Hi All, Thanks for the prompt response, please see me notes: jayendren anand maduray escreveu:> Hi All. > > I have a SAMBA PDC that uses LDAP as its back end. > The OS, is UBUNTU 6.10 Server. > SAMBA Version is 3.022 > > The problem is, when a client logs onto the Domain, he presses > Control+Alt+Del, and chooses Change Password. > He types in the old password, then the new one, and confirms this. > When he clicks on OK, it thinks for a bit (about 30 seconds) and then > says: > "The system cannot change your password now because the domain > RIVONINGO.HIVSA is not available" > > This used to work before, and works fine on another server, with the > identical settings. > > The log file for the computer says: > [2007/11/27 16:00:11, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2171) > ldapsam_search_one_group: Problem during the LDAP search: LDAP error: > (No such object)This says that something wasn't found in LDAP, but doesn't say what or where it was looked for. (...)> ldap suffix = dc=rivoningo,dc=hivsa > ldap group suffix = > ou=smbGroups,ou=soul-calibur,ou=smbServers,dc=rivoningo,dc=hivsa > ldap user suffix = > ou=smbUsers,ou=soul-calibur,ou=smbServers,dc=rivoningo,dc=hivsa > ldap machine suffix = > ou=smbComputers,ou=soul-calibur,ou=smbServers,dc=rivoningo,dc=hivsa > ldap idmap suffix = > ou=smbUsers,ou=soul-calibur,ou=smbServers,dc=rivoningo,dc=hivsaI didn't understood why did you crated your DIT that way, but ... *>I have many servers.* From smb.conf man page: ldap suffix (G) Specifies the base for all ldap suffixes and for storing the sambaDomain object. The ldap suffix will be appended to the values specified for the ldap user suffix, ldap group suffix, ldap machine suffix, and the ldap idmap suffix. Each of these should be given only a DN relative to the ldap suf- fix. Default: ldap suffix Example: ldap suffix = dc=samba,dc=org ldap user suffix (G) This parameter specifies where users are added to the tree. If this parameter is unset, the value of ldap suf- fix will be used instead. The suffix string is pre-pended to the ldap suffix string SO USE A PARTIAL DN. Default: ldap user suffix Example: ldap user suffix = ou=people (...) So take a look at the "SO USE A PARTIAL" part, it worth for all organizational units suffixes. *>I have set to use partial, restarted samba and slapd, and I still receive: **>"The system cannot change your password now because the domain RIVONINGO.HIVSA is not available" > or "The system cannot change your password at this time" >When I try to change the password >The log entry is: >[2007/11/28 14:44:04, 0] lib/debug.c:reopen_logs(597) > Unable to open new log file /var/log/samba/log.computername: Permission denied **>Is there something else I can try?*** God bless. mJayendren -- Jayendren Anand Maduray Microsoft Certified Professional Network Plus Senior IT Administrator Perinatal HIV Research Unit Wits Health Consortium University of the Witwatersrand Alternate email address: jayendren@mweb.co.za Fax Number: 0866857317 ...There are 10 types of people, those who understand binary and those who do not...
Please help. I'm not new to Linux or Unix, but I am new to Samba and PAM. A few weeks ago, I upgraded to SuSE Linux 10.3. I attempted to install and configure Samba last weekend, for the first time. I want to create 3 specific mount points under Samba, each with different permissions as to who can access them. Initially, I was able to mount the filesystem with the least amount of restrictions, but could not seem to mount the other two filesystems. I found several different documents on-line to aid in configuring the smb.conf file. After playing around for several days, I now can no longer mount any of the three filesystems. Currently, when I bring up my Windows Explorer session, I can see the Workgroup, and the Samba server, but I can not see any of the mount points on that server. When I click on the server (Samba 3.0.26a-3-1478-SUSE-SL10.3 (Jflinuxpc), I get the following error: ##################################### \\Jflinuxpc is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions. There are currently no logon servers available to service the logon request. ##################################### When I click on "Map Network Drive" and type in "\\Jflinuxpc\family_photos", I get the following error message: ##################################### The mapped network drive could not be created because the following error has occurred: There are currently no logon servers available to service the logon request. ##################################### To start, it appears as if I've activated some type of special logon server un-knowingly... Can anyone give me a hint as to what it might be? I can telnet to the Linux server just fine from all of my laptops and PCs. The login ID that I'm using is good from a Linux / Unix / OS perspective. Any ideas or help would be greatly appreciated. Thanks in advance, and have a great week. JoeF...
Edmundo Valle Neto
2007-Nov-28 21:30 UTC
[Samba] Unable to change password in windows - SAMBA_LDAP_PDC
Don't reuse subjects that doesn't have anything about what are you asking for. Putting back "Re: [Samba] Unable to change password in windows - SAMBA_LDAP_PDC" in turn of "Re: [Samba] Re: samba Digest, Vol 59, Issue 28", a lot of people don't read digests and so will ignore your message (if not all). jayendren anand maduray escreveu: (...)> > So take a look at the "SO USE A PARTIAL" part, it worth for all > organizational units suffixes. > *>I have set to use partial, restarted samba and slapd, and I still > receive: > **>"The system cannot change your password now because the domain > RIVONINGO.HIVSA is not available" > > or "The system cannot change your password at this time" > >When I try to change the password > >The log entry is: > >[2007/11/28 14:44:04, 0] lib/debug.c:reopen_logs(597) > > Unable to open new log file /var/log/samba/log.computername: > Permission denied > > **>Is there something else I can try?***(...) I can't even say that the previous and this error messages has anything to do with your problem (but as the previous message doesn't repeated, the server now is finding whatever it is looking for), or if that its a name resolution problem. Use a log level bigger than 0 to the server spit something useful, use something like 3. But yes, its not normal to the server don't find objects in LDAP as its not normal start to give "permission denied" errors trying to reopen log files. What are the permissions of your log directory? Regards. Edmundo Valle Neto
Apparently Analagous Threads
- Unable to change password in windows - SAMBA_LDAP_PDC
- Serving MS Access Databases, with ACL
- Unable to change password in windows - SAMBA_LDAP_PDC - SOLVED
- shoudl I use apply, sapply, etc instead of a "for loop"?
- Plot survival curves after coxph() with frailty() random effects terms