Bug 6346 - Cannot change password from NT machine
Cannot change password from NT machine
Status: RESOLVED FIXED
Product: Samba 3.3
Classification: Unclassified
Component: Domain Control
3.3.4
x86 Windows NT
: P3 minor
: ---
Assigned To: Jeremy Allison
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-05-10 11:03 UTC by TAKAHASHI Motonobu
Modified: 2009-06-16 17:01 UTC (History)
1 user (show)

See Also:


Attachments
Level 10 log (compressed) (4.13 KB, application/octet-stream)
2009-05-11 10:29 UTC, TAKAHASHI Motonobu
no flags Details
Level 10 log (compressed) (4.09 KB, application/octet-stream)
2009-05-11 10:31 UTC, TAKAHASHI Motonobu
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description TAKAHASHI Motonobu 2009-05-10 11:03:35 UTC
Cannot change password from/on NT machine againt Samba domain.
Can change from/on W2K/WXP machine:

smb.conf
-----
[global]
  dos charset = CP932
  UNIX charset = UTF-8
  workgroup = SAMBA
  domain logons = yes

  passdb backend = ldapsam
  ldapsam:trusted = yes
  ldapsam:editposix = yes

  netbios name = SAMBA34A

  os level = 32

  wins support = yes
  obey pam restrictions = yes

  ldap admin dn = cn=admin,dc=samba,dc=local
  ldap password sync = yes
  ldap delete dn = yes
  ldap group suffix = ou=groups
  ldap machine suffix = ou=computers
  ldap user suffix = ou=users
  ldap suffix = dc=samba,dc=local
  ldap ssl = no

  ldap idmap suffix = ou=idmap

  idmap backend = ldap:ldap://127.0.0.1
  idmap uid = 10000-19999
  idmap gid = 10000-19999

  log level = 3
-----
Comment 1 Karolin Seeger 2009-05-11 04:02:09 UTC
Please provide a level 10 log file of that particular operation.
Thanks!
Comment 2 TAKAHASHI Motonobu 2009-05-11 10:29:05 UTC
Created attachment 4138 [details]
Level 10 log (compressed)

Samba 3.3.4 + Windows NT Workstation 4.0 SP6a

My smb.conf:

[global]
  workgroup = SAMBA
  domain logons = yes

  passdb backend = ldapsam
  ldapsam:trusted = yes
  ldapsam:editposix = yes

  netbios name = SAMBA34A

  os level = 32

  wins support = yes

  ldap admin dn = cn=admin,dc=samba,dc=local
  ldap password sync = yes
  ldap delete dn = yes
  ldap group suffix = ou=groups
  ldap machine suffix = ou=computers
  ldap user suffix = ou=users
  ldap suffix = dc=samba,dc=local
  ldap ssl = no

  ldap idmap suffix = ou=idmap

  idmap backend = ldap:ldap://127.0.0.1
  idmap uid = 10000-19999
  idmap gid = 10000-19999
-----

Operations:

(1) Press alt+ctrl+del
(2) Push "Change password" menu
(3) Input correct password
(4) Error dialog is displayed.
Comment 3 TAKAHASHI Motonobu 2009-05-11 10:31:40 UTC
Created attachment 4139 [details]
Level 10 log (compressed)

2nd level 10 log: the error message is :

-----
[2009/05/12 00:15:20,  2] rpc_server/srv_samr_nt.c:access_check_samr_function(24
7)
  _samr_GetUserPwInfo: ACCESS DENIED (granted: 0x000d04e4;  required: 0x00000010)
-----
Comment 4 Guenther Deschner 2009-05-19 03:34:38 UTC
another samr access checks incarnation. 
Comment 5 Guenther Deschner 2009-06-16 17:01:11 UTC
Should be fixed in Samba 3.3.5.

Please reopen if still an issue.