Greetings list.
I've been trolling the archives and google searches all morning and cannot
seem to come up with an answer to this, though I'm not the first to
experience the problem. I'm running samba on FreeBSD 5.2.1-p4, installed
from the ports collection.
When a user other than root attempts to change an smb password (either
through SWAT or with smbpasswd) I get the following error:
(These users were originally created using SWAT, do show up in the smbpasswd
file)
smbpasswd
Old SMB password:
New SMB password:
Retype new SMB password:
machine 127.0.0.1 rejected the password change: Error was : RAP86: The
specified password is invalid.
Failed to change password for testuser
>From the log.servername:
[2004/06/16 11:49:17, 0] rpc_server/srv_pipe.c:api_pipe_auth_process(1307)
api_pipe_auth_process: NTLMSSP check failed.
[2004/06/16 11:49:17, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(586)
process_request_pdu: failed to do auth processing.
[2004/06/16 11:49:17, 1] smbd/chgpasswd.c:check_oem_password(822)
LM password change supplied for user testuser, but we have no LanMan
password to check it with
If I remove "lanman auth = No: from the smb.conf file I get this instead:
[2004/06/16 11:47:33, 0] rpc_server/srv_pipe.c:api_pipe_auth_process(1307)
api_pipe_auth_process: NTLMSSP check failed.
[2004/06/16 11:47:33, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(586)
process_request_pdu: failed to do auth processing.
On the client side, when attempting to change password using ctl-alt-delete
the user will see an error stating that they do not have permission to
change their password.
I've included my smb.conf file as an attachment, any pointers in the right
direction would be very greatly appreciated.
Thanks!
Sean.
<<smb_conf.txt>>
# Samba config file created using SWAT
# from 192.168.0.1 (192.168.0.1)
# Date: 2004/06/01 11:42:58
# Global parameters
[global]
workgroup = DOMAIN
server string = Samba %v on %L
passdb backend = tdbsam
passwd program = /usr/bin/passwd %u
passwd chat = *New\sPassword:* %n\n *Retype\snew\spassword:* %n\n
*passwd:\sdone*
unix password sync = Yes
lanman auth = No
log file = /var/log/samba/log.%m
max log size = 50
min protocol = NT1
add user script = /usr/sbin/pw useradd %u -d /home/%u -c "Samba User Account"
-s /bin/bash -g staff
delete user script = /usr/sbin/pw userdel %u
add group script = /usr/sbin/pw groupadd %g
delete group script = /usr/sbin/pw groupdel %g
add machine script = /usr/sbin/pw useradd %u -d /dev/null -c "Samba Machine
Account" -s /sbin/nologon -g machines
logon script = logon.bat
logon path = \\%L\Profiles\%U
logon drive = H:
domain logons = Yes
os level = 65
lm announce = No
preferred master = Yes
domain master = Yes
dns proxy = No
invalid users = bin, deamon, sys, man, toor, operator, tty, kmem, games, sshd,
smmsp, mailnull, bind, uucp, xten, pop, www
admin users = @wheel
hide unreadable = Yes
veto files = /.AppleDB/.AppleDouble/Network Trash Folder/*DS_Store/Temporary
Items/TheVolumeSettingsFolder/.snap/.AppleDesktop/
load printers = yes
printing = cups
printcap = cups
[homes]
comment = Home Directories
read only = No
browseable = No
[netlogon]
comment = Network Logon Service
path = /usr/local/samba/netlogon
guest ok = Yes
share modes = No
[Profiles]
path = /usr/local/samba/profiles
read only = No
create mask = 0700
directory mask = 0700
guest ok = Yes
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = yes
public = yes
printer admin = @wheel
writable = no
[print$]
comment = Printer Drivers
path = /usr/local/samba/pdrivers
browseable = yes
guest ok = no
read only = yes
write list = root
[shared]
comment = Shared access folder
path = /usr/home/share
read only = No
create mask = 0777
directory mask = 0777
[archive]
comment = Archive is not backed up
path = /usr/var/spool/archive
read only = No
create mask = 0777
directory mask = 0777
[HPLaserjet5]
comment = LaserJet 5simx
path = /var/spool/samba
printable = Yes
public = yes
printer admin = @wheel
writable = no
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
