smbpasswd does not work as normal user


After an upgrade to 42.3 from 13.1 smbpasswd rejets password changes if used by other user than root.

pruebas@tutatis:/etc/samba> smbpasswd
Old SMB password:
New SMB password:
Retype new SMB password:
SAMR connection to machine failed. Error was
NT_STATUS_ACCESS_DENIED, but LANMAN password changes are disabled

then I edited smb.conf, added

        client NTLMv2 auth = no 
        client lanman auth = yes

restarted samba

root@tutatis:/etc/samba> service smb restart ; service nmb restart ; service winbind restart

and the different error but I continue getting an error

pruebas@tutatis:/etc/samba> smbpasswd
Old SMB password:
New SMB password:
Retype new SMB password:
Could not connect to machine NT_STATUS_LOGON_FAILURE

any clues?


I am using the following smb.conf

# smb.conf is the main Samba configuration file. 
# You find a full commented version at 
# /usr/share/doc/packages/samba/examples/smb.conf.SUSE 
# if the samba-doc package is installed.
# Samba config file created using SWAT 
# from tutatis (
# Date: Thu Sep 12 12:19:02 CEST 2013

        workgroup = ELE
        passdb backend = tdbsam
        name resolve order = bcast host lmhosts wins
        server string = "My server"
        printing = cups
        printcap name = cups
        printcap cache time = 750
        cups options = raw
        use client driver = yes
        map to guest = Bad User
        local master = Yes
        os level = 65
        usershare allow guests = Yes
        usershare max shares = 100
        usershare owner only = False
        add machine script = /usr/sbin/useradd  -c Machine -d /dev/null -g nogroup -s /bin/false %m\$
        domain logons = Yes
        domain master = Yes
        preferred master = Yes
        security = user
        wins support = Yes
        passwd program = /usr/bin/passwd %u
        unix password sync = Yes
        logon path = \\%N\%U\profile
        logon drive = Z:
        netbios name = TUTATIS

        comment = Home Directories
        valid users = %S, %D%w%S
        browseable = No
        read only = No
        inherit acls = Yes

        comment = All Printers
        path = /var/tmp
        printable = Yes
        create mask = 0700
        browseable = No
        guest OK = Yes

        comment = Printer Drivers
        path = /var/lib/samba/drivers
        write list = @ntadmin root
        force group = ntadmin
        create mask = 0664
        directory mask = 0775

        comment = Network Logon Service
        path = /var/lib/samba/netlogon
        write list = root

And searching I found this

It’s old and it’s suppposed to be solved, but I tried to disable password sync… and it worked.
Now I can change password as a normal user with smbpassd… anyway password sync stopped working long time ago…