Hi On my Samba 3.0.1 w/ldapsam if clients (W9x) attempts to change their passwords, and it fails (because of too short password, for example) they receive message about wrong old password, not real cause of fail. It is bug or some misconfiguration? Marcin Snakowski
On Wed, 2004-01-21 at 19:57, Marcin Snakowski wrote:> Hi > > On my Samba 3.0.1 w/ldapsam if clients (W9x) attempts to change > their passwords, and it fails (because of too short password, for example) > they receive message about wrong old password, not real cause of fail. It > is bug or some misconfiguration?Correct - only NT clients actually get back a sensible error code. We could fix this, but as I lost my last win9x client long ago, and I would need to figure out the correct error mapping, I never fixed it. We would need a correct mapping of NTSTATUS -> RAP error codes. The rest is trivial. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20040122/4f7496f8/attachment-0001.bin
On Thu, Jan 22, 2004 at 02:57:04PM +1100, Andrew Bartlett wrote:> On Wed, 2004-01-21 at 19:57, Marcin Snakowski wrote: > > Hi > > > > On my Samba 3.0.1 w/ldapsam if clients (W9x) attempts to change > > their passwords, and it fails (because of too short password, for example) > > they receive message about wrong old password, not real cause of fail. It > > is bug or some misconfiguration? > > Correct - only NT clients actually get back a sensible error code. We > could fix this, but as I lost my last win9x client long ago, and I would > need to figure out the correct error mapping, I never fixed it. > > We would need a correct mapping of NTSTATUS -> RAP error codes. The > rest is trivial.I can give you a nice fresh Win9x vmware image :-). Jeremy.
On Wed, 2004-01-21 at 20:57, Andrew Bartlett wrote:> On Wed, 2004-01-21 at 19:57, Marcin Snakowski wrote: > > Hi > > > > On my Samba 3.0.1 w/ldapsam if clients (W9x) attempts to change > > their passwords, and it fails (because of too short password, for example) > > they receive message about wrong old password, not real cause of fail. It > > is bug or some misconfiguration? > > Correct - only NT clients actually get back a sensible error code. We > could fix this, but as I lost my last win9x client long ago, and I would > need to figure out the correct error mapping, I never fixed it. > > We would need a correct mapping of NTSTATUS -> RAP error codes. The > rest is trivial.---- speaking of this... I am about to start playing with passwords and changing passwords by Windows clients. Presently in my smb.conf I have passwd program = /usr/local/sbin/smbldap-passwd.pl %u # passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated* I commented out the passwd chat since I read that it can be a problem but I am gathering the problem is with Win95/98/ME and not NT/2K/XP clients Questions... 1 - is there a better way? (I am using ldapsam backend) 2 - is there a how-to on ldap/samba/pam password check/rulesets and integration? Thanks, Craig
On Thu, 2004-01-22 at 17:21, Craig White wrote:> I am about to start playing with passwords and changing passwords by > Windows clients. Presently in my smb.conf I have> 1 - is there a better way? (I am using ldapsam backend)ldap password sync is your friend. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20040122/83ebd086/attachment.bin