Hi list,
My brand new samba network is working pretty good, ironing out some
glitches.
Win XP users cannot change their password.
I use SaMBa as a domain-controller with an LDAP backend.
A stripped down version of the config is below.
I set minimum password length to 8, trying to change the password to a 7
char long gives me the messages that the password does not meet
requirements. So that part seems to be working.
However using an 8 char long pass (with numbers etc) gives me the msg
that I don't have enough permissions to change the passwd.
This is going to be an issue in 30 days, when users are required to
change their passwd...
Used pdbedit to set those requirements
Tips and hints are welcome.
The log shows:
2008/11/13 12:54:19, 0] auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create Users
[2008/11/13 12:54:19, 0] lib/util_sock.c:read_socket_with_timeout(497)
read_socket_with_timeout: timeout read. read error = Input/output error.
[2008/11/13 12:54:19, 0] lib/util_sock.c:read_socket_with_timeout(497)
read_socket_with_timeout: timeout read. read error = Input/output error.
[2008/11/13 12:55:02, 0] auth/auth_util.c:create_builtin_administrators(792)
create_builtin_administrators: Failed to create Administrators
[2008/11/13 12:55:02, 0] auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create Users
Thanks
Peter
[global]
workgroup = ENGIN
server string = fileserver
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = user
encrypt passwords = true
passdb backend = ldapsam:ldap://localhost/
obey pam restrictions = no
ldap admin dn = cn=xxx,dc=xxx,dc=xxx
ldap suffix = dc=xxx, dc=xxx
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
ldap passwd sync = Yes
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*all*authentication*tokens*updated*
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
domain logons = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
logon path =
logon script = allusers.bat
load printers = yes
printcap name = cups
printing = cups
use client driver = yes
cups options = raw
socket options = TCP_NODELAY
[homes]
comment = Home directories
browseable = no
read only = no
create mask = 0700
directory mask = 0700
valid users = %S
hide dot files = yes
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = yes
read only = yes
share modes = no
[shared]
comment = Shared by all
path = /data/shares/shared
create mask = 0770
directory mask = 0770
users = %S
force group = "Domain users"
read only = no
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
