7722 – SAMBA as PDC on SLES 10.2 - Error when Users on Windows Client try to change password

Bug 7722 - SAMBA as PDC on SLES 10.2 - Error when Users on Windows Client try to change password

Summary: SAMBA as PDC on SLES 10.2 - Error when Users on Windows Client try to change ...

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	Samba 3.5
Classification:	Unclassified
Component:	Domain Control (show other bugs)
Version:	3.5.5
Hardware:	Other Linux

Importance:	P3 major
Target Milestone:	---
Assignee:	Guenther Deschner
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-10-11 04:36 UTC by luca_santoro@libero.it
Modified:	2018-03-27 19:56 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description luca_santoro@libero.it 2010-10-11 04:36:04 UTC

Dear All,
Two years ago, in our little company, I installed SLES 10.2 with SAMBA 3.5.5.43 to retire our old Microsoft Windows 2000 Server and save some money.

All was fine until last week when our chief asked to me to set password expiration for all clients.
This morning, all users cannot logon because, when they logon, windows asks to change password and then it gives error error "Access Denied".

In SAMBA logs I can see:
api_rpcTNP: rpc command: SAMR_CHANGEPASSWORDUSER2
chgpasswd: Password change (as_root=Yes) for user: FederPal
PAM: unable to obtain the new authentication token - is password to weak?
smb_pam_error_handler: PAM: Password Change Failed : Authentication token manipulation error
smb_pam_passchange: PAM: Password Change Failed for user FederPal!

Here is my smb.conf:
[global]
security = user
interfaces = 127.0.0.1 eth0
ldap ssl = no
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
admin users = @admin, root, administrator
time server = Yes
passwd program = /usr/bin/passwd %u
cups options = raw
netbios name = SAMBAPDC
printing = cups
logon script = netlogon.bat
local master = Yes
workgroup = SAMBAPDC
os level = 99
printcap name = cups
add machine script = /usr/sbin/useradd -d /home/machines/%u -g machines -s /bin/false -M %u
max log size = 1000
log level = 3
log file = /var/log/samba/log.%m
load printers = yes
socket options = SO_KEEPALIVE TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
logon drive = H:
map to guest = Bad User
username map = /etc/samba/smbusers
domain master = Yes
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
passdb backend = tdbsam
logon home = \\serverpdc\%U
wins support = Yes
printcap cache time = 750
server string = Samba PDC - Version %v
unix password sync = yes
logon path = \\serverpdc\profiles\%U
syslog = 0
preferred master = Yes
pam password change = yes
domain logons = Yes
name resolve order = wins lmhosts hosts bcast

[profiles]
comment = Users Home Directories
path = /home/profiles
read only = No
create mask = 0600
directory mask = 0700
browseable = No
writeable = yes

Have you any idea?

Thanks and Regards,

Luca

Comment 1 Björn Jacke 2018-03-27 19:56:50 UTC

I'm sure that there is no bug in any of the recent samba releases. Please reopen, if you can reproduce this with a recent samba release.