win客户端无法改samba PDC的密码？

coldcoffee

我的win客户端是用2003，可以登录到samba做的域中，但按Ctrl+Alt+Del后，没有办法更改密码：

smb.conf内容如下：
[global]
   workgroup = test.com
   netbios name = redhat
   server string = Samba PDC running %v

   encrypt passwords = yes
   smb passwd file = /etc/samba/smbpasswd
   ;hosts allow = 127.0.0.1 192.168.1.0/255.255.255.0
   ;interfaces = eth0

   log file = /var/log/samba/log.%m
   max log size = 50

   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   ;IPTOS_LOWDELAY
   security = user
   os level = 64
   local master = yes
   domain master = yes
   preferred master = yes
   domain logons = yes

   logon script = logon.bat
   logon home = \\%L\%U\.profile
   logon path = \\%L\profiles\%U
   logon drive = H:

   admin users = root

   encrypt passwords = yes
   bind interfaces only = Yes
   pam password change = Yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *New*Password* %n\n *Re-enter*new*password*%n\n *P assword*changed*
   unix password sync = No
   username map = /etc/samba/smbusers
[homes]
   comment = Home Directories
   browseable = no
   writeable = yes
[profiles]
   path = /home/samba/profiles
   writeable = yes
   browseable = yes
   guest ok = no
[netlogon]
   comment = Network Logon Service
   path = /home/samba/netlogon
   read only = yes
   browseable = no
   write list= root
   guest Ok = no

coldcoffee

没有人回答，顶一下。

cnyg

建议你把这几句注释掉
bind interfaces only = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*Password* %n\n *Re-enter*new*password*%n\n *P assword*changed*
unix password sync = No
username map = /etc/samba/smbusers

coldcoffee

Post by cnyg
建议你把这几句注释掉
bind interfaces only = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*Password* %n\n *Re-enter*new*password*%n\n *P assword*changed*
unix password sync = No
username map = /etc/samba/smbusers

谢谢，我试过了，还是不行呀。不知道问题出在哪里？

cnyg

你试试我的配置文件，因为我没有使用 2003 ，不过在 XP 下修改没有问题。

1. 
   
2. # This is the main Samba configuration file. You should read the
   
3. # smb.conf(5) manual page in order to understand the options listed
   
4. # here. Samba has a huge number of configurable options (perhaps too
   
5. # many!) most of which are not shown in this example
   
6. #
   
7. # Any line which starts with a ; (semi-colon) or a # (hash)
   
8. # is a comment and is ignored. In this example we will use a #
   
9. # for commentry and a ; for parts of the config file that you
   
10. # may wish to enable
    
11. #
    
12. # NOTE: Whenever you modify this file you should run the command "testparm"
    
13. # to check that you have not made any basic syntactic errors.
    
14. #
    
15. #======================= Global Settings =====================================
    
16. [global]
    
17. 
    
18. # 1. Server Naming Options:
    
19. # workgroup = NT-Domain-Name or Workgroup-Name
    
20.    workgroup = PDC
    
21. ;   workgroup = WORKGROUP
    
22. 
    
23. # netbios name is the name you will see in "Network Neighbourhood",
    
24. # but defaults to your hostname
    
25.   netbios name = SMBServer
    
26. ;  netbios name = <name_of_this_server>
    
27. 
    
28. # server string is the equivalent of the NT Description field
    
29.    server string = Samba Server de este lugar (%v)
    
30. ;   server string = Samba Server %v
    
31. 
    
32. # Message command is run by samba when a "popup" message is sent to it.
    
33. # The example below is for use with LinPopUp:
    
34. ; message command = /usr/bin/linpopup "%f" "%m" %s; rm %s
    
35. 
    
36. # 2. Printing Options:
    
37. # CHANGES TO ENABLE PRINTING ON ALL CUPS PRINTERS IN THE NETWORK
    
38. # if you want to automatically load your printer list rather
    
39. # than setting them up individually then you'll need this
    
40.    printcap name = cups
    
41.    load printers = yes
    
42. 
    
43. # It should not be necessary to spell out the print system type unless
    
44. # yours is non-standard. Currently supported print systems include:
    
45. # bsd, sysv, plp, lprng, aix, hpux, qnx, cups
    
46.    printing = cups
    
47. 
    
48. # Samba 3.x supports the Windows NT-style point-and-print feature. To
    
49. # use this, you need to be able to upload print drivers to the samba
    
50. # server. The printer admins (or root) may install drivers onto samba.
    
51. # Note that this feature uses the print$ share, so you will need to
    
52. # enable it below.
    
53. # printer admin = @<group> <user>
    
54.    printer admin = @adm
    
55. # This should work well for winbind:
    
56. ;   printer admin = @"Domain Admins"
    
57. 
    
58. # 3. Logging Options:
    
59. # this tells Samba to use a separate log file for each machine
    
60. # that connects
    
61.    log file = /var/log/samba3/log.%m
    
62. 
    
63. # Put a capping on the size of the log files (in Kb).
    
64.    max log size = 50
    
65. 
    
66. # Set the log (verbosity) level (0 <= log level <= 10)
    
67. log level = 2
    
68. ; log level = 3
    
69. 
    
70. # 4. Security and Domain Membership Options:
    
71. # This option is important for security. It allows you to restrict
    
72. # connections to machines which are on your local network. The
    
73. # following example restricts access to two C class networks and
    
74. # the "loopback" interface. For more examples of the syntax see
    
75. # the smb.conf man page. Do not enable this if (tcp/ip) name resolution does
    
76. # not work for all the hosts in your network.
    
77.    hosts allow = 192.168.1. 192.168.0. 127.0.0.1
    
78. ;   hosts allow = 192.168.1. 192.168.0. 127.0.0.1
    
79. ;   hosts allow = 192.168.1. 192.168.2. 127.
    
80. 
    
81. # Uncomment this if you want a guest account, you must add this to /etc/passwd
    
82. # otherwise the user "nobody" is used
    
83. ;  guest account = nobody
    
84. # Allow users to map to guest:
    
85.   map to guest = bad user
    
86. 
    
87. # Security mode. Most people will want user level security. See
    
88. # security_level.txt for details.
    
89.    security = user
    
90. # Use password server option only with security = server or security = domain
    
91. # When using security = domain, you should use password server = *
    
92. ;   password server = <NT-Server-Name>
    
93. ;   password server = *
    
94. 
    
95. # Password Level allows matching of _n_ characters of the password for
    
96. # all combinations of upper and lower case.
    
97. ;  password level = 8
    
98. ;  username level = 8
    
99. 
    
100. # You may wish to use password encryption. Please read
     
101. # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
     
102. # Do not enable this option unless you have read those documents
     
103. # Encrypted passwords are required for any use of samba in a Windows NT domain
     
104. # The smbpasswd file is only required by a server doing authentication, thus
     
105. # members of a domain do not need one.
     
106.   encrypt passwords = yes
     
107.   smb passwd file = /etc/samba/private/smbpasswd
     
108. ;  null passwords = yes
     
109. 
     
110. # The following are needed to allow password changing from Windows to
     
111. # also update the Linux system password.
     
112. # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
     
113. # NOTE2: You do NOT need these to allow workstations to change only
     
114. #        the encrypted SMB passwords. They allow the Unix password
     
115. #        to be kept in sync with the SMB password.
     
116. ;  unix password sync = Yes
     
117. # You either need to setup a passwd program and passwd chat, or
     
118. # enable pam password change
     
119. ;  pam password change = yes
     
120. ;  passwd program = /usr/bin/passwd %u
     
121. ;  passwd chat = *New*UNIX*password* %n\n *Re*ype*new*UNIX*password* %n\n \
     
122. ;*passwd:*all*authentication*tokens*updated*successfully*
     
123. 
     
124. # Unix users can map to different SMB User names
     
125.   username map = /etc/samba/smbusers
     
126. 
     
127. # Using the following line enables you to customise your configuration
     
128. # on a per machine basis. The %m gets replaced with the netbios name
     
129. # of the machine that is connecting
     
130. ;   include = /etc/samba/smb.conf.%m
     
131. 
     
132. # Options for using winbind. Winbind allows you to do all account and
     
133. # authentication from a Windows or samba domain controller, creating
     
134. # accounts on the fly, and maintaining a mapping of Windows RIDs to unix uid's
     
135. # and gid's. winbind uid and winbind gid are the only required parameters.
     
136. #
     
137. # winbind uid is the range of uid's winbind can use when mapping RIDs to uid's
     
138. ;  winbind uid = 10000-20000
     
139. #
     
140. # winbind gid is the range of uid's winbind can use when mapping RIDs to gid's
     
141. ;  winbind gid = 10000-20000
     
142. #
     
143. # winbind separator is the character a user must use between their domain
     
144. # name and username, defaults to ""
     
145. ;  winbind separator = +
     
146. #
     
147. # winbind use default domain allows you to have winbind return usernames
     
148. # in the form user instead of DOMAIN+user for the domain listed in the
     
149. # workgroup parameter.
     
150. ;  winbind use default domain = yes
     
151. #
     
152. # template homedir determines the home directory for winbind users, with
     
153. # %D expanding to their domain name and %U expanding to their username:
     
154. ;  template homedir = /home/%D/%U
     
155. 
     
156. # When using winbind, you may want to have samba create home directories
     
157. # on the fly for authenticated users. Ensure that /etc/pam.d/samba is
     
158. # using 'service=system-auth-winbind' in pam_stack modules, and then
     
159. # enable obedience of pam restrictions below:
     
160. ;  obey pam restrictions = yes
     
161. 
     
162. #
     
163. # template shell determines the shell users authenticated by winbind get
     
164. ;  template shell = /bin/bash
     
165. 
     
166. # 5. Browser Control and Networking Options:
     
167. # Most people will find that this option gives better performance.
     
168. # See speed.txt and the manual pages for details
     
169.    socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192
     
170. ;   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
     
171. 
     
172. # Configure Samba to use multiple interfaces
     
173. # If you have multiple network interfaces then you must list them
     
174. # here. See the man page for details.
     
175. ;   interfaces = 192.168.12.2/24 192.168.13.2/24
     
176. 
     
177. # Configure remote browse list synchronisation here
     
178. #  request announcement to, or browse list sync from:
     
179. #       a specific host or from / to a whole subnet (see below)
     
180. ;   remote browse sync = 192.168.3.25 192.168.5.255
     
181. # Cause this host to announce itself to local subnets here
     
182. ;   remote announce = 192.168.1.255 192.168.2.44
     
183. 
     
184. # set local master to no if you don't want Samba to become a master
     
185. # browser on your network. Otherwise the normal election rules apply
     
186.    local master = yes
     
187. ;   local master = no
     
188. 
     
189. # OS Level determines the precedence of this server in master browser
     
190. # elections. The default value should be reasonable
     
191.    os level = 64
     
192. ;   os level = 33
     
193. 
     
194. # Domain Master specifies Samba to be the Domain Master Browser. This
     
195. # allows Samba to collate browse lists between subnets. Don't use this
     
196. # if you already have a Windows NT domain controller doing this job
     
197.    domain master = yes
     
198. ;   domain master = yes
     
199. 
     
200. # Preferred Master causes Samba to force a local browser election on startup
     
201. # and gives it a slightly higher chance of winning the election
     
202.    preferred master = yes
     
203. ;   preferred master = yes
     
204. 
     
205. # 6. Domain Control Options:
     
206. # Enable this if you want Samba to be a domain logon server for
     
207. # Windows95 workstations or Primary Domain Controller for WinNT and Win2k
     
208.    domain logons = yes
     
209. ;   domain logons = yes
     
210. 
     
211. 
     
212. # if you enable domain logons then you may want a per-machine or
     
213. # per user logon script
     
214. # run a specific logon batch file per workstation (machine)
     
215. ;   logon script = %m.bat
     
216. # run a specific logon batch file per username
     
217.    logon script = %U.bat
     
218. ;   logon script = netlogon.bat
     
219. 
     
220. # Where to store roaming profiles for WinNT and Win2k
     
221. #        %L substitutes for this servers netbios name, %U is username
     
222. #        You must uncomment the [Profiles] share below
     
223.    logon path = \\%L\%U
     
224. ;   logon path = \\%L\Profiles\%U
     
225. 
     
226. # Where to store roaming profiles for Win9x. Be careful with this as it also
     
227. # impacts where Win2k finds it's /HOME share
     
228. logon home = \\%L\%U
     
229. ; logon home = \\%L\%U\.profile
     
230. 
     
231. # 登录驱动器
     
232. logon drive = M:
     
233. 
     
234. # The add user script is used by a domain member to add local user accounts
     
235. # that have been authenticated by the domain controller, or when adding
     
236. # users via the Windows NT Tools (ie User Manager for Domains).
     
237. 
     
238. # Scripts for file (passwd, smbpasswd) backend:
     
239. ; add user script = /usr/sbin/useradd -d /var/samba/home/'%u' -s /bin/false '%u'
     
240. ; delete user script = /usr/sbin/userdel '%s'
     
241. ; add user to group script = /usr/bin/gpasswd -a '%u' '%g'
     
242. ; delete user from group script = /usr/bin/gpasswd -d '%u' '%g'
     
243. ; set primary group script = /usr/sbin/usermod -g '%g' '%u'
     
244. ; add group script = /usr/sbin/groupadd %g && getent group '%g'|awk -F: '{print $3}'
     
245. ; delete group script = /usr/sbin/groupdel '%g'
     
246. 
     
247. # Scripts for LDAP backend (assumes nss_ldap is in use on the domain controller.
     
248. # Needs IDEALX scripts, and configuration in smbldap_conf.pm.
     
249. # This assumes you've installed the IDEALX scripts into /usr/share/samba/scripts...
     
250. ; add user script = /usr/share/samba/scripts/smbldap-useradd.pl '%u'
     
251. ; delete user script = /usr/share/samba/scripts/smbldap-userdel.pl '%u'
     
252. ; add user to group script = /usr/share/samba/scripts/smbldap-groupmod.pl -m '%u' '%g'
     
253. ; delete user from group script = /usr/share/samba/scripts/smbldap-groupmod.pl -x '%u' '%g'
     
254. ; set primary group script = /usr/share/samba/scripts/smbldap-usermod.pl -g '%g' '%u'
     
255. ; add group script = /usr/share/samba/scripts/smbldap-groupadd.pl '%g' && /usr/share/samba/scripts/smbldap-groupshow.pl %g|awk '/^gidNumber:/ {print $2}'
     
256. ; delete group script = /usr/share/samba/scripts/smbldap-userdel.pl '%g'
     
257. 
     
258. 
     
259. # The add machine script is use by a samba server configured as a domain
     
260. # controller to add local machine accounts when adding machines to the domain.
     
261. # The script must work from the command line when replacing the macros,
     
262. # or the operation will fail. Check that groups exist if forcing a group.
     
263. # Script for domain controller for adding machines:
     
264. ; add machine script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false -M %u
     
265. add machine script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false -M %u
     
266. # Script for domain controller with LDAP backend for adding machines (You need
     
267. # the IDEALX scripts, and to configure the smbldap_conf.pm first):
     
268. ; add machine script = /usr/share/samba/scripts/smbldap-useradd.pl -w -d /dev/null -g machines -c 'Machine Account' -s /bin/false %u
     
269. 
     
270. # Domain groups:
     
271. # Domain groups are now configured by using the 'net groupmap' tool
     
272. 
     
273. # Samba Password Database configuration:
     
274. # Samba now has runtime-configurable password database backends. Multiple
     
275. # passdb backends may be used, but users will only be added to the first one
     
276. # Default:
     
277. ; passdb backend = smbpasswd guest
     
278. # TDB backen with fallback to smbpasswd and guest
     
279. ; passdb backend = tdbsam smbpasswd guest
     
280. # LDAP with fallback to smbpasswd guest
     
281. # Enable SSL by using an ldaps url, or enable tls with 'ldap ssl' below.
     
282. ; passdb backend = ldapsam:ldaps://ldap.mydomain.com smbpasswd guest
     
283. # Use the samba2 LDAP schema:
     
284. ; passdb backend = ldapsam_compat:ldaps://ldap.mydomain.com smbpasswd guest
     
285. 
     
286. # idmap uid account range:
     
287. # This is a range of unix user-id's that samba will map non-unix RIDs to,
     
288. # such as when using Winbind
     
289. ; idmap uid = 10000-20000
     
290. ; idmap gid = 10000-20000
     
291.   
     
292. # LDAP configuration for Domain Controlling:
     
293. # The account (dn) that samba uses to access the LDAP server
     
294. # This account needs to have write access to the LDAP tree
     
295. # You will need to give samba the password for this dn, by
     
296. # running 'smbpasswd -w mypassword'
     
297. ; ldap admin dn = cn=root,dc=mydomain,dc=com
     
298. ; ldap ssl = start_tls
     
299. # start_tls should run on 389, but samba defaults incorrectly to 636
     
300. ; ldap port = 389
     
301. ; ldap suffix = dc=mydomain,dc=com
     
302. ; ldap server = ldap.mydomain.com
     
303. # Seperate suffixes are available for machines, users, groups, and idmap, if
     
304. # ldap suffix appears first, it is appended to the specific suffix.
     
305. # Example for a unix-ish directory layout:
     
306. ; ldap machine suffix = ou=Hosts
     
307. ; ldap user suffix = ou=People
     
308. ; ldap group suffix = ou=Group
     
309. ; ldap idmap suffix = ou=Idmap
     
310. # Example for AD-ish layout:
     
311. ; ldap machine suffix = cn=Computers
     
312. ; ldap user suffix = cn=Users
     
313. ; ldap group suffix = cn=Groups
     
314. ; ldap idmap suffix = cn=Idmap
     
315. 
     
316. 
     
317. # 7. Name Resolution Options:
     
318. # All NetBIOS names must be resolved to IP Addresses
     
319. # 'Name Resolve Order' allows the named resolution mechanism to be specified
     
320. # the default order is "host lmhosts wins bcast". "host" means use the unix
     
321. # system gethostbyname() function call that will use either /etc/hosts OR
     
322. # DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf
     
323. # and the /etc/resolv.conf file. "host" therefore is system configuration
     
324. # dependant. This parameter is most often of use to prevent DNS lookups
     
325. # in order to resolve NetBIOS names to IP Addresses. Use with care!
     
326. # The example below excludes use of name resolution for machines that are NOT
     
327. # on the local network segment
     
328. # - OR - are not deliberately to be known via lmhosts or via WINS.
     
329. ; name resolve order = wins lmhosts bcast
     
330. 
     
331. # Windows Internet Name Serving Support Section:
     
332. # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
     
333.    wins support = yes
     
334. ;   wins support = yes
     
335. 
     
336. # WINS Server - Tells the NMBD components of Samba to be a WINS Client
     
337. #       Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
     
338. ;   wins server = w.x.y.z
     
339. 
     
340. # WINS Proxy - Tells Samba to answer name resolution queries on
     
341. # behalf of a non WINS capable client, for this to work there must be
     
342. # at least one  WINS Server on the network. The default is NO.
     
343. ;   wins proxy = yes
     
344. 
     
345. # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
     
346. # via DNS nslookups. The built-in default for versions 1.9.17 is yes,
     
347. # this has been changed in version 1.9.18 to no.
     
348.    dns proxy = no
     
349. 
     
350. # 8. File Naming Options:
     
351. # Case Preservation can be handy - system default is _no_
     
352. # NOTE: These can be set on a per share basis
     
353. ;  preserve case = no
     
354. ;  short preserve case = no
     
355. # Default case is normally upper case for all DOS files
     
356. ;  default case = lower
     
357. # Be very careful with case sensitivity - it can break things!
     
358. ;  case sensitive = no
     
359. 
     
360. # Enabling internationalization:
     
361. # you can match a Windows code page with a UNIX character set.
     
362. # Windows: 437 (US), 737 (GREEK), 850 (Latin1 - Western European),
     
363. # 852 (Czech), 861 (???), 932 (Japanese),
     
364. # 936 (Simplified Chin.), 949 (Korean Hangul),
     
365. # 950 (Trad. Chin.).
     
366. # More detail about code page is in
     
367. # "http://www.microsoft.com/globaldev/reference/oslocversion.mspx"
     
368. # UNIX: ISO8859-1 (Western European), ISO8859-2 (Eastern Eu.),
     
369. # ISO8859-5 (Russian Cyrillic), KOI8-R (Alt-Russ. Cyril.)
     
370. # This is an example for french users:
     
371. ;   dos charset = 850
     
372. ;   unix charset = ISO8859-1
     
373.    dos charset = cp936
     
374.    unix charset = cp936
     
375.    display charset = cp936
     
376. 
     
377. # 作为时间服务器
     
378. time server = yes
     
379. 
     
380. # 设置连接被视为无效而断开前,未激活姿态的时间(Min),防止资源被无效连接耗费.
     
381. deadtime = 5
     
382. 
     
383. # 超级用户
     
384. admin users = root
     
385. 
     
386. # Windows 工作方式,只要文件被修改,其时间戳将随时更新.
     
387. dos filetimes = yes
     
388. 
     
389. # Samba 对文件生成时间作取整处理,计为下 1 秒,这也是 Windows 工作方式.
     
390. dos filetime resolution = yes
     
391. 
     
392. #============================ Share Definitions ==============================
     
393. [homes]
     
394. ;   comment = Home Directories
     
395.    comment = 存放这里的文件可以在任一台计算机用这个帐号登录访问。(读写属性：0700)
     
396.    path = /var/samba/home/%U
     
397. ;   root preexec = /var/samba/netlogon/mkdirscript.pl home %U %G
     
398.    root preexec = /var/samba/netlogon/mkdirscript.pl home %U %U %G 0700
     
399.    browseable = no
     
400.    writable = yes
     
401. # You can enable VFS recycle bin on a per share basis:
     
402. # Uncomment the next 2 lines (make sure you create a
     
403. # .recycle folder in the base of the share and ensure
     
404. # all users will have write access to it. See
     
405. # examples/VFS/recycle/REAME in the samba docs for details
     
406. ;   vfs object = /usr/lib/samba/vfs/recycle.so
     
407. 
     
408. # Un-comment the following and create the netlogon directory for Domain Logons
     
409. [netlogon]
     
410.    comment = Network Logon Service
     
411.    path = /var/samba/netlogon
     
412.    root preexec = /var/samba/netlogon/logonscript.pl %L %U %M %m %a
     
413.    root postexec = /var/samba/netlogon/logoutscript.pl %U
     
414.    read only =yes
     
415.    guest ok = yes
     
416.    browseable = no
     
417.    write list = root @adm @admin
     
418. ;   writable = no
     
419. 
     
420. # Un-comment the following to provide a specific roving profile share
     
421. # the default is to use the user's home directory
     
422. ;[Profiles]
     
423. ;;    path = /var/lib/samba/profiles
     
424. ;    path = /var/samba/profiles
     
425. ;    browseable = no
     
426. ;    writeable = yes
     
427. ;;    guest ok = yes
     
428. ;    create mask = 0600
     
429. ;    directory mask = 0700
     
430. # This script can be enabled to create profile directories on the fly
     
431. # You may want to turn off guest acces if you enable this, as it
     
432. # hasn't been thoroughly tested.
     
433. ;;root preexec = PROFILE=/var/lib/samba/profiles/%u; if [ ! -e $PROFILE ]; \
     
434. ;;                then mkdir -pm700 $PROFILE; chown %u:%g $PROFILE;fi
     
435. 
     
436. # NOTE: If you have a CUPS print system there is no need to
     
437. # specifically define each individual printer.
     
438. # You must configure the samba printers with the appropriate Windows
     
439. # drivers on your Windows clients. On the Samba server no filtering is
     
440. # done. If you wish that the server provides the driver and the clients
     
441. # send PostScript ("Generic PostScript Printer" under Windows), you have
     
442. # to swap the 'print command' line below with the commented one.
     
443. [printers]
     
444.    comment = All Printers
     
445.    path = /var/spool/samba
     
446.    browseable = no
     
447. # to allow user 'guest account' to print.
     
448.    guest ok = yes
     
449.    writable = no
     
450.    printable = yes
     
451.    create mode = 0700
     
452. # =====================================
     
453. # print command: see above for details.
     
454. # =====================================
     
455.    print command = lpr-cups -P %p -o raw %s -r   # using client side printer drivers.
     
456. ;   print command = lpr-cups -P %p %s # using cups own drivers (use generic PostScript on clients).
     
457. # The following two commands are the samba defaults for printing=cups
     
458. # change them only if you need different options:
     
459. ;   lpq command = lpq -P %p
     
460. ;   lprm command = cancel %p-%j
     
461. 
     
462. # This share is used for Windows NT-style point-and-print support.
     
463. # To be able to install drivers, you need to be either root, or listed
     
464. # in the printer admin parameter above. Note that you also need write access
     
465. # to the directory and share definition to be able to upload the drivers.
     
466. # For more information on this, please see the Printing Support Section of
     
467. # /usr/share/doc/samba-<version>/Samba-HOWTO-Collection.pdf
     
468. [print$]
     
469.    path = /var/lib/samba/printers
     
470.    browseable = yes
     
471.    read only = yes
     
472.    write list = root @adm @admin
     
473.    guest ok = yes
     
474. 
     
475. # This one is useful for people to share files
     
476. ;[tmp]
     
477. ;   comment = Temporary file space
     
478. ;   path = /tmp
     
479. ;   read only = no
     
480. ;   public = yes
     
481. 
     
482. # A publicly accessible directory, but read only, except for people in
     
483. # the "staff" group
     
484. ;[public]
     
485. ;   comment = Public Stuff
     
486. ;   path = /home/samba/public
     
487. ;   public = yes
     
488. ;   writable = no
     
489. ;   write list = @staff
     
490. # Audited directory through experimental VFS audit.so module:
     
491. # Uncomment next line.
     
492. ;   vfs object = /usr/lib/samba/vfs/audit.so
     
493. 
     
494. # Other examples.
     
495. #
     
496. # A private printer, usable only by Fred. Spool data will be placed in Fred's
     
497. # home directory. Note that fred must have write access to the spool directory,
     
498. # wherever it is.
     
499. ;[fredsprn]
     
500. ;   comment = Fred's Printer
     
501. ;   valid users = fred
     
502. ;   path = /homes/fred
     
503. ;   printer = freds_printer
     
504. ;   public = no
     
505. ;   writable = no
     
506. ;   printable = yes
     
507. 
     
508. # A private directory, usable only by Fred. Note that Fred requires write
     
509. # access to the directory.
     
510. ;[fredsdir]
     
511. ;   comment = Fred's Service
     
512. ;   path = /usr/somewhere/private
     
513. ;   valid users = fred
     
514. ;   public = no
     
515. ;   writable = yes
     
516. ;   printable = no
     
517. 
     
518. # a service which has a different directory for each machine that connects
     
519. # this allows you to tailor configurations to incoming machines. You could
     
520. # also use the %u option to tailor it by user name.
     
521. # The %m gets replaced with the machine name that is connecting.
     
522. ;[pchome]
     
523. ;  comment = PC Directories
     
524. ;  path = /usr/pc/%m
     
525. ;  public = no
     
526. ;  writable = yes
     
527. 
     
528. # A publicly accessible directory, read/write to all users. Note that all files
     
529. # created in the directory by users will be owned by the default user, so
     
530. # any user with access can delete any other user's files. Obviously this
     
531. # directory must be writable by the default user. Another user could of course
     
532. # be specified, in which case all files would be owned by that user instead.
     
533. ;[public]
     
534. ;   path = /usr/somewhere/else/public
     
535. ;   public = yes
     
536. ;   only guest = yes
     
537. ;   writable = yes
     
538. ;   printable = no
     
539. 
     
540. # The following two entries demonstrate how to share a directory so that two
     
541. # users can place files there that will be owned by the specific users. In this
     
542. # setup, the directory should be writable by both users and should have the
     
543. # sticky bit set on it to prevent abuse. Obviously this could be extended to
     
544. # as many users as required.
     
545. ;[myshare]
     
546. ;   comment = Mary's and Fred's stuff
     
547. ;   path = /usr/somewhere/shared
     
548. ;   valid users = mary fred
     
549. ;   public = no
     
550. ;   writable = yes
     
551. ;   printable = no
     
552. ;   create mask = 0765
     
553. 
     
554. [public]
     
555. ;[公共文档]
     
556.    comment = 如果你想把文件共享给大家，可以把它放在这里。(读写属性：0777)
     
557.    path = /var/samba/public
     
558.    public = yes
     
559.    writable = yes
     
560.    create mask = 0666
     
561.    directory mask = 0777
     
562.    printable = no
     
563. 
     
564. [software]
     
565. ;[软件仓库]
     
566.    comment = 在这里你可以找到大部分常用软件。(读写属性：0400)
     
567.    path = /var/samba/software
     
568.    public = yes
     
569.    write list = root @adm @admin
     
570.    create mask = 0660
     
571.    directory mask = 0770
     
572.    printable = no
     
573. 
     
574. [multimedia]
     
575. ;[多媒体]
     
576.    comment = MP3、Flash、电影、图片……(读写属性：0400)
     
577.    path = /var/samba/multimedia
     
578.    public = yes
     
579.    write list = root @adm @admin
     
580.    create mask = 0660
     
581.    directory mask = 0770
     
582.    printable = no
     
583. 
     
584. [group]
     
585. ;[我的工作组]
     
586.    comment = 如果你想把文件只提供给本工作组的人共享，请把文件放在这里。(读写属性：0770)
     
587.    path = /var/samba/group/%G
     
588. ;   root preexec = /var/samba/netlogon/mkdirscript.pl group %G
     
589.    root preexec = /var/samba/netlogon/mkdirscript.pl group %G root %G 0770
     
590.    browseable = yes
     
591.    public = no
     
592.    writable = yes
     
593.    create mode = 0660
     
594.    directory mode = 0770
     
595. 
     
596. [secret]
     
597.   comment = 本共享只有 "secret" 组才能访问。(读写属性：0770)
     
598.   path = /var/samba/secret
     
599.   valid users = @secret
     
600.   force group = secret
     
601.   browseable = yes
     
602.   writable = yes
     
603.   create mask = 0660
     
604.   directory mask = 0770
     
605. 
     
606. [pchome]
     
607. ;[电脑主目录]
     
608.   comment = 注意：只有你这台计算机才能访问这里的文件。(读写属性：0777)
     
609.   path = /var/samba/pchome/%m
     
610. ;  root preexec = /var/samba/netlogon/mkdirscript.pl pchome %m
     
611.   root preexec = /var/samba/netlogon/mkdirscript.pl pchome %m root root 0777
     
612.   browseable = yes
     
613.   public = no
     
614.   writable = yes
     
615.   create mode = 0666
     
616.   directory mode = 0777
     
617. 
     

复制代码

coldcoffee

我把配置文件改成你的，客户端还是不能改密码呀！！

coldcoffee

一直不成功，顶一下。

coldcoffee

再顶，再顶。