Hello all, I am running 3.0.22 on Ubuntu 6.0.6 LTS and cannot get user passwords to change while unix password sync = yes. Setting it to no works, but I need it on. At the user workstation (Win XP) I receive "You don't have the permissions to change your password" and logged in on the server as the user I receive "machine 127.0.0.1 rejected the password change: Error was : RAP86: The specified password is invalid. Failed to change password for <user>" I have searched the archives and googled the web. I have played with my passwd program and passwd chat to no avail. I set passwd chat debug = yes, log level = 100 and studied the log, but couldn't see anything that helped me. Using SWAT I reset everything in the security options section to default except unix password sync = yes, passwd chat, passwd program, and passdb backend = tdbsam. I did find that in Feb 2004 John Terpstra had someone file a bug report for a similar problem, also on a debian system. I hope that I am overlooking something simple here and we can get this working. Please respond with any ideas you may have. My current smb.conf is below. [global] workgroup = DOMAIN netbios name = PDC server string = Samba PDC passdb backend = tdbsam enable privileges = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUnix\spassword:* %n\n *Retype\snew\sUnix\spassword:* %n\n *password\supdated\ssuccessfully . unix password sync = Yes restrict anonymous = 1 lanman auth = No log level = 1 log file = /usr/local/samba/var/log.%m max log size = 500 min protocol = NT1 name resolve order = lmhosts host wins add user to group script = /usr/sbin/adduser %u %g add machine script = /usr/sbin/useradd -g machines -d /var/lib/nobody -s /bin/false %u logon path = \\%N\profiles\%U logon drive = H: logon home domain logons = Yes os level = 65 preferred master = Yes domain master = Yes dns proxy = No ldap ssl = no remote announce = *edited out* template shell = /bin/bash invalid users = *edited out* admin users = *edited out* acl group control = Yes hosts allow = *edited out* [netlogon] path = /var/lib/samba/netlogon guest ok = Yes browseable = No [profiles] path = /var/lib/samba/profiles read only = No create mask = 0600 directory mask = 0700 browseable = No
Just so this gets stored to the list for all those who may encounter this in the future: I finally found the answer: pam password change = yes must be set. This fixed the problem completely in my environment. Dan "Dan" <iskatel@msn.com> wrote in message news:emvb4t$c7b$1@sea.gmane.org...> Hello all, > > I am running 3.0.22 on Ubuntu 6.0.6 LTS and cannot get user passwords to > change while unix password sync = yes. Setting it to no works, but I need > it on. At the user workstation (Win XP) I receive "You don't have the > permissions to change your password" and logged in on the server as the > user I receive > "machine 127.0.0.1 rejected the password change: Error was : RAP86: The > specified password is invalid. > Failed to change password for <user>" > > I have searched the archives and googled the web. I have played with my > passwd program and passwd chat to no avail. I set passwd chat debug = > yes, log level = 100 and studied the log, but couldn't see anything that > helped me. Using SWAT I reset everything in the security options section > to default except unix password sync = yes, passwd chat, passwd program, > and passdb backend = tdbsam. I did find that in Feb 2004 John Terpstra > had someone file a bug report for a similar problem, also on a debian > system. I hope that I am overlooking something simple here and we can get > this working. Please respond with any ideas you may have. > > My current smb.conf is below. > > [global] > workgroup = DOMAIN > netbios name = PDC > server string = Samba PDC > passdb backend = tdbsam > enable privileges = Yes > passwd program = /usr/bin/passwd %u > passwd chat = *Enter\snew\sUnix\spassword:* %n\n > *Retype\snew\sUnix\spassword:* %n\n *password\supdated\ssuccessfully . > unix password sync = Yes > restrict anonymous = 1 > lanman auth = No > log level = 1 > log file = /usr/local/samba/var/log.%m > max log size = 500 > min protocol = NT1 > name resolve order = lmhosts host wins > add user to group script = /usr/sbin/adduser %u %g > add machine script = /usr/sbin/useradd -g machines -d /var/lib/nobody -s > /bin/false %u > logon path = \\%N\profiles\%U > logon drive = H: > logon home > domain logons = Yes > os level = 65 > preferred master = Yes > domain master = Yes > dns proxy = No > ldap ssl = no > remote announce = *edited out* > template shell = /bin/bash > invalid users = *edited out* > admin users = *edited out* > acl group control = Yes > hosts allow = *edited out* > > [netlogon] > path = /var/lib/samba/netlogon > guest ok = Yes > browseable = No > > [profiles] > path = /var/lib/samba/profiles > read only = No > create mask = 0600 > directory mask = 0700 > browseable = No > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba >
Check your "passwd chat" directive; I've seen the "don't have permission" error when the case of any of the letters is wrong. Ryan>>> "Dan" <iskatel@msn.com> 12/27/2006 8:45:47 PM >>>Hello all, I am running 3.0.22 on Ubuntu 6.0.6 LTS and cannot get user passwords to change while unix password sync = yes. Setting it to no works, but I need it on. At the user workstation (Win XP) I receive "You don't have the permissions to change your password" and logged in on the server as the user I receive "machine 127.0.0.1 rejected the password change: Error was : RAP86: The specified password is invalid. Failed to change password for <user>" I have searched the archives and googled the web. I have played with my passwd program and passwd chat to no avail. I set passwd chat debug = yes, log level = 100 and studied the log, but couldn't see anything that helped me. Using SWAT I reset everything in the security options section to default except unix password sync = yes, passwd chat, passwd program, and passdb backend = tdbsam. I did find that in Feb 2004 John Terpstra had someone file a bug report for a similar problem, also on a debian system. I hope that I am overlooking something simple here and we can get this working. Please respond with any ideas you may have. My current smb.conf is below. [global] workgroup = DOMAIN netbios name = PDC server string = Samba PDC passdb backend = tdbsam enable privileges = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUnix\spassword:* %n\n *Retype\snew\sUnix\spassword:* %n\n *password\supdated\ssuccessfully . unix password sync = Yes restrict anonymous = 1 lanman auth = No log level = 1 log file = /usr/local/samba/var/log.%m max log size = 500 min protocol = NT1 name resolve order = lmhosts host wins add user to group script = /usr/sbin/adduser %u %g add machine script = /usr/sbin/useradd -g machines -d /var/lib/nobody -s /bin/false %u logon path = \\%N\profiles\%U logon drive = H: logon home domain logons = Yes os level = 65 preferred master = Yes domain master = Yes dns proxy = No ldap ssl = no remote announce = *edited out* template shell = /bin/bash invalid users = *edited out* admin users = *edited out* acl group control = Yes hosts allow = *edited out* [netlogon] path = /var/lib/samba/netlogon guest ok = Yes browseable = No [profiles] path = /var/lib/samba/profiles read only = No create mask = 0600 directory mask = 0700 browseable = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -------------- next part -------------- ------------------------------------------------- This email transmission and any documents, files or previous email messages attached to it may contain information that is confidential or legally privileged. If you are not the intended recipient, you are hereby notified that any disclosure, copying, printing, distributing or use of this transmission is strictly prohibited. If you have received this transmission in error, please immediately notify the sender by telephone or return email and delete the original transmission and its attachments without reading or saving in any manner. The Evangelical Lutheran Good Samaritan Society. ---------------------------------------------------------
Possibly Parallel Threads
- I cannot see the network in the PDC server but yes in xp stations, any idea?
- Samba/LDAP Backend: Error NT_STATUS_CONNECTION_REFUSED
- Problem authenticating with Samba (security=domain) + Windows 2000 PDC
- BDC and password change program
- Can't get "getent passwd" to display winbind users