changing user passwords from win2K client - SMB

This is a discussion on changing user passwords from win2K client - SMB ; Sorry if this is an old chestnut, I have seen a few references to this on google but no workarounds, perhaps I am asking the wrong questions. I can create and edit my samba users with ease from webmin. When ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: changing user passwords from win2K client

  1. changing user passwords from win2K client

    Sorry if this is an old chestnut, I have seen a few references to this on
    google but no workarounds, perhaps I am asking the wrong questions.

    I can create and edit my samba users with ease from webmin. When I go to
    the windows box and try to change passwords (after a successful logon, of
    course) I get "The system cannot change your password now because the domain
    is not available"

    Cheers

    Mike


    Details:
    PDC: Mandrake 10 (Flasheart)
    Win2Ksp4 (Melchett,Queenie)
    Samba 3.02
    Webmin 1.121

    smb.conf as follows (names changed to save the useless, i.e. me)
    ************************************************** *************************
    [global]

    add group script = /usr/sbin/groupadd %g

    idmap gid = 15000-20000

    delete group script = /usr/sbin/groupdel %g

    add user to group script = /usr/sbin/usermod -G %g %u

    wins server = xxx.xxx.xxx.xxx

    logon drive = H:

    prefered master = Yes

    domain master = Yes

    encrypt passwords = yes

    passwd program = tdnsam

    logon home = \\%L\%U

    netbios name = flasheart

    idmap uid = 15000-20000

    workgroup = blah

    logon path = \\%L\Profiles\%U

    os level = 65

    add user script = /usr/sbin/useradd -m %u

    add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u

    delete user script = /usr/sbin/userdel -r %u

    domain logons = Yes

    [homes]

    comment = Home Directories

    browseable = no

    writable = yes

    [profiles]

    path = /samba/profiles

    profile acls = yes

    writable = yes

    browseable = no

    guest ok = yes

    [netlogon]

    comment = Network Logon service

    path = /var/lib/samba/netlogon

    guest ok = yes

    writable = no

    share modes = no

    ************************************************** **************************



  2. Re: changing user passwords from win2K client

    mikegw wrote:

    > Sorry if this is an old chestnut, I have seen a few references to this on
    > google but no workarounds, perhaps I am asking the wrong questions.
    >
    > I can create and edit my samba users with ease from webmin. When I go to
    > the windows box and try to change passwords (after a successful logon, of
    > course) I get "The system cannot change your password now because the
    > domain is not available"
    >

    What does "testparm" tell - does it say "ROLE standalone" or "ROLE
    DOMAIN_PDC"?
    What do you get from "nbtstat -a flashheart"?

    ....
    > smb.conf as follows (names changed to save the useless, i.e. me)
    >

    ************************************************** *************************
    > [global]
    >
    > add group script = /usr/sbin/groupadd %g
    >
    > idmap gid = 15000-20000
    >
    > delete group script = /usr/sbin/groupdel %g
    >
    > add user to group script = /usr/sbin/usermod -G %g %u
    >
    > wins server = xxx.xxx.xxx.xxx


    Which externel wins server do you have here?
    If the pdc should be wins server by himself, you need
    "wins support = yes" instead and no reference to a external wins.
    >
    > logon drive = H:
    >
    > prefered master = Yes


    Typo? Use "testparm" ...
    >
    > domain master = Yes
    >
    > encrypt passwords = yes
    >
    > passwd program = tdnsam


    Again typo
    >
    > logon home = \\%L\%U
    >
    > netbios name = flasheart
    >
    > idmap uid = 15000-20000
    >
    > workgroup = blah
    >
    > logon path = \\%L\Profiles\%U
    >
    > os level = 65
    >
    > add user script = /usr/sbin/useradd -m %u
    >
    > add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u
    >
    > delete user script = /usr/sbin/userdel -r %u
    >
    > domain logons = Yes
    >
    > [homes]
    >
    > comment = Home Directories
    >
    > browseable = no
    >
    > writable = yes
    >
    > [profiles]
    >
    > path = /samba/profiles
    >
    > profile acls = yes
    >

    Not necessary for a pdc. There should be native acl support in samba and
    your filesystem. Use "acl" in the /etc/fstab mount line (man mount).


    --
    Longhorn error#4711: TCPA / NGSCB VIOLATION: Microsoft optical mouse
    detected penguin patterns on mousepad. Partition scan in progress
    *to*remove*offending*incompatible*products.**React ivate*your*MS*software.
    Linux woodpecker.homnet.at 2.6.8reiser4pkt*[LinuxCounter#295241]

  3. Re: changing user passwords from win2K client


    "Walter Mautner" wrote in message
    news:mqck02-ckb.ln1@ID-104681.user.uni-berlin.de...
    > mikegw wrote:
    >
    > > Sorry if this is an old chestnut, I have seen a few references to this

    on
    > > google but no workarounds, perhaps I am asking the wrong questions.
    > >
    > > I can create and edit my samba users with ease from webmin. When I go

    to
    > > the windows box and try to change passwords (after a successful logon,

    of
    > > course) I get "The system cannot change your password now because the
    > > domain is not available"
    > >

    Thanks, one day I should learn how to spell and type propper. Grammar I
    think I will have to give up on smb.conf corrections in place. The
    strange thing is that testparm did not catch them, I assume that samba
    ignored them and used defaults??

    I can now change my passwords, however I notice ( and apoligise as this may
    have been the underlying fault). That changing the password from the win2k
    client will come up with the previous error message, BUT it will process the
    change in password on the account.


    > What does "testparm" tell - does it say "ROLE standalone" or "ROLE
    > DOMAIN_PDC"?


    ROLE_DOMAIN_PDC

    > What do you get from "nbtstat -a flashheart"?

    as below, again ip's stripped blah blah blah.
    >

    ************************************************** ******

    Local Area Connection:
    Node IpAddress: [yyy.yyy.yyy.yyy] Scope Id: []
    NetBIOS Remote Machine Name Table
    Name Type Status
    ---------------------------------------------
    FLASHEART <00> UNIQUE Registered
    FLASHEART <03> UNIQUE Registered
    FLASHEART <20> UNIQUE Registered
    FLASHEART <00> UNIQUE Registered
    FLASHEART <03> UNIQUE Registered
    FLASHEART <20> UNIQUE Registered
    ..__MSBROWSE__.<01> GROUP Registered
    PARTCATLAB <00> GROUP Registered
    PARTCATLAB <1B> UNIQUE Registered
    PARTCATLAB <1C> GROUP Registered
    PARTCATLAB <1D> UNIQUE Registered
    PARTCATLAB <1E> GROUP Registered
    PARTCATLAB <00> GROUP Registered
    PARTCATLAB <1B> UNIQUE Registered
    PARTCATLAB <1C> GROUP Registered
    PARTCATLAB <1D> UNIQUE Registered
    PARTCATLAB <1E> GROUP Registered

    MAC Address = 00-00-00-00-00-00


    ************************************************** *******

    >


    smb.conf snipped to save bandwidth.

    The wins server is an external server of which I have no access to. It was
    added so our CSO can see the machine from afar.

    Mike



  4. Re: changing user passwords from win2K client

    mikegw wrote:

    >
    > "Walter Mautner" wrote

    ....
    > Thanks, one day I should learn how to spell and type propper. Grammar I
    > think I will have to give up on smb.conf corrections in place. The
    > strange thing is that testparm did not catch them, I assume that samba
    > ignored them and used defaults??
    >

    Maybe. For interest, I tested with "prefered master", no complaint. With
    "pr0ferred master", came "unknown parameter". Have they built in some fuzzy
    logic? ;-)

    > I can now change my passwords, however I notice ( and apoligise as this
    > may
    > have been the underlying fault). That changing the password from the
    > win2k client will come up with the previous error message, BUT it will
    > process the change in password on the account.
    >

    Did you check the "wins server" issue also? You haven't mentioned it here.
    Looks like your windows boxen run into timeout while waiting for the
    "successful" reply from the pdc. Watch the pdc logfiles, maybe set "log
    level = 3" for a while.
    >
    >> What does "testparm" tell - does it say "ROLE standalone" or "ROLE
    >> DOMAIN_PDC"?

    >
    > ROLE_DOMAIN_PDC
    >

    Ok. That's the main check.

    .....
    > smb.conf snipped to save bandwidth.
    >
    > The wins server is an external server of which I have no access to. It
    > was added so our CSO can see the machine from afar.
    >

    Hmm. And the wins server is also added to the windows boxen tcpip
    configuration so they can register there?

    --
    Longhorn error#4711: TCPA / NGSCB VIOLATION: Microsoft optical mouse
    detected penguin patterns on mousepad. Partition scan in progress
    *to*remove*offending*incompatible*products.**React ivate*your*MS*software.
    Linux woodpecker.homnet.at 2.6.8reiser4pkt*[LinuxCounter#295241]

  5. Re: changing user passwords from win2K client

    > >
    > Did you check the "wins server" issue also? You haven't mentioned it here.
    > Looks like your windows boxen run into timeout while waiting for the
    > "successful" reply from the pdc. Watch the pdc logfiles, maybe set "log
    > level = 3" for a while.



    Thank you for your help. I have the log file here from the pdc. The log
    file of interest is log.queenie where queenie is the machine I logged into
    changed the password and exited. The file itself is quite large ~1MB and I
    doubt I would make people happy posting it on usenet.

    If it is not too much trouble I would like to post a zipped version (37kb)
    of this file to you. my email is m i k e g w 2 0 at h o t m a i l dot c o m

    Thankyou for your help

    Mike



+ Reply to Thread