Hello People !
I?m using the new version Debian 6.0 (squeeze), so I configurate ldap and Samba.
But when i try log in windows machine, i enter with user and password, after
click,
show the message for change your password, so come the message say: you not have
permission to change the password. See mys commands:
root at debian:~# smbclient -L localhost -U secretary
Enter secretary's password:
session setup failed: NT_STATUS_PASSWORD_MUST_CHANGE
----------------------------------------------------------------
root at debian# smbclient -L localhost -U rodrigo
Enter rodrigo's password:
session setup failed: NT_STATUS_LOGON_FAILURE
-----------------------------------------------------------------
In the first the user is samba user, and second posix.
root at debian-fileserver:~# ldapsearch -xLLL uid=secretaria
dn: uid=secretaria,ou=Users,dc=defensoria,dc=net
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: secretaria
sn: secretaria
givenName: secretaria
uid: secretaria
uidNumber: 1009
gidNumber: 513
homeDirectory: /home/secretaria
loginShell: /bin/bash
gecos: Secretaria
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: secretaria
sambaSID: S-1-5-21-3973246732-289451499-211008055-3018
sambaPrimaryGroupSID: S-1-5-21-3973246732-289451499-211008055-513
sambaLogonScript: logon.bat
sambaProfilePath: \\PDC-SRV\profiles\secretaria
sambaHomePath: \\PDC-SRV\secretaria
sambaHomeDrive: H:
sambaLMPassword: 86A5FB68C21C24AAAAD3B435B51404EE
sambaAcctFlags: [U]
sambaNTPassword: 6755830B5B0326545526B270AFFF4EEA
sambaPwdLastSet: 1343154178
sambaPwdMustChange: 1347042178
shadowMax: 45
root at debian-fileserver:~# ldapsearch -xLLL uid=rodrigo
dn: uid=rodrigo,ou=Users,dc=defensoria,dc=net
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: rodrigo
sn: rodrigo
givenName: rodrigo
uid: rodrigo
uidNumber: 1002
gidNumber: 513
homeDirectory: /home/rodrigo
loginShell: /bin/bash
gecos: System User
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: rodrigo
sambaSID: S-1-5-21-3973246732-289451499-211008055-3004
sambaPrimaryGroupSID: S-1-5-21-3973246732-289451499-211008055-513
sambaLogonScript: logon.bat
sambaProfilePath: \\PDC-SRV\profiles\rodrigo
sambaHomePath: \\PDC-SRV\rodrigo
sambaHomeDrive: H:
sambaLMPassword: 37CB7D408A71AB28AAD3B435B51404EE
sambaAcctFlags: [U]
sambaNTPassword: D8139AC71D1B08A58445C69F60DB30AD
sambaPwdLastSet: 1343157675
sambaPwdMustChange: 1347045675
shadowMax: 45
I have a red about sambaActFlags, I change this value with 0. But is not
resolve.
My Smb.conf
[global]
??????? workgroup = DEFENSORIABH
??????? netbios name = DEFENSORIA
??????? server string = %h server
??????? interfaces = 127.0.0.0/8, eth0
??????? bind interfaces only = Yes
??????? obey pam restrictions = Yes
??????? pam password change = Yes
??????? passwd program = /usr/bin/passwd %u
??????? passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
??????? unix password sync = Yes
??????? syslog = 0
??????? log file = /var/log/samba/log.%m
??????? max log size = 1000
??????? name resolve order = lmhosts host wins bcast
??????? add user script = /usr/sbin/smbldap-useradd -m "%u"
??????? delete user script = /usr/sbin/smbldap-userdel "%u"
??????? add group script = /usr/sbin/smbldap-groupadd -p "%g"
??????? delete group script = /usr/sbin/smbldap-groupdel "%g"
??????? add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
"%g"
??????? delete user from group script = /usr/sbin/smbldap-groupmod -x
"%u" "%g"
??????? set primary group script = /usr/sbin/smbldap-usermod -g "%g"
"%u"
??????? add machine script = /usr/sbin/smbldap-useradd -w "%u"
??????? logon script = logon.cmd
??????? logon path = \\%N\profiles\%U
??????? logon drive = H:
??????? domain logons = Yes
??????? os level = 35
??????? preferred master = Yes
??????? domain master = Yes
??????? dns proxy = No
??????? wins support = Yes
??????? ldap admin dn = cn=admin,dc=defensoria,dc=net
??????? ldap group suffix = ou=groups
??????? ldap idmap suffix = ou=idmap
??????? ldap machine suffix = ou=people
??????? ldap suffix = dc=defensoria,dc=net
??????? ldap ssl = no
??????? ldap user suffix = ou=people
??????? panic action = /usr/share/samba/panic-action %d
??????? idmap backend = ldap:ldap://10.26.7.46
??????? idmap uid = 10000-20000
??????? idmap gid = 10000-20000
??????? My /etc/ldap/slapd.conf
include????????? /etc/ldap/schema/core.schema
include????????? /etc/ldap/schema/cosine.schema
include????????? /etc/ldap/schema/nis.schema
include????????? /etc/ldap/schema/inetorgperson.schema
#include???????? /etc/ldap/schema/samba.schema
include????????? /etc/ldap/schema/misc.schema
index?? objectClass???????????? eq
index?? cn????????????????????? pres,sub,eq
index?? sn????????????????????? pres,sub,eq
index?? uid???????????????????? pres,sub,eq
index?? displayName???????????? pres,sub,eq
index?? default???????????????? sub
index?? uidNumber?????????????? eq
index?? gidNumber?????????????? eq
index?? mail,givenName????????? eq,subinitial
index?? dc????????????????????? eq
database bdb
suffix "dc=defensoria,dc=mg,dc=gov,dc=br"
rootdn "cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br"
#rootpw {SSHA}jtLR1an4EKJ7hKyMaPA7ZNvHzY7SG5M5
#rootpw {MD5}UURX0uvsL6q4+bFJJkUWew=directory /var/lib/ldap
rootpw galo
access to *
??????? by dn="cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br" write
??????? by users read
??????? by self write
??????? by * read
access to
attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdMustChange,sambaPwdLastSet
??????? by dn="cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br" write
??????? by self write
??????? by anonymous auth
??????? by * none
access to attrs=shadowLastChange,shadowMax
??????? by dn="cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br" write
??????? by self write
??????? by * read
index objectClass eq
Thanks !
Rodrigo
