samba - Jul 2005 - Need help with Samba + IBM-DS 5.2

Hi everybody,

I have problem with smbpasswd to update password in LDAP, when I'm 
adding new user with "smbpasspd -a userx" everything works fine but
when
I'm trying change password with "smbpasswd userx" I have this
error:

$ldapsam_modify_entry: Failed to modify user dn= 
$uid=userx,cn=users,dc=domain,dc=cz with: No such attribute
$
$ldapsam_update_sam_account: failed to modify user with uid = userx, 
$error: (Success)
$Failed to modify entry for user userx.
$Failed to modify password entry for user userx

and on my LDAP server:

$Entry uid=prokop,cn=users,dc=schwing,dc=cz does not contain attribute 
$sambaPwdCanChange with value 1122032494.

and ind LDAP has this LDIF:

$dn: uid=userx,cn=users,dc=schwing,dc=cz
$objectClass: account
$objectClass: posixAccount
$objectClass: shadowAccount
$objectClass: top
$objectClass: inetOrgPerson
$objectClass: organizationalPerson
$objectClass: person
$objectClass: sambaSamAccount
$cn: XXX
$displayName: XXX
$gidNumber: 2000
$givenName: XXX
$homeDirectory: /home/userx
$loginShell: /bin/bash
$mail: XXX
$preferredLanguage: cs
$sambaAcctFlags: [U          ]
$sambaLMPassword: F1BE844E80BCAC9DAAD3B435B51404EE
$sambaNTPassword: 76F9D66AF945EA025C8D8EEBC67E2BC2
$sambaPasswordHistory: 
$0000000000000000000000000000000000000000000000000000000000000000
$sambaPrimaryGroupSID: S-1-5-21-3465419679-3835903379-2357785547-5001
$sambaPwdCanChange: 1122032494
$sambaPwdLastSet: 1122032494
$sambaPwdMustChange: 2147483647
$sambaSID: S-1-5-21-3465419679-3835903379-2357785547-5040
$shadowExpire: -1
$shadowFlag: 134538308
$shadowInactive: -1
$shadowLastChange: 11192
$shadowMax: 99999
$shadowMin: -1
$shadowWarning: 7
$sn: XXX
$uid: userx
$uidNumber: 2020
$userPassword:: XXX

I have Samba 3.0.14a-3 on Debian Linux Sarge with kernel 2.6.8-2-386. 
LDAP server is IBM Directory Server 5.2 with Samba schemas from 
samba-doc for IBM-DS.

Thanx for any idea.

Lukas Prokop

My smb.conf:

[global]

    workgroup = ATACO
    server string = Fantom server
    dns proxy = no
    log file = /var/log/samba/log.%m
    max log size = 1000
    log level = 10
    syslog = 0
    panic action = /usr/share/samba/panic-action %d
    security = user
    encrypt passwords = true

    passdb backend = ldapsam:ldap://wps.ataco.cz
    ldap admin dn = cn=ldapadmin
    ldap ssl = no
    ldap delete dn = no
    ldap suffix = dc=schwing,dc=cz
    ldap user suffix = cn=users
    ldap group suffix = cn=groups
    ldap machine suffix = cn=machines
    ldap passwd sync = yes

    obey pam restrictions = yes
    guest account = nobody
    unix password sync = yes
    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\sUNIX\spassword:* %n\n 
*Retype\snew\sUNIX\spassword:* %n\n .
    invalid users = root
    os level = 34
;   pam password change = no
    load printers = no
    hide dot files = yes
    socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 
SO_SNDBUF=8192
    interfaces = 127.0.0.1 192.168.1.14/24
    dos charset = 852
    unix charset = iso8859-2

######## File sharing ########

# Name mangling options
;   preserve case = yes
;   short preserve case = yes

[homes]
    comment = Home Directories
    browseable = no
    writable = yes
    create mask = 0700
    directory mask = 0700
    hide dot files = yes
    hide files =  Maildir/

[private]
     comment = Private directory
     path = /home/private
     writable = yes
     browseable = yes
     directory mask = 0770
     create mask = 0770

[shared]
     comment = Shared directory
     path = /home/shared
     public = yes
     writable = yes
     browseable = yes
     create mask = 0775
     directory mask = 0775