[Samba] error "you do not have permission to change your password"

Tue, 27 Mar 2007 05:13:24 -0800 

Hi everyone,

I have had a problem for a while now, and haven't been able to figure it out
on my own, so I'm asking for help. When a user tries to change their
password they receive the aforementioned error. I am running Samba 3.0.10 on
CentOS 4.4 (Red Hat Enterprise) with an LDAP backend. I have the
smbldap-tools scripts installed and have them setup in my smb.conf (see
below).

What I can't figure out is that when I run smbldap-passwd -u %username% as
root from any samba server (PDC or BDC) the command is successful and if I
run smbpasswd -U %username% from the PDC (which is how I understand it is
called by samba) it also completes successfully.

What am I missing?

Thanks,

Mike Elkevizth
Data Control Systems


        # Password change and create options for domain control

        lanman auth = no
        encrypt passwords = yes
        username map = /etc/samba/smbusers
        unix password sync = yes
        passwd chat timeout = 6
        ldap delete dn = yes
        passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new
password*" %n\n"
        passwd program = /usr/sbin/smbldap-passwd -u "%u"
        add machine script = /usr/sbin/smbldap-useradd -w "%u"
        add user script = /usr/sbin/smbldap-useradd -a -m "%u"
        add group script = /usr/sbin/smbldap-groupadd -p "%g"
        add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
        set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
        delete user script = /usr/sbin/smbldap-userdel "%u"
        delete group script = /usr/sbin/smbldap-groupdel "%g"
        delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"

        # LDAP settings

        passdb backend = ldapsam:"ldap://localhost ldap://dcs001 ldap://dcs002
ldap://dcs003 ldap://dcs004";
        idmap backend = ldap:"ldap://localhost ldap://dcs001 ldap://dcs002
ldap://dcs003 ldap://dcs004";
        ldap timeout = 5
        ldap ssl = start_tls
        ldap admin dn = cn=sambauser,ou=DSA,dc=dcs
        ldap suffix = dc=dcs
        ldap machine suffix = ou=People
        ldap user suffix = ou=People
        ldap group suffix = ou=Groups
        ldap idmap suffix = ou=Idmap
        ldap replication sleep = 1000

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Reply via email to