samba - Nov 2008 - Users not able to change password

Hi list,

My brand new samba network is working pretty good, ironing out some 
glitches.

Win XP users cannot change their password.
I use SaMBa as a domain-controller with an LDAP backend.

A stripped down version of the config is below.

I set minimum password length to 8, trying to change the password to a 7 
char long gives me the messages that the password does not meet 
requirements. So that part seems to be working.

However using an 8 char long pass (with numbers etc) gives me the msg 
that I don't have enough permissions to change the passwd.
This is going to be an issue in 30 days, when users are required to 
change their passwd...
Used pdbedit to set those requirements

Tips and hints are welcome.

The log shows:

2008/11/13 12:54:19, 0] auth/auth_util.c:create_builtin_users(758)
  create_builtin_users: Failed to create Users
[2008/11/13 12:54:19, 0] lib/util_sock.c:read_socket_with_timeout(497)
  read_socket_with_timeout: timeout read. read error = Input/output error.
[2008/11/13 12:54:19, 0] lib/util_sock.c:read_socket_with_timeout(497)
  read_socket_with_timeout: timeout read. read error = Input/output error.
[2008/11/13 12:55:02, 0] auth/auth_util.c:create_builtin_administrators(792)
  create_builtin_administrators: Failed to create Administrators
[2008/11/13 12:55:02, 0] auth/auth_util.c:create_builtin_users(758)
  create_builtin_users: Failed to create Users


Thanks

Peter



[global]
   workgroup = ENGIN
   server string =  fileserver
   dns proxy = no
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
security = user
   encrypt passwords = true
passdb backend = ldapsam:ldap://localhost/
obey pam restrictions = no
ldap admin dn = cn=xxx,dc=xxx,dc=xxx
ldap suffix = dc=xxx, dc=xxx
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
ldap passwd sync = Yes
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n 
*all*authentication*tokens*updated*
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g"
"%u"
domain logons = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n 
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
logon path logon script = allusers.bat
load printers = yes
printcap name = cups
printing = cups
use client driver = yes
cups options = raw
   socket options = TCP_NODELAY
[homes]
  comment = Home directories
  browseable = no
  read only = no
  create mask = 0700
  directory mask = 0700
  valid users = %S
  hide dot files = yes
[netlogon]
   comment = Network Logon Service
   path = /home/samba/netlogon
   guest ok = yes
   read only = yes
   share modes = no
[shared]
  comment = Shared by all
  path = /data/shares/shared
  create mask = 0770
  directory mask = 0770
  users = %S
  force group = "Domain users"
  read only = no

--
Can somebody point me into the right direction please?
Is this a windows issue/setting or samba or both ...

Thanks

Peter
--

Hi list,

My brand new samba network is working pretty good, ironing out some
glitches.

Win XP users cannot change their password.
I use SaMBa as a domain-controller with an LDAP backend.

A stripped down version of the config is below.

I set minimum password length to 8, trying to change the password to a 7
char long gives me the messages that the password does not meet
requirements. So that part seems to be working.

However using an 8 char long pass (with numbers etc) gives me the msg
that I don't have enough permissions to change the passwd.
This is going to be an issue in 30 days, when users are required to
change their passwd...
Used pdbedit to set those requirements

Tips and hints are welcome.

The log shows:

2008/11/13 12:54:19, 0] auth/auth_util.c:create_builtin_users(758)
  create_builtin_users: Failed to create Users
[2008/11/13 12:54:19, 0] lib/util_sock.c:read_socket_with_timeout(497)
  read_socket_with_timeout: timeout read. read error = Input/output error.
[2008/11/13 12:54:19, 0] lib/util_sock.c:read_socket_with_timeout(497)
  read_socket_with_timeout: timeout read. read error = Input/output error.
[2008/11/13 12:55:02, 0] auth/auth_util.c:create_builtin_administrators(792)
  create_builtin_administrators: Failed to create Administrators
[2008/11/13 12:55:02, 0] auth/auth_util.c:create_builtin_users(758)
  create_builtin_users: Failed to create Users


Thanks

Peter



[global]
   workgroup = ENGIN
   server string =  fileserver
   dns proxy = no
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
security = user
   encrypt passwords = true
passdb backend = ldapsam:ldap://localhost/
obey pam restrictions = no
ldap admin dn = cn=xxx,dc=xxx,dc=xxx
ldap suffix = dc=xxx, dc=xxx
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
ldap passwd sync = Yes
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*all*authentication*tokens*updated*
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g"
"%u"
domain logons = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
logon path logon script = allusers.bat
load printers = yes
printcap name = cups
printing = cups
use client driver = yes
cups options = raw
   socket options = TCP_NODELAY
[homes]
  comment = Home directories
  browseable = no
  read only = no
  create mask = 0700
  directory mask = 0700
  valid users = %S
  hide dot files = yes
[netlogon]
   comment = Network Logon Service
   path = /home/samba/netlogon
   guest ok = yes
   read only = yes
   share modes = no
[shared]
  comment = Shared by all
  path = /data/shares/shared
  create mask = 0770
  directory mask = 0770
  users = %S
  force group = "Domain users"
  read only = no

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba