Data Control Systems - Mike Elkevizth
2007-Mar-27 12:55 UTC
[Samba] error "you do not have permission to change your password"
Hi everyone, I have had a problem for a while now, and haven't been able to figure it out on my own, so I'm asking for help. When a user tries to change their password they receive the aforementioned error. I am running Samba 3.0.10 on CentOS 4.4 (Red Hat Enterprise) with an LDAP backend. I have the smbldap-tools scripts installed and have them setup in my smb.conf (see below). What I can't figure out is that when I run smbldap-passwd -u %username% as root from any samba server (PDC or BDC) the command is successful and if I run smbpasswd -U %username% from the PDC (which is how I understand it is called by samba) it also completes successfully. What am I missing? Thanks, Mike Elkevizth Data Control Systems # Password change and create options for domain control lanman auth = no encrypt passwords = yes username map = /etc/samba/smbusers unix password sync = yes passwd chat timeout = 6 ldap delete dn = yes passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n" passwd program = /usr/sbin/smbldap-passwd -u "%u" add machine script = /usr/sbin/smbldap-useradd -w "%u" add user script = /usr/sbin/smbldap-useradd -a -m "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" delete user script = /usr/sbin/smbldap-userdel "%u" delete group script = /usr/sbin/smbldap-groupdel "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" # LDAP settings passdb backend = ldapsam:"ldap://localhost ldap://dcs001 ldap://dcs002 ldap://dcs003 ldap://dcs004" idmap backend = ldap:"ldap://localhost ldap://dcs001 ldap://dcs002 ldap://dcs003 ldap://dcs004" ldap timeout = 5 ldap ssl = start_tls ldap admin dn = cn=sambauser,ou=DSA,dc=dcs ldap suffix = dc=dcs ldap machine suffix = ou=People ldap user suffix = ou=People ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap replication sleep = 1000
Apparently Analagous Threads
- Windows XP local services not starting automatically after joining samba domain
- LDAP backend not mapping permissions properly and other problems
- smbldap-tools problem with Samba 3.0.1/LDAP 2.1.22/Fedora Core 1
- FW: Problem with Active Directory authentication
- stepAICc function (based on MASS:::stepAIC.default)