For several versions now, we've been unable to get password changing to work
*without errors*. Now management would like to see it working fantastic so
that we can age passwords, but without errors. No matter what I do, I get a
couple of errors. The first time I try to change from a 7 letter password
to '#1password', which should be complex enough for any rule, I get:
The username or old password is incorrect. Letters in password must be
typed using the correct case.
No matter what I change to at this point, short/long/simple/complex
passwords, I get:
You do not have permission to change your password.
The rub is that regardless of the error, the password change is successful,
and is properly echoed back to the unix subsystem.
I am currently on 3.0.14a on FC3, LDAP backend with the smbldap-tools
package - likely older than current but it has been an issue since this WAS
current.
During the operation, the following log entries are made under log level 1
[2005/08/19 15:02:36, 1] rpc_server/srv_pipe.c:api_pipe_ntlmssp_verify(441)
api_pipe_ntlmssp_verify: User [AEI]\[pgienger] from machine RADON failed
authentication on named pipe samr.
[2005/08/19 15:02:38, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1495)
ldapsam_modify_entry: Failed to modify user
dnuid=pgienger,ou=People,dc=ae-solutions,dc=com with: No such attribute
modify/delete: sambaLMPassword: no such value
[2005/08/19 15:02:38, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1720)
ldapsam_update_sam_account: failed to modify user with uid = pgienger,
error: modify/delete: sambaLMPassword: no such value (Success)
[2005/08/19 15:02:40, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1495)
ldapsam_modify_entry: Failed to modify user
dnuid=pgienger,ou=People,dc=ae-solutions,dc=com with: No such attribute
modify/delete: sambaLMPassword: no such value
[2005/08/19 15:02:40, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1720)
ldapsam_update_sam_account: failed to modify user with uid = pgienger,
error: modify/delete: sambaLMPassword: no such value (Success)
My current LDAP LDIF is as follows (some irrelevant attributes deleted or
changed)
dn: uid=pgienger,ou=People,dc=ae-solutions,dc=com
uid: pgienger
cn: Paul Gienger
givenName: Paul
sn: Gienger
mail: pgienger@ae-solutions.com
homeDirectory: /home/pgienger
uidNumber: 2266
o: Applied Engineering, Inc.
loginShell: /usr/bin/bash
displayName: Paul Gienger
gecos: Paul Gienger
gidNumber: 2028
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: shadowAccount
objectClass: sambaSamAccount
sambaSID: S-1-5-21-112718084-1284083569-2990761952-5532
sambaPrimaryGroupSID: S-1-5-21-112718084-1284083569-2990761952-5057
sambaPasswordHistory:
00000000000000000000000000000000000000000000000000000000
00000000
sambaPwdCanChange: 1101921819
shadowLastChange: 12829
sambaAcctFlags: [UX ]
sambaPwdMustChange: 1209265396
sambaHomePath: \\fgoserv\pgienger
sambaLMPassword: F095287D9161743BAAD3XXXXXXXXXXXX
sambaNTPassword: 1C67D5538C78A1C1687CXXXXXXXXXXXX
sambaPwdLastSet: 1124478817
userPassword:: e0NSWVBUfWN1LmJIWXVblahblak
Free cookies to anyone that can help me figure out how to get this to work
As Advertised. If a higher log level is needed I'll be glad to help.
------------------------------------------------------------------
Paul Gienger Office: 701-281-1884
Applied Engineering Inc.
Systems Architect Fax: 701-281-1322
URL: www.ae-solutions.com mailto: pgienger@ae-solutions.com
