Hai, on your master, in smb.conf
change these settings. ( im also running debian with pdc/bdc ldap master and multiple slaves through syncrepl ) passwd program = /usr/sbin/smbldap-passwd "%u" passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated* remove : unix password sync = Yes and try again. Louis >-----Oorspronkelijk bericht----- >Van: paik...@googlemail.com >[mailto:samba-boun...@lists.samba.org] Namens Dermot >Verzonden: 2011-08-16 12:48 >Aan: samba@lists.samba.org >Onderwerp: [Samba] window, samba and ldap passwords > >Hi, > >I recently migrated to a Samba3x domain. One issue that has been >reported to me is that XP users cannot change their password from >their PC. I have done some searching and I haven't seen a straight >forward answer to this. > >My config is > >ldap primary + Samba PDC on host A >ldap slave + samba BDC on host B > >I see this error in the machine log when someone attempts to change >their password: > >2011/08/16 10:04:11.137313, 0] auth/pampass.c:861(smb_pam_passchange) > smb_pam_passchange: PAM: Password Change Failed for user kreuze! >[2011/08/16 10:04:11.200891, 0] auth/pampass.c:705(smb_pam_chauthtok) > PAM: UNKNOWN PAM ERROR (8) for User: kreuze >[2011/08/16 10:04:11.201002, 0] auth/pampass.c:861(smb_pam_passchange) > smb_pam_passchange: PAM: Password Change Failed for user kreuze! >[2011/08/16 10:04:11.215657, 0] auth/pampass.c:705(smb_pam_chauthtok) > PAM: UNKNOWN PAM ERROR (8) for User: kreuze >[2011/08/16 10:04:11.215741, 0] auth/pampass.c:861(smb_pam_passchange) > smb_pam_passchange: PAM: Password Change Failed for user kreuze! > > >I have seen this article: >http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/pam. >html#id2667199 >but I am not sure if it's appropriate for my environment. I suspect >the answer to this may very dependent on my config. >Can anyone offer any advice? >Thanks in advance. >Dermot. > > >=========== smb.conf on PDC =========== > > dos charset = UTF-8 > display charset = UTF-8 > workgroup = FOO > server string = %h server > map to guest = Bad User > passdb backend = ldapsam:ldap://127.0.0.1/ > pam password change = Yes > passwd program = /usr/sbin/smbldap-passwd -u %u > passwd chat = *New*password* %n\n *Retype*new*password* %n\n >*all*authentication*tokens*updated* > unix password sync = Yes > log level = 1 > syslog = 0 > log file = /var/log/samba/log.%m > max log size = 1000 > smb ports = 139 445 > name resolve order = wins hosts bcast > time server = Yes > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > load printers = No > add user script = /usr/sbin/smbldap-useradd -m %u > delete user script = /usr/sbin/smbldap-userdel '%u' > delete group script = /usr/sbin/smbldap-groupdel %g > add user to group script = /usr/sbin/smbldap-groupmod -m %u %g > delete user from group script = >/usr/sbin/smbldap-groupmod -x %u %g > set primary group script = /usr/sbin/smbldap-usermod -g %g %u > add machine script = /usr/sbin/smbldap-useradd -w %u > logon script = logon.bat > logon path = > logon drive = U: > logon home = > domain logons = Yes > os level = 65 > preferred master = Auto > domain master = Yes > dns proxy = No > ldap admin dn = cn=admin,dc=mydomin,dc=co,dc=uk > ldap delete dn = Yes > ldap group suffix = ou=Groups > ldap idmap suffix = ou=idmap > ldap machine suffix = ou=Computers, ou=Users > ldap passwd sync = yes > ldap suffix = dc=mydomain,dc=co,dc=uk > ldap ssl = no > ldap timeout = 20 > ldap user suffix = ou=Users > panic action = /usr/share/samba/panic-action %d > idmap backend = ldap:"ldap://127.0.0.1/"; > idmap uid = 15000-20000 > idmap gid = 15000-20000 > map acl inherit = Yes > case sensitive = No > hide unreadable = Yes >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
