Hello. I am using Samba 3.0.22 with LDAP. When a user's password expires they are asked to change it by Windows 2000. Upon completing the pw change dialog box, after a brief pause, I get an error stating "The system cannot change your password now because the domain MYGROUP is not available." -- where MYGROUP is my domain name. Any thoughts on why this is occuring? I can provide additional logfile information if needed. Thanks! My smb.conf file: workgroup = MYGROUP domain logons = yes security = user local master = yes os level = 65 preferred master = yes domain master = yes log file = /var/log/samba/%m.log passdb backend = ldapsam:ldap://localhost ldap admin dn = "cn=Manager,dc=ifa,dc=hawaii,dc=edu" ldap user suffix = ou=People ldap group suffix = ou=Groups ldap machine suffix = ou=Computers ldap suffix = dc=ifa,dc=hawaii,dc=edu add machine script = /usr/sbin/smbldap-useradd -w "%u" logon path = \\%L\profiles\%U printable = no unix password sync = yes passwd program = /usr/sbin/smbldap-passwd -u "%u" passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n" ldap passwd sync = yes [netlogon] comment = The domain logon service path = /var/lib/samba/netlogon public = no writeable = no [profiles] create mode = 0600 directory mode = 0700 path = /home/profiles read only = no profile acls = yes
I read here: http://www.kbalertz.com/837327/receive.system.cannot.change.password.because.domain.error.message.change.password.Windows.Windows.aspx that this bug is due to a bug in Windows. I upgraded to service pack 4, and the bug was fixed. Bill Bierman wrote:> Hello. I am using Samba 3.0.22 with LDAP. When a user's password > expires they are asked to change it by Windows 2000. > > Upon completing the pw change dialog box, after a brief pause, I get > an error stating "The system cannot change your password now because > the domain MYGROUP is not available." -- where MYGROUP is my domain name. > > Any thoughts on why this is occuring? I can provide additional > logfile information if needed. > > Thanks! > > My smb.conf file: > > workgroup = MYGROUP > domain logons = yes > security = user > local master = yes > os level = 65 > preferred master = yes > domain master = yes > > log file = /var/log/samba/%m.log > > passdb backend = ldapsam:ldap://localhost > ldap admin dn = "cn=Manager,dc=ifa,dc=hawaii,dc=edu" > ldap user suffix = ou=People > ldap group suffix = ou=Groups > ldap machine suffix = ou=Computers > ldap suffix = dc=ifa,dc=hawaii,dc=edu > > add machine script = /usr/sbin/smbldap-useradd -w "%u" > > logon path = \\%L\profiles\%U > > printable = no > > unix password sync = yes > passwd program = /usr/sbin/smbldap-passwd -u "%u" > passwd chat = "Changing password for*\nNew password*" %n\n "*Retype > new password*" %n\n" > ldap passwd sync = yes > > [netlogon] > comment = The domain logon service > path = /var/lib/samba/netlogon > public = no > writeable = no > > [profiles] > create mode = 0600 > directory mode = 0700 > path = /home/profiles > read only = no > profile acls = yes >
Apparently Analagous Threads
- error adding users to Domain Admins group during classicupgrade
- Horrible BIND9_DLZ DNS breakage after DC replaced and samba-tool domain demote --remove-other-dead-server
- Assigning cases to groupings based on the values of several variables
- Can connect directly, but not browse samba server from Windows Workgroup network
- formatting a 6 million row data set; creating a censoring variable