We are using OPenldap-2.2.13-2 as backend to SambaPDC.We ave got a mixed clients setup.Linux boxes are no problem at all.But Win Xp (64bit) boxes do not allow users to change their password with the following error: "user cannot change his password at this time" The resulting logs being: [2007/04/07 00:32:12, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected [2007/04/07 00:32:12, 0] lib/util_sock.c:write_socket_data(430) write_socket_data: write failure. Error = Connection reset by peer [2007/04/07 00:32:12, 0] lib/util_sock.c:write_socket(455) write_socket: Error writing 4 bytes to socket 5: ERRNO = Connection reset by peer [2007/04/07 00:32:12, 0] lib/util_sock.c:send_smb(647) Error writing 4 bytes to client. -1. (Connection reset by peer) [2007/04/07 00:32:12, 2] smbd/server.c:exit_server(571) Closing connections [2007/04/07 00:32:12, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) init_sam_from_ldap: Entry found for user: sudhir [2007/04/07 00:32:12, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011) init_group_from_ldap: Entry found for group: 513 [2007/04/07 00:32:12, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [sudhir] -> [sudhir] -> [sudhir] succeeded [2007/04/07 00:32:12, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) init_sam_from_ldap: Entry found for user: sudhir [2007/04/07 00:32:12, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [sudhir] -> [sudhir] -> [sudhir] succeeded [2007/04/07 00:32:12, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) init_sam_from_ldap: Entry found for user: sudhir [2007/04/07 00:32:12, 1] smbd/chgpasswd.c:change_oem_password(1017) user sudhir cannot change password now, must wait until Mon, 18 Jan 2038 21:14:07 GMT Its clear from the logs that the user can change his password after 18 Jan 2038 21:14:07 GMT . The result of 'pdbedit -Lv username' is as follows: [root@ns ~]# pdbedit -Lv satyendra Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DIAT.AC.IN))] smbldap_open_connection: connection opened Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=DIAT.AC.IN))] smbldap_open_connection: connection opened init_sam_from_ldap: Entry found for user: satyendra Unix username: satyendra NT username: satyendra Account Flags: [U ] User SID: S-1-5-21-75321029-842577198-2410934301-3010 Primary Group SID: S-1-5-21-75321029-842577198-2410934301-513 Full Name: System User Home Directory: \\NS.DIAT.AC.IN\satyendra HomeDir Drive: H: Logon Script: logon.bat Profile Path: \\192.168.250.1\profiles\satyendra Domain: DIAT.AC.IN Account desc: System User Workstations: Munged dial: Logon time: 0 Logoff time: Mon, 18 Jan 2038 21:14:07 GMT Kickoff time: Mon, 18 Jan 2038 21:14:07 GMT Password last set: Fri, 30 Mar 2007 23:34:55 GMT Password can change: Mon, 18 Jan 2038 21:14:07 GMT Password must change: Tue, 15 May 2007 00:34:55 GMT Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF The "Password can change" field gets a default value which we cannot override. Even pdbedit -C --pwd-can-change-tine="MM-DD-YY" dosent change this value. Help Needed Varun
is this really Samba 3.0.9 ? Is so, then my best advice is to retest against a current Samba release.
You might also be able to just use pdbedit from the 3.0.25rc1 release. You might talk to you vendor (if this is a vendor provided version) about back porting the necessary changes to 3.0.9. If you can reopen this against 3.0.24 or 3.0.25rc1, please reopen.
Should have said: If you can reproduce this against 3.0.24 or 3.0.25rc1, please reopen.