John Schmerold
2004-Nov-29 05:53 UTC
[Samba] SAMBA / LDAP / Domain Password change problem
I have our Samba server mostly working, however it will not allow me to change the password on the client desktop or via USRMGR. The error message we are getting is "the system cannot change your password now because the domain TOPC is not available". USRMGR reports "Could no find domain controller for this domain" Everything is authenticating properly. Any ideas? I'm running following: Fedora FC3 Samba 3.0.8pre1-0.pre1.3 smbldap-tools-0.8.5-3 smbstatus says: Samba version 3.0.8pre1-0.pre1.3 PID Username Group Machine ------------------------------------------------------------------- 3146 Administrator Domain Admins ts1 (192.168.70.11) 3148 sallen Domain Users jevans (192.168.70.21) Service pid machine Connected at ------------------------------------------------------- sys 3146 ts1 Sun Nov 28 22:36:49 2004 sys 3148 jevans Sun Nov 28 22:38:50 2004 Our smb.conf is as follows: [global] force user=root workgroup = TOPC netbios name = FS1 server string = TOPC-FS1 hosts allow = 192.168.70. 192.168.35. 127. printcap name = /etc/printcap load printers = yes cups options = raw security = user encrypt passwords = yes min passwd length = 3 obey pam restrictions = no unix password sync = Yes passwd program = /usr/local/sbin/smbldap-passwd -u %u passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n" ldap passwd sync = Yes log level = 0 syslog = 0 log file = /var/log/samba/log.%m max log size = 100000 time server = Yes username map = /etc/samba/smbusers admin users= @"Domain Admins" socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces=eth1, lo domain logons = yes dns proxy = no mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 logon script = startup.bat logon drive = F: logon home = \\fs1\sys logon path = \\fs1\sys domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes passdb backend = ldapsam:ldap://127.0.0.1/ ldap filter = (&(objectclass=sambaSamAccount)(uid=%u)) ldap admin dn = cn=Manager,dc=twinoakschurch,dc=org ldap suffix = dc=twinoakschurch,dc=org ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users add user script = /usr/local/sbin/smbldap-useradd -m "%u" ldap delete dn = Yes #delete user script = /usr/local/sbin/smbldap-userdel "%u" add machine script = /usr/local/sbin/smbldap-useradd -w "%u" add group script = /usr/local/sbin/smbldap-groupadd -p "%g" #delete group script = /usr/local/sbin/smbldap-groupdel "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u" #============================ Share Definitions ============================= idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind use default domain = no [homes] comment = Home Directories valid users = %S writeable = yes create mask = 0664 directory mask = 0775 browseable = Yes [netlogon] comment = Network Logon Service path = /opt/samba/netlogon [profiles] path = /opt/samba/profiles writeable = yes writeable = yes browseable = yes create mode = 0644 directory mode = 0755 guest ok = yes [sys] path = /home/sys read only = no public = no create mode = 0644 directory mode = 0755 -- John Schmerold Katy Computer & Wireless 20 Meramec Station Rd Valley Park MO 63088 636-861-6900 v 775-227-6947 f
Danny Paul
2004-Nov-29 19:51 UTC
[Samba] Re: SAMBA / LDAP / Domain Password change problem
Do a tail -25 <location of nmbd.log file, likely /usr/local/samba/var/log.nmbd>. This will give you the last 25 lines of the nmbd log file. See if there are any error messages relating to name resolution problems or errors registering domain names. If you are having such errors, stop smbd & nmbd, remove wins.dat (probably /usr/local/samba/var/locks/wins.dat), then restart smbd & nmbd. Best of luck