Web lists-archives.com

Re: [Samba] Fwd: Unable to change passwords from Win XP Pro clients




Thank you Rowland!!

Sorry about my ignorance. I guess I tried many different things and
polluted the smb.conf file.

I've removed every single line  you mentioned off my smb.conf. Still the
problem persists:

MYDOMAIN\Administrator (S-1-5-21-1965676298-842383976-2353361141-500) is
changing password of user2@xxxxxxxxxxxxxxx

[2017/04/21 12:05:42.233899, 3]
../source4/smbd/service_stream.c:66(stream_terminate_connection)

Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED'

[2017/04/21 12:05:42.233940, 3]
../source4/smbd/process_single.c:114(single_terminate)

single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv() -
NT_STATUS_CONNECTION_DISCONNECTED]

[2017/04/21 12:05:45.687345, 2]
../source4/dsdb/repl/drepl_notify.c:199(dreplsrv_notify_op_callback)

dreplsrv_notify: DsReplicaSync successfuly sent to
375d3482-b7f4-49ae-839b-2ca6a2be9698._msdcs.MYDOMAIN.org.ar

[2017/04/21 12:05:46.691655, 2]
../source4/rpc_server/drsuapi/getncchanges.c:1428(getncchanges_collect_objects)

../source4/rpc_server/drsuapi/getncchanges.c:1428: getncchanges on
DC=MYDOMAIN,DC=org,DC=ar using filter (uSNChanged>=7425)

[2017/04/21 12:05:46.733142, 3]
../source4/rpc_server/drsuapi/getncchanges.c:2008(dcesrv_drsuapi_DsGetNCChanges)

UpdateRefs on getncchanges for 375d3482-b7f4-49ae-839b-2ca6a2be9698

[2017/04/21 12:05:46.734033, 2]
../source4/rpc_server/drsuapi/getncchanges.c:2115(dcesrv_drsuapi_DsGetNCChanges)

DsGetNCChanges with uSNChanged >= 7425 flags 0x00000074 on
<GUID=17a35154-99b3-44c6-8829-a5db4acf402c>;<SID=S-1-5-21-1965676298-842383976-2353361141>;DC=MYDOMAIN,DC=org,DC=ar


gave 1 objects (done 1/1) 0 links (done 0/0 (as
S-1-5-21-1965676298-842383976-2353361141-1105))


Same behavior: win7 clients work, win XP clients don't. Anything else I
should try?

thanks again,

EC

On Fri, Apr 21, 2017 at 11:30 AM, Rowland Penny via samba <
samba@xxxxxxxxxxxxxxx> wrote:

> On Fri, 21 Apr 2017 10:39:58 -0400
> Eleuterio Contracampo via samba <samba@xxxxxxxxxxxxxxx> wrote:
>
> > Hello everyone,
> >
> > First time with Samba 4.
> > I've got it running mostly (with Windows 7 clients, everything works
> > like a charm.), but I-m struggling with an issue that is driving me
> > nuts (spent countless hours trying out stuff and googleing without
> > luck):
> >
> > When users log in from Win XP Pro terminals, and are forced to change
> > initially assigned passwords, they get an error (1728: error in RCP
> > protocol) and cannot continue.
> >
> > **Some background about my setup:*
> > PDC: SERV5N
> > BDC: SERV6N
>
> You do not have a 'PDC' & 'BDC', you have two AD DCs
>
>
> > **My smb.conf (PDC):*
> >
> > # Global parameters
> >
> > [global]
>
> Remove this lot from smb.conf:
>
>     wins support = yes
>     security = user
>     os level = 65
>     domain logons = yes
>     preferred master = yes
>     domain master = yes
>     local master = yes
>     name resolve order = host wins lmhosts bcast
>     remote announce = 192.168.40.255
>     remote browse sync = 192.168.40.255
>     passdb backend = ldapsam:"ldap://127.0.0.1 ldap://192.168.40.213";
>     ldap suffix = dc=MYDOMAIN,dc=org,dc=ar
>     ldap user suffix = ou=users
>     ldap machine suffix = ou=machines
>     ldap group suffix = ou=groups
>     ldap admin dn = cn=admin,dc=MYDOMAIN,dc=org,dc=ar
>     ldap delete dn = no
>     acl:search = false
>     kerberos method = secrets only
>     vfs objects = fileid acl_xattr
>     map acl inherit = yes
>     store dos attributes = yes
>     ldap passwd sync = yes
>
> They are either default settings or have absolutely no place in an AD
> DC smb.conf. The 'ldap' lines should only be used on a ldap based Samba
> machine, not an AD DC, 'acl_xattr' is built into the samba binary.
> Finally 'ldap passwd sync' only makes sense when you want the local
> users passwords to sync with the users in ldap, only problem is, you
> cannot have a local user with the same name as an AD user.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba