I'm trying to get Unix passwords to synchronize on my Red Hat Linux
server when users change their passwords in Windows '95. Everything is
working quite well, except under a few, key conditions.
When a user enters a password that's "too short", Samba
doesn't seem to
call the routines to change the unix password, but it does change the
Windows encrypted password. At this point the Unix and Windows
passwords are out of sync, but the user has no way of knowing it.
I know it's Samba that's skipping the Unix password change, because I
have "unix password sync = yes" in the config file, so the passwd
program is being called by root. When the passwd program I'm using is
called by root, it can set the password to anything with no
restrictions. Here's the log file with debugging set to 100:
---------------------------------------------------------------------------
Doing SamOEMChangePassword
get_smbpwd_entry: opening file /usr/local/samba/private/smbpasswd
get_smbpwd_entry: search by name: SCHMIA01
get_smbpwd_entry: found by name: schmia01
get_smbpwd_entry: returning passwd entry for user schmia01, uid 500
Password change for user: schmia01
Password Change: schmia01, New password is shorter than MINPASSWDLENGTH
mod_smbpwd_entry: opening file /usr/local/samba/private/smbpasswd
mod_smbpwd_entry: entry exists
---------------------------------------------------------------------------
If the password really is too short, I'd like to keep Samba from
changing the entry in smbpassword. I'd also like to have it tell the
user that the new password is too short. If there are any other tests
that Samba runs against the new password, I'd like them to be treated
the same way. Is is possible to configure or modify Samba to do this?
On a related note, I gave up trying to use Red Hat's "PAMified"
passwd.
I'm using the passwd program from Debian instead. According to the
debugging output that's new with 1.9.18p5, when I used Red Hat's passwd,
the last response buffer was only showing the success message maybe 1
out of every 9 or 10 password changes. Without a valid success message,
Samba wasn't changing the Unix password. Has anyone experienced this
particular problem?
-Alan
