Jeff Ballin
1998-Jun-30 06:08 UTC
smbpasswd fails to change both smb and UNIX passwds simultaneously
Hello everyone, I have not had luck with any of the documentation I have found....if the answer to my question lay out there, point me in the right direction and I will gladly RTFM. I am running RedHat 5.0 on an Alpha CPU based computer. Samba is at 1.9.18p8, compiled on this system with ALLOW_CHANGE_PASSWORD and PAM encryption enabled. I am able to log into the network and file share, etc. My problem is that I cannot get smbpasswd to change both the unix passwd file and the smbpasswd file simultaneously. If I set "unix password sync=no", smbpasswd (as a user) is able to change the smb password without a hitch. Using passwd directly changes the unix passwd file without problem. However, with "unix password sync=yes," I go through the passwd chat sequence, but fail every time with smbpasswd: machine 127.0.0.1 rejected the password change: Error was : The specified password is invalid. Below is a clip from the smb logfile at debug level 3. ======== 1998/06/30 01:14:18 Transaction 1 of length 168 switch message SMBnegprot (pid 2021) Requested protocol [PC NETWORK PROGRAM 1.0] Requested protocol [MICROSOFT NETWORKS 1.03] Requested protocol [MICROSOFT NETWORKS 3.0] Requested protocol [LANMAN1.0] Requested protocol [LM1.2X002] Requested protocol [Samba] Selected protocol NT LANMAN 1.0 1998/06/30 01:14:18 Transaction 2 of length 110 switch message SMBsesssetupX (pid 2021) Domain=[] NativeOS=[Unix] NativeLanMan=[Samba] sesssetupX:name=[HOLBROOK] adding home directory holbrook at /home/holbrook holbrook is in 2 groups 504 100 uid 503 registered to name holbrook Clearing default real name 1998/06/30 01:14:18 Transaction 3 of length 63 switch message SMBtconX (pid 2021) Trying username ipc$ ACCEPTED: validated uid ok as non-guest found free connection number 42 Connect path is /tmp chdir to /tmp chdir to /root 1998/06/30 01:14:18 ensemble (127.0.0.1) connect to service IPC$ as user holbrook (uid=503,gid=504) (pid 2021) 1998/06/30 01:14:18 tconX service=ipc$ user=holbrook cnum=42 1998/06/30 01:14:18 Transaction 4 of length 637 switch message SMBtrans (pid 2021) chdir to /tmp trans <\PIPE\LANMAN> data=532 params=25 setup=0 named pipe command on <LANMAN> name Got API command 214 of form <zsT> <B516B16> (tdscnt=532,tpscnt=25,mdrcnt=0,mprcnt=2) Doing SamOEMChangePassword api_SamOEMChangePassword: Change password for <holbrook> Password change for user: holbrook pty: try to open ptya0, line was /dev/ptyXX pty: try to open ptya1, line was /dev/ptya0 <--- why the shift in pty# ? pty: try to open ptya2, line was /dev/ptya1 pty: try to open ptya3, line was /dev/ptya2 pty: try to open ptya4, line was /dev/ptya3 pty: try to open ptya5, line was /dev/ptya4 pty: try to open ptya6, line was /dev/ptya5 pty: try to open ptya7, line was /dev/ptya6 pty: try to open ptya8, line was /dev/ptya7 pty: try to open ptya9, line was /dev/ptya8 pty: try to open ptyaa, line was /dev/ptya9 <snip> pty: try to open ptyza, line was /dev/ptyz9 pty: try to open ptyzb, line was /dev/ptyza pty: try to open ptyzc, line was /dev/ptyzb pty: try to open ptyzd, line was /dev/ptyzc pty: try to open ptyze, line was /dev/ptyzd pty: try to open ptyzf, line was /dev/ptyze Cannot Allocate pty for password change: holbrookend of file from client chdir to /root Closing connections 1998/06/30 01:14:18 ensemble (127.0.0.1) closed connection to service IPC$ Yielding connection to 42 IPC$ 1998/06/30 01:14:18 Server exit (normal exit) =============== Here is the relevant section of smb.conf: [global] smb passwd file= /etc/smbpasswd encrypt passwords= yes passwd chat= "*Enter OLD password*" %o\n "*Enter NEW password*" %n\n \ "*Reenter NEW password*" %n\n "*Password Changed*" passwd program= /usr/bin/passwd %u unix password sync= true passwd chat debug= yes printing = bsd printcap name = /etc/printcap load printers = yes ;debug level=3 guest account = guest log file = /var/log/samba-log.%m max log size = 50 ; case sensitive = yes short preserve case = yes preserve case = yes lock directory = /var/lock/samba locking = yes strict locking = yes share modes = yes security = user dead time= 15 socket options = TCP_NODELAY os level = 31 local master= yes preferred master= yes wins server = enthalpy.biochem.wisc.edu ======== Finally, here are the /etc/pam.d files for passwd and samba: /etc/pam.d/passwd #%PAM-1.0 auth required /lib/security/pam_pwdb.so shadow nullok account required /lib/security/pam_pwdb.so password required /lib/security/pam_cracklib.so retry=3 password required /lib/security/pam_pwdb.so use_authtok nullok =========== /etc/pam.d/samba auth required /lib/security/pam_pwdb.so nullok shadow account required /lib/security/pam_pwdb.so ---------- Thank you so much for your help. Regards, Jeff