password* %n\n *changed*] expects to use the old plaintext password
via the %o substitution. With encrypted passwords this is not possible.
> 
>         workgroup = EWS-NET
>         netbios name = EWS-SRV1
>         server string = EWS Network
>         obey pam restrictions = Yes
>         pam password change = Yes
>         passwd program = /usr/bin/passwd %u
>         passwd chat = *old password* %o\n *new password* %n\n *new
password* %n\n *changed*
>         passwd chat debug = Yes
>         username map = /etc/samba/smbusers
>         password level = 8
>         username level = 8
>         unix password sync = Yes
>         log level = 1
>         log file = /var/log/samba/%m.log
>         max log size = 50
>         name resolve order = wins lmhosts bcast
>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>         show add printer wizard = No
>         add user script = /usr/sbin/useradd -m %u
>         delete user script = /usr/sbin/userdel -r %u
>         add group script = /usr/sbin/groupadd %g
>         delete group script = /usr/sbin/groupdel %g
>         add user to group script = /usr/sbin/usermod -G %g %u
>         add machine script = /usr/sbin/adduser -n -g machines -c Machine -d
/dev/null -s /bin/false %u
>         logon script = %U.bat
>         logon path = \\%L\%U\.profile
>         logon drive = H:
>         domain logons = Yes
>         os level = 66
>         preferred master = Yes
>         domain master = Yes
>         dns proxy = No
>         wins support = Yes
>         hosts allow = 192.168.5., 127.
>         hide special files = Yes
> 
> 
> I had initially used the default passwd chat line which is
> ;   passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
> with no luck!
> 
> 
> Is there something that I have missed or ....
> please help.
> 
> 
> 
> 
> Steve Simeonidis
>  
>