Well all I assumed wrong....... The problem wasn't with PAM after all. I
made the following changes to my smb.conf file and the stangest thing
happens. The passwords are actually changed, however, an error still
appears on the windows client.
I added the following line under [global]
smb passwd = /usr/local/private/smbpasswd
I commented out the following lines under [global]
pam password change = yes
passwd chat debug = yes
I changed the following line under [global]
passwd program = /usr/local/bin/smbpasswd %u
If there are any ideas out there you help would be greatly appreciated.
Jeff Meyer
"Jeffrey R. Meyer" <jeffm@andersonlabs.com> wrote in message
news:aufr26$flr$1@main.gmane.org...> I having been trouble by this for a few days now and was wondering if
anyone> else has had any luck with this?
>
> I am currently running Samba 2.2.6pre2 on FreeBSD 4.7-RELEASE
> I have successfully set up samba to be the PDC
> I am unsuccessfully trying to change the passwords on the W2k box and I am
> recieving the error that the user name/password are incorrect make sure
the> caps lock is not on.
> When I check the logs on the BSD box the following appears:
>
> [2002/12/26 14:49:26, 0] passdb/pampass.c:smb_pam_chauthtok(697)
> PAM: Permission denied.
> [2002/12/26 14:49:26, 2] passdb/pampass.c:smb_pam_error_handler(71)
> smb_pam_error_handler: PAM: Password Change Failed : Permission denied
> [2002/12/26 14:49:26, 0] passdb/pampass.c:smb_pam_passchange(865)
> smb_pam_passchange: PAM: Password Change Failed for user root!
>
> I am making the uneducated assumption that my problem is not with samba
but> it is with PAM?
> If anyone could help me with this problem it would be greatly
appreciated!!!>
> Thanks,
>
> Jeff Meyer
>
> The smb.conf and pam.conf files that I am using are below.
>
> pam.conf
> login auth sufficient pam_skey.so
> login auth sufficient pam_opie.so
> no_fake_prompts
> #login auth required pam_opieaccess.so
> login auth requisite pam_cleartext_pass_ok.so
> #login auth sufficient pam_kerberosIV.so
> try_first_pass
> #login auth sufficient pam_krb5.so
> try_first_pass
> login auth required pam_unix.so
> try_first_pass
> login account required pam_unix.so
> login password required pam_permit.so
> login session required pam_permit.so
>
> # Same requirement for ftpd as login
> ftpd auth sufficient pam_skey.so
> ftpd auth sufficient pam_opie.so
> no_fake_prompts
> #ftpd auth required pam_opieaccess.so
> ftpd auth requisite pam_cleartext_pass_ok.so
> #ftpd auth sufficient pam_kerberosIV.so
> try_first_pass
> #ftpd auth sufficient pam_krb5.so
> try_first_pass
> ftpd auth required pam_unix.so
> try_first_pass
>
> # OpenSSH with PAM support requires similar modules. The session one is
> # a bit strange, though...
> sshd auth sufficient pam_skey.so
> sshd auth sufficient pam_opie.so
> no_fake_prompts
> #sshd auth required pam_opieaccess.so
> #sshd auth sufficient pam_kerberosIV.so
> try_first_pass
> #sshd auth sufficient pam_krb5.so
> try_first_pass
> sshd auth required pam_unix.so
> try_first_pass
> sshd account required pam_unix.so
> sshd password required pam_permit.so
> sshd session required pam_permit.so
>
> # "telnetd" is for SRA authenticated telnet only. Non-SRA uses
'login'
> telnetd auth required pam_unix.so
> try_first_pass
>
> # Don't break startx
> xserver auth required pam_permit.so
>
> # XDM is difficult; it fails or moans unless there are modules for each
> # of the four management groups; auth, account, session and password.
> xdm auth required pam_unix.so
> #xdm auth sufficient pam_kerberosIV.so
> try_first_pass
> #xdm auth sufficient pam_krb5.so
> try_first_pass
> xdm account required pam_unix.so
> try_first_pass
> xdm session required pam_deny.so
> xdm password required pam_deny.so
>
> # GDM (GNOME Display Manager)
> gdm auth required pam_unix.so
> #gdm auth sufficient pam_kerberosIV.so
> try_first_pass
> #gdm auth sufficient pam_krb5.so
> try_first_pass
> gdm account required pam_unix.so
> try_first_pass
> gdm session required pam_permit.so
> gdm password required pam_deny.so
>
> # Mail services
> imap auth required pam_unix.so
> try_first_pass
> pop3 auth required pam_unix.so
> try_first_pass
>
> # If we don't match anything else, default to using getpwnam().
> other auth sufficient pam_skey.so
> other auth required pam_unix.so
> try_first_pass
> other account required pam_unix.so
> try_first_pass
>
> samba auth required pam_unix.so
> try_first_pass
> samba account required pam_unix.so
> try_first_pass
>
>
> smb.conf
> # /usr/local/etc/smb.conf
> # samba configuration file
>
> [global]
> # basic server settings
> workgroup = labnet
> netbios name = pdcsrv1
> server string = Samba PDC running %v
> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192
> SO_RCVBUF=819
> 2
>
> # PDC and master browser settings
> os level = 64
> preferred master = yes
> local master = yes
> domain master = yes
>
> # security and logging settings
> security = user
> encrypt passwords = yes
> domain logons = yes
> log file = /var/log/samba/log.%m
> log level = 2
> max log size = 50
> # hosts allow = 127.0.0.1 192.168.0.0/255.255.255.0
>
> # user profiles and home directory
> # logon home = \\%L\home\%U\.profile
> # logon drive = H:
> # logon path = \\%L\profiles\%U
> logon home = ""
> logon path = ""
> logon script = netlogon.bat
>
> #sync UNIX passwords
> unix password sync = yes
> pam password change = yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password*
> %n\n *
> passwd: *all*authentication*tokens*updated*successfully*
> passwd chat debug = yes
> #===Shares==>
> [homes]
> comment = Home Directories
> browseable = no
> writable = yes
>
> #[profiles]
> # path = /home/samba/profiles
> # writeable = yes
> # browseable = no
> # create mask = 0600
> # directory mask = 0700
>
> [netlogon]
> path = /home/netlogon
> read only = yes
> write list = jeffm
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>