samba - Mar 2003 - Desperate! passwd sync problem...please help!

Hello,

I am running Samba 2.2.3a-6 on a Debian(testing) machine.

It is running as a PDC for 15 Win2K(SP2/3) systems. Everything runs
beautifully except the users cannot change their passwds. When a user
CTRL-ALT-DEL and change passwd they ultimately get a messages stating that
the old passwd is incorrect....

If I log into a shell as a user on the system and invoke smbpasswd, It
goes through all of the motions of asking for the old and new passwds,
then it hangs for about 15-20 secs.  While its hung, if I invoke `ps auxw
| grep passwd` I see this:

sc    1567  0.0  0.2  2840 1340 pts/1  S  22:46  0:00 smbpasswd -D10 root 
1569  0.0  0.1  1720  712 pts/0  S  22:46  0:00 /usr/bin/passwd sc

Everything looks good because I have "unix passwd sync = yes" and I
see
that the system passwd command is running as root(good) as well as the
username is being passed to it.

After the 15-20 sec wait smbpasswd eventually returns stating, "Password
changed for user sc". The thing is that neither the samba or the system
passwd is changed, and whats more, the system passwd command is still
running in the background until I kill it manually.

Has anyone seen this or know what is going on?

Any help would be greatly appreciated. Below are my [global] settings.

Thanks


[global]
        add user script = /usr/sbin/useradd -g machines -c "NT Machine
Account"
        domain master = Yes
        encrypt passwords = yes
        wins support = yes
        max log size = 1000
        interfaces = 10.0.25.1/24
        obey pam restrictions = yes
        large readwrite = yes
        security = user
        local master = yes
        username map = /etc/samba/smbusers
        passwd chat debug = yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spas
sword:* %n\n

        printing = lprng
        dns proxy = no
        logon path = \\%L\profiles\%U
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = /etc/printcap
        preferred master = yes
        logon script = %U.bat
        map to guest = Bad User
        domain admin group = @ntadmin ntadmin
;       invalid users = root
        domain logons = Yes
        printer admin = @ntadmin @users
        unix password sync = True
        smb passwd file = /etc/samba/smbpasswd
        workgroup = UBSC0
        server string = %h server (MTX v1.2-02)
        message command = /bin/sh -c '/usr/bin/linpopup "%f"
"%m" %s; rm
%s' &
        syslog = 1
        log level = 2
        log file = /var/log/samba/log.%m
        load printers = Yes
        guest account = nobody
        os level = 65
;       logon home = \\%L\profiles\%U
        logon home = \\%L\%U
        nt acl support = Yes

> After the 15-20 sec wait smbpasswd eventually returns stating,
> "Password changed for user sc". The thing is that neither the
samba
> or the system passwd is changed, and whats more, the system passwd
> command is still running in the background until I kill it manually.
Did you try to change the user's password in a linux terminal first? Please
note that the Samba password change fails if the Linux password change
failed before. This is by design and documented in the "passwd
program"
section of the smb.conf doc.
> obey pam restrictions = yes
Do you have any PAM restrictions on password length or password quality set?
We don't have Samba's PAM support enabled and I'm no PAM expert
either but
this may be worth looking at.
>         passwd chat debug = yes
>         passwd program = /usr/bin/passwd %u
>         passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
> *Retype\snew\sUNIX\spassword:* %n\n
Does the "passwd chat" string *exactly* match the messages you get
when
changing a password on the console? You have "passwd chat debug"
enabled, so
what does the logging output show you?

If you still can't get the password sync working, you could use a wrapper
script to do the Linux password synchronisation. We use this small Perl
script to do the pass change and some logging (see the comments and
necessary changes):

--------------------------------
#!/usr/bin/perl
#
# in smb.conf:
#       encrypt passwords = Yes
#       passwd program = /path/to/samba/scripts/chgpasswd.pl %u %n
#       passwd chat = .
#       unix password sync = Yes
#
# touch /path/to/samba/logs/log.pass
#
# in /path/to/samba/source/smbd/chgpasswd.c:
#       after the line 'pstring_sub(passwordprogram, "%u",
name);'
#       append
#       pstring_sub(passwordprogram, "%n", newpass);
#
use Time::localtime;

($username, $newpass) = @ARGV;

# Change the Linux password and do some logging:
my $tm = localtime();
$datestring = sprintf "%02d.%02d.%04d",$tm->mday, $tm->mon + 1,
$tm->year +
1900;
$logdateiname = sprintf ">>/path/to/samba/logs/pass.log";

# change password in /etc/shadow without interaction:
        $cmdtext = sprintf "echo %s:%s | /usr/sbin/chpasswd",
$username,
$newpass;
        system($cmdtext);
        $logtext = sprintf "User \"%s\" password
changed",$username;
        open (logfile, $logdateiname);
        printf logfile  "%s - %02d:%02d:%02d : %s \n", $datestring,
$tm->hour, $tm->min, $tm->sec, $logtext;
        close logfile;

# change NIS DB
#       $cmdtext = sprintf "make -C /var/yp >> /dev/null";
#       system($cmdtext);
-------------------------------------


Good luck,
Uli