| huynguyen |
07-24-2010 02:46 AM |
Samba Openldap PDC can not change password from Windows XP client
Hi All,
I finished setup Samba PDC with Openldap backend. I can joint Winxp client to domain but can not change pass by press Ctrl + Alt + Delete and choose Change password button
This is my conf.
I used
samba3x-3.3.8
openldap 2.3.43
slapd.access.conf
Code:
access to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword
by dn="cn=Manager,dc=microhdesk,dc=net" write
by anonymous auth
by self write
by * none
access to dn.base="" by * read
access to *
by dn="cn=Manager,dc=microhdesk,dc=net" write
by * read
smb.conf
Code:
[global]
workgroup = MICROHDESK.NET
netbios name = PDC-SVR
passdb backend = ldapsam:ldap://192.168.10.1
printcap name = cups
printing = cups
security = user
log level = 3
ldap ssl = off
ldap admin dn = cn=Manager,dc=microhdesk,dc=net
ldap suffix = dc=microhdesk,dc=net
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Hosts
ldap passwd sync = Yes
ldap delete dn = Yes
add user script = /usr/sbin/smbldap-useradd -m "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
delete group script = /usr/sbin/smbldap-groupdel "%g"
logon path = \\%L\Profiles\%U
logon drive = H:
logon home = \\%L\%U
#logon script = %U.bat
logon script = logon.bat
domain master = Yes
domain logons = Yes
os level = 35
preferred master = Yes
idmap uid = 15000-20000
idmap gid = 15000-20000
passwd program = /usr/sbin/smbldap-passwd '%u'
unix password sync = Yes
passwd chat = "*New UNIX password*" %n\n "*Retype new UNIX password*"
%n\n "*updated successfully*"
enable privileges = yes
username map = /etc/samba/smbusers
wins support = Yes
..........
Thanks any suggest, I spent a week to test it. Don't work!!!
Regards
NyU |
