Hello People ! I´m using the new version Debian 6.0 (squeeze), so I configurate ldap and Samba. But when i try log in windows machine, i enter with user and password, after click, show the message for change your password, so come the message say: you not have permission to change the password. See mys commands:
root@debian:~# smbclient -L localhost -U secretary Enter secretary's password: session setup failed: NT_STATUS_PASSWORD_MUST_CHANGE ---------------------------------------------------------------- root@debian# smbclient -L localhost -U rodrigo Enter rodrigo's password: session setup failed: NT_STATUS_LOGON_FAILURE ----------------------------------------------------------------- In the first the user is samba user, and second posix. root@debian-fileserver:~# ldapsearch -xLLL uid=secretaria dn: uid=secretaria,ou=Users,dc=defensoria,dc=net objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSamAccount cn: secretaria sn: secretaria givenName: secretaria uid: secretaria uidNumber: 1009 gidNumber: 513 homeDirectory: /home/secretaria loginShell: /bin/bash gecos: Secretaria sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 displayName: secretaria sambaSID: S-1-5-21-3973246732-289451499-211008055-3018 sambaPrimaryGroupSID: S-1-5-21-3973246732-289451499-211008055-513 sambaLogonScript: logon.bat sambaProfilePath: \\PDC-SRV\profiles\secretaria sambaHomePath: \\PDC-SRV\secretaria sambaHomeDrive: H: sambaLMPassword: 86A5FB68C21C24AAAAD3B435B51404EE sambaAcctFlags: [U] sambaNTPassword: 6755830B5B0326545526B270AFFF4EEA sambaPwdLastSet: 1343154178 sambaPwdMustChange: 1347042178 shadowMax: 45 root@debian-fileserver:~# ldapsearch -xLLL uid=rodrigo dn: uid=rodrigo,ou=Users,dc=defensoria,dc=net objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSamAccount cn: rodrigo sn: rodrigo givenName: rodrigo uid: rodrigo uidNumber: 1002 gidNumber: 513 homeDirectory: /home/rodrigo loginShell: /bin/bash gecos: System User sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 displayName: rodrigo sambaSID: S-1-5-21-3973246732-289451499-211008055-3004 sambaPrimaryGroupSID: S-1-5-21-3973246732-289451499-211008055-513 sambaLogonScript: logon.bat sambaProfilePath: \\PDC-SRV\profiles\rodrigo sambaHomePath: \\PDC-SRV\rodrigo sambaHomeDrive: H: sambaLMPassword: 37CB7D408A71AB28AAD3B435B51404EE sambaAcctFlags: [U] sambaNTPassword: D8139AC71D1B08A58445C69F60DB30AD sambaPwdLastSet: 1343157675 sambaPwdMustChange: 1347045675 shadowMax: 45 I have a red about sambaActFlags, I change this value with 0. But is not resolve. My Smb.conf [global] workgroup = DEFENSORIABH netbios name = DEFENSORIA server string = %h server interfaces = 127.0.0.0/8, eth0 bind interfaces only = Yes obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 name resolve order = lmhosts host wins bcast add user script = /usr/sbin/smbldap-useradd -m "%u" delete user script = /usr/sbin/smbldap-userdel "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" delete group script = /usr/sbin/smbldap-groupdel "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" add machine script = /usr/sbin/smbldap-useradd -w "%u" logon script = logon.cmd logon path = \\%N\profiles\%U logon drive = H: domain logons = Yes os level = 35 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=admin,dc=defensoria,dc=net ldap group suffix = ou=groups ldap idmap suffix = ou=idmap ldap machine suffix = ou=people ldap suffix = dc=defensoria,dc=net ldap ssl = no ldap user suffix = ou=people panic action = /usr/share/samba/panic-action %d idmap backend = ldap:ldap://10.26.7.46 idmap uid = 10000-20000 idmap gid = 10000-20000 My /etc/ldap/slapd.conf include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema #include /etc/ldap/schema/samba.schema include /etc/ldap/schema/misc.schema index objectClass eq index cn pres,sub,eq index sn pres,sub,eq index uid pres,sub,eq index displayName pres,sub,eq index default sub index uidNumber eq index gidNumber eq index mail,givenName eq,subinitial index dc eq database bdb suffix "dc=defensoria,dc=mg,dc=gov,dc=br" rootdn "cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br" #rootpw {SSHA}jtLR1an4EKJ7hKyMaPA7ZNvHzY7SG5M5 #rootpw {MD5}UURX0uvsL6q4+bFJJkUWew== directory /var/lib/ldap rootpw galo access to * by dn="cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br" write by users read by self write by * read access to attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdMustChange,sambaPwdLastSet by dn="cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br" write by self write by anonymous auth by * none access to attrs=shadowLastChange,shadowMax by dn="cn=admin,dc=defensoria,dc=mg,dc=gov,dc=br" write by self write by * read index objectClass eq Thanks ! Rodrigo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
