David Wells
2009-Sep-04 15:09 UTC
[Samba] [Bulk] Windows Users cannot change password on PDC Samba Server
Dominguez, Gaston Matias escribi?:> I've this problems. > > I'm using on my smb.conf > > # Sincronizacion de cuentas LDAP, NT y LM > # unix password sync = Yes > ldap passwd sync = Yes > passwd program = /usr/sbin/smbldap-passwd -u "%u" > passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*" %n\n" > > > [2009/09/03 14:05:16, 1] smbd/chgpasswd.c:change_oem_password(1057) > Sep 3 14:05:16 eisaIII smbd[4801]: user test1 cannot change password now, > must wait until vie, 04 sep 2009 17:29:06 ART > > I don't find what is the problem. > > Someone help me please? > > > > Here it's: > > [root at SRVDC01 ~]# testparm > Load smb config files from /etc/samba/smb.conf > Processing section "[homes]" > Processing section "[printers]" > Processing section "[Profiles]" > Processing section "[netlogon]" > Loaded services file OK. > Server role: ROLE_DOMAIN_PDC > Press enter to see a dump of your service definitions > > [global] > workgroup = EISAIII > server string = Samba Server Version %v on %L > smb passwd file = /usr/bin/smbpasswd > passdb backend = ldapsam:"ldap://127.0.0.1:389 <ldap://127.0.0.1:389%22> " > username map = /etc/samba/smbusers > syslog = 2 > log file = /var/log/samba/log.%m > max log size = 1000 > time server = Yes > add user script = /usr/sbin/smbldap-useradd -m "%u" > delete user script = /usr/sbin/smbldap-userdel "%u" > add group script = /usr/sbin/smbldap-groupadd -p "%g" > delete group script = /usr/sbin/smbldap-groupdel "%g" > add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" > delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" > set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" > add machine script = /usr/sbin/smbldap-useradd -w %u > logon script = scripts\logon.bat > logon path = \\%L\Profiles\%U > logon drive = Z: > logon home = \\%L\%U > domain logons = Yes > os level = 65 > preferred master = Yes > domain master = Yes > wins server = 192.168.6.3 > ldap admin dn = cn=Administrador,dc=eisaIII,dc=com > ldap delete dn = Yes > ldap group suffix = ou=Group > ldap idmap suffix = ou=Idmap > ldap machine suffix = ou=Computers > ldap passwd sync = Yes > ldap suffix = dc=eisaIII,dc=com > ldap user suffix = ou=People > idmap uid = 10000-20000 > idmap gid = 10000-20000 > admin users = Administrador, "@Domain Admins" > cups options = raw > > [homes] > comment = Home Directories > read only = No > browseable = No > > [printers] > comment = All Printers > path = /var/spool/samba > printable = Yes > browseable = No > > [Profiles] > comment = Roaming Profile Share > path = /var/lib/samba/profiles > read only = No > profile acls = Yes > > [netlogon] > comment = Network Logon Service > path = /var/lib/samba/netlogon > admin users = root, maryo > guest ok = Yes > browseable = No > > > > Dominguez Gast?n Mat?as > > Inform?tica y Telecomunicaciones > > ELECTROINGENIERIA S.A. > > Divisi?n Nuclear > > Tel.: 0054-03487-481880 > > Fax: 0054-03487-481880 Int. 120/121 > > E-mail: gdominguez at eling.com.ar > > Web: <http://www.eling.com.ar/> www.eling.com.ar > > > >Deat Gast?n. I would think that the problem resides in the Minimum Password Age setting of the PDC. Please run 'net sam policy show "minimum password age"' and check if the value is greater than 0. If it is run 'net sam policy set "minimum password age" 0'. Best regards, David Wells.
Dominguez, Gaston Matias
2009-Sep-05 00:05 UTC
[Samba] Windows Users cannot change password on PDC Samba Server
I've this problems. I'm using on my smb.conf # Sincronizacion de cuentas LDAP, NT y LM # unix password sync = Yes ldap passwd sync = Yes passwd program = /usr/sbin/smbldap-passwd -u "%u" passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*" %n\n" [2009/09/03 14:05:16, 1] smbd/chgpasswd.c:change_oem_password(1057) Sep 3 14:05:16 eisaIII smbd[4801]: user test1 cannot change password now, must wait until vie, 04 sep 2009 17:29:06 ART I don't find what is the problem. Someone help me please? Here it's: [root at SRVDC01 ~]# testparm Load smb config files from /etc/samba/smb.conf Processing section "[homes]" Processing section "[printers]" Processing section "[Profiles]" Processing section "[netlogon]" Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions [global] workgroup = EISAIII server string = Samba Server Version %v on %L smb passwd file = /usr/bin/smbpasswd passdb backend = ldapsam:"ldap://127.0.0.1:389 <ldap://127.0.0.1:389%22> " username map = /etc/samba/smbusers syslog = 2 log file = /var/log/samba/log.%m max log size = 1000 time server = Yes add user script = /usr/sbin/smbldap-useradd -m "%u" delete user script = /usr/sbin/smbldap-userdel "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" delete group script = /usr/sbin/smbldap-groupdel "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" add machine script = /usr/sbin/smbldap-useradd -w %u logon script = scripts\logon.bat logon path = \\%L\Profiles\%U logon drive = Z: logon home = \\%L\%U domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins server = 192.168.6.3 ldap admin dn = cn=Administrador,dc=eisaIII,dc=com ldap delete dn = Yes ldap group suffix = ou=Group ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap passwd sync = Yes ldap suffix = dc=eisaIII,dc=com ldap user suffix = ou=People idmap uid = 10000-20000 idmap gid = 10000-20000 admin users = Administrador, "@Domain Admins" cups options = raw [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [Profiles] comment = Roaming Profile Share path = /var/lib/samba/profiles read only = No profile acls = Yes [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon admin users = root, maryo guest ok = Yes browseable = No Dominguez Gast?n Mat?as Inform?tica y Telecomunicaciones ELECTROINGENIERIA S.A. Divisi?n Nuclear Tel.: 0054-03487-481880 Fax: 0054-03487-481880 Int. 120/121 E-mail: gdominguez at eling.com.ar Web: <http://www.eling.com.ar/> www.eling.com.ar