Dear All, Two years ago, in our little company, I installed SLES 10.2 with SAMBA 3.5.5.43 to retire our old Microsoft Windows 2000 Server and save some money. All was fine until last week when our chief asked to me to set password expiration for all clients. This morning, all users cannot logon because, when they logon, windows asks to change password and then it gives error error "Access Denied". In SAMBA logs I can see: api_rpcTNP: rpc command: SAMR_CHANGEPASSWORDUSER2 chgpasswd: Password change (as_root=Yes) for user: FederPal PAM: unable to obtain the new authentication token - is password to weak? smb_pam_error_handler: PAM: Password Change Failed : Authentication token manipulation error smb_pam_passchange: PAM: Password Change Failed for user FederPal! Here is my smb.conf: [global] security = user interfaces = 127.0.0.1 eth0 ldap ssl = no passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* admin users = @admin, root, administrator time server = Yes passwd program = /usr/bin/passwd %u cups options = raw netbios name = SAMBAPDC printing = cups logon script = netlogon.bat local master = Yes workgroup = SAMBAPDC os level = 99 printcap name = cups add machine script = /usr/sbin/useradd -d /home/machines/%u -g machines -s /bin/false -M %u max log size = 1000 log level = 3 log file = /var/log/samba/log.%m load printers = yes socket options = SO_KEEPALIVE TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 logon drive = H: map to guest = Bad User username map = /etc/samba/smbusers domain master = Yes encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd passdb backend = tdbsam logon home = \\serverpdc\%U wins support = Yes printcap cache time = 750 server string = Samba PDC - Version %v unix password sync = yes logon path = \\serverpdc\profiles\%U syslog = 0 preferred master = Yes pam password change = yes domain logons = Yes name resolve order = wins lmhosts hosts bcast [profiles] comment = Users Home Directories path = /home/profiles read only = No create mask = 0600 directory mask = 0700 browseable = No writeable = yes Have you any idea? Thanks and Regards, Luca
I'm sure that there is no bug in any of the recent samba releases. Please reopen, if you can reproduce this with a recent samba release.