HI, I met problm with windbind. Everything seems to work fine samba 3.0.7 - ldap - ssl But in can not change user password account from windows workstation. I investigate and find Wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_UNSUCCESSFUL (0xc0000001) Could not check secret Wbinfo - u Error looking up domain users Wbinfo -g Just list BuiltIn Group I find recurrent error log winbind message: internal_get_sid_from_id: fetching record GID 513 [2004/10/29 00:35:10, 5] lib/smbldap.c:smbldap_search(963) smbldap_search: base => [ou=Idmap,dc=e-nes,dc=net], filter => [(&(objectClass=sambaIdmapEntry)(gidNumber=513))], scope => [2] [2004/10/29 00:35:10, 0] sam/idmap_ldap.c:ldap_get_sid_from_id(525) ldap_get_sid_from_id: mapping not found for gidNumber: 513 [2004/10/29 00:35:10, 1] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(426) Could not convert gid 513 to sid [2004/10/29 00:35:10, 10] nsswitch/winbindd.c:client_write(523) client_write: wrote 1300 bytes. And defenitly my Idmap In ldap are empty. Normaly wbinfo - u should populate it ? But It fail. Is there any way to manually populate it ? Can you help me, my objectif is made windows able to change password , if wbinfo still have problem I doesn't matter. Here are my smb.conf Many thanks # Global parameters [global] deadtime = 60 passdb backend = ldapsam:"ldap://127.0.0.1",guest ldap suffix = dc=e-nes,dc=net ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap user suffix = ou=People ldap group suffix = ou=Group #ldap admin dn = "cn=admin,dc=e-nes,dc=net" ldap admin dn = cn=samba,ou=DSA,dc=e-nes,dc=net ldap ssl = yes ldap delete dn = yes ldap passwd sync = yes #only= ldap no = just NT et LM no ldap #unix password sync = yes encrypt passwords = true null passwords = yes passwd program = /usr/sbin/smbldap-passwd.pl %u security = user #user domainE-NES share auth methods = sam, winbind passwd chat = *New*password* %n\n *Retype*new*password* %n\n* *password*has*been*changed* passwd chat debug = yes # password quality min passwd length = 5 add machine script = /usr/sbin/smbldap-useradd -w "%u" add user script = /usr/sbin/smbldap-useradd -m "%u" ldap delete dn = Yes delete user script = /usr/sbin/smbldap-userdel "%u" add machine script = /usr/sbin/smbldap-useradd -w "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" delete group script = /usr/sbin/smbldap-groupdel "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" #get quota command = /usr/local/sbin/query_quota #set quota command = /usr/local/sbin/set_quota Dos charset = 850 Unix charset = ISO8859-1 veto files = /*.eml/*.nws/riched20.dll/*.{*}/ idmap gid = 500-10000 strict sync = no idmap uid = 999-10000 idmap backend = ldap:ldap://127.0.0.1 max xmit = 65534 winbind separator = + template shell = /bin/bash template homedir = /home/%D/%U winbind enum users = yes winbind enum groups = yes winbind cache time = 10 winbind use default domain = yes wins support = Yes wins server = 192.168.1.5 logon path show add printer wizard = No preferred master = Yes logon script = scripts/logon.bat domain logons = Yes domain master = yes server string = E-nes Enterprise Server #%v workgroup = E-nes netbios name = E-nes os level = 250 admin users = lauco,administrateur #domain admin group = root,Domain Admins #root = admin administrator map to guest = Bad User guest account = nobody logon drive = h: logon home = \\%L\%U # syslog = 0 time server = Yes unix extensions = Yes allow trusted domains = Yes message command = /bin/sh -c '/usr/bin/linpopup max log size = 1000 interfaces = eth1, 192.168.1.5/255.255.255.224 panic action = /usr/share/samba/panic-action %d read raw = yes paranoid server security = No map hidden = yes dns proxy = No name resolve order = wins host lmhosts bcast algorithmic rid base = 1000 socket options = SO_KEEPALIVE TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 oplocks = yes root directory = / #chroot mode write raw = yes strict locking = no log level = 3 log file = /var/log/samba/log.%m [netlogon] guest ok = yes create mask = 0644 comment = The domain logon service locking = no path = /home/e-nes/netlogon share modes = no follow symlinks = no [homes] path = %H valid users = %U comment = Home Directories browseable = No writeable = yes create mask = 0600 dos filetimes = yes follow symlinks = no force unknown acl user = no # can copy local acl to e-nes hide dot files = yes [Public] guest ok = yes comment = E-nes Public Folder writable = yes path = /home/e-nes/Public dos filemode = yes dos filetimes = yes store dos attributes = yes follow symlinks = no hide unreadable = yes #hosts allow = 150.203. EXCEPT 150.203.6.66 lapland, arvidsjaur -- hosts deny = pirate [Private] path=/home/e-nes/Private Comment = E-Nes Private Folder writable = yes create mask = 0660 browsable = yes locking = yes #lock and open file dos filemode = yes #enable group to chage perm dos filetimes = yes #enable time change on dos acces like on windobe follow symlinks = no # do not permit to hack system by symlinks #inherit acls = yes #inherit permissions = no [Admin] path=/ Comment = E-Nes Root Admin writable = yes create mask = 0644 security mask = 0000 directory security mask = 0000 browsable = yes locking = no valid users = %U @"Domain Admins" # administrateur