Hello People ! I?m using the new version Debian 6.0 (squeeze), so I configurate ldap and Samba. But when i try log in windows machine, i enter with user and password, after click, show the message for change your password, so come the message say: you not have permission to change the password. See mys commands: root at debian:~# smbclient -L localhost -U secretary Enter secretary's password: session setup failed: NT_STATUS_PASSWORD_MUST_CHANGE ---------------------------------------------------------------- root at debian# smbclient -L localhost -U rodrigo Enter rodrigo's password: session setup failed: NT_STATUS_LOGON_FAILURE ----------------------------------------------------------------- In the first the user is samba user, and second posix. root at debian-fileserver:~# ldapsearch -xLLL uid=secretaria dn: uid=secretaria,ou=Users,dc=defensoria,dc=net objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSamAccount cn: secretaria sn: secretaria givenName: secretaria uid: secretaria uidNumber: 1009 gidNumber: 513 homeDirectory: /home/secretaria loginShell: /bin/bash gecos: Secretaria sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 displayName: secretaria sambaSID: S-1-5-21-3973246732-289451499-211008055-3018 sambaPrimaryGroupSID: S-1-5-21-3973246732-289451499-211008055-513 sambaLogonScript: logon.bat sambaProfilePath: \\PDC-SRV\profiles\secretaria sambaHomePath: \\PDC-SRV\secretaria sambaHomeDrive: H: sambaLMPassword: 86A5FB68C21C24AAAAD3B435B51404EE sambaAcctFlags: [U] sambaNTPassword: 6755830B5B0326545526B270AFFF4EEA sambaPwdLastSet: 1343154178 sambaPwdMustChange: 1347042178 shadowMax: 45 root at debian-fileserver:~# ldapsearch -xLLL uid=rodrigo dn: uid=rodrigo,ou=Users,dc=defensoria,dc=net objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSamAccount cn: rodrigo sn: rodrigo givenName: rodrigo uid: rodrigo uidNumber: 1002 gidNumber: 513 homeDirectory: /home/rodrigo loginShell: /bin/bash gecos: System User sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 displayName: rodrigo sambaSID: S-1-5-21-3973246732-289451499-211008055-3004 sambaPrimaryGroupSID: S-1-5-21-3973246732-289451499-211008055-513 sambaLogonScript: logon.bat sambaProfilePath: \\PDC-SRV\profiles\rodrigo sambaHomePath: \\PDC-SRV\rodrigo sambaHomeDrive: H: sambaLMPassword: 37CB7D408A71AB28AAD3B435B51404EE sambaAcctFlags: [U] sambaNTPassword: D8139AC71D1B08A58445C69F60DB30AD sambaPwdLastSet: 1343157675 sambaPwdMustChange: 1347045675 shadowMax: 45 I have a red about sambaActFlags, I change this value with 0. But is not resolve. My Smb.conf [global] ??????? workgroup = DEFENSORIABH ??????? netbios name = DEFENSORIA ??????? server string = %h server ??????? interfaces = 127.0.0.0/8, eth0 ??????? bind interfaces only = Yes ??????? obey pam restrictions = Yes ??????? pam password change = Yes ??????? passwd program = /usr/bin/passwd %u ??????? passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . ??????? unix password sync = Yes ??????? syslog = 0 ??????? log file = /var/log/samba/log.%m ??????? max log size = 1000 ??????? name resolve order = lmhosts host wins bcast ??????? add user script = /usr/sbin/smbldap-useradd -m "%u" ??????? delete user script = /usr/sbin/smbldap-userdel "%u" ??????? add group script = /usr/sbin/smbldap-groupadd -p "%g" ??????? delete group script = /usr/sbin/smbldap-groupdel "%g" ??????? add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" ??????? delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" ??????? set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" ??????? add machine script = /usr/sbin/smbldap-useradd -w "%u" ??????? logon script = logon.cmd ??????? logon path = \\%N\profiles\%U ??????? logon drive = H: ??????? domain logons = Yes ??????? os level = 35 ??????? preferred master = Yes ??????? domain master = Yes ??????? dns proxy = No ??????? wins support = Yes ??????? ldap admin dn = cn=admin,dc=defensoria,dc=net ??????? ldap group suffix = ou=groups ??????? ldap idmap suffix = ou=idmap ??????? ldap machine suffix = ou=people ??????? ldap suffix = dc=defensoria,dc=net ??????? ldap ssl = no ??????? ldap user suffix = ou=people ??????? panic action = /usr/share/samba/panic-action %d ??????? idmap backend = ldap:ldap://10.26.7.46 ??????? idmap uid = 10000-20000 ??????? idmap gid = 10000-20000 ??????? My /etc/ldap/slapd.conf include????????? /etc/ldap/schema/core.schema include????????? /etc/ldap/schema/cosine.schema include????????? /etc/ldap/schema/nis.schema include????????? /etc/ldap/schema/inetorgperson.schema #include???????? /etc/ldap/schema/samba.schema include????????? /etc/ldap/schema/misc.schema index?? objectClass???????????? eq index?? cn????????????????????? pres,sub,eq index?? sn????????????????????? pres,sub,eq index?? uid???????????????????? pres,sub,eq index?? displayName???????????? pres,sub,eq index?? default???????????????? sub index?? uidNumber?????????????? eq index?? gidNumber?????????????? eq index?? mail,givenName????????? eq,subinitial index?? dc????????????????????? eq database bdb suffix "dc=defensoria,dc=mg,dc=gov,dc=br" rootdn "cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br" #rootpw {SSHA}jtLR1an4EKJ7hKyMaPA7ZNvHzY7SG5M5 #rootpw {MD5}UURX0uvsL6q4+bFJJkUWew=directory /var/lib/ldap rootpw galo access to * ??????? by dn="cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br" write ??????? by users read ??????? by self write ??????? by * read access to attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdMustChange,sambaPwdLastSet ??????? by dn="cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br" write ??????? by self write ??????? by anonymous auth ??????? by * none access to attrs=shadowLastChange,shadowMax ??????? by dn="cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br" write ??????? by self write ??????? by * read index objectClass eq Thanks ! Rodrigo