Hello, I am running Samba 2.2.3a-6 on a Debian(testing) machine. It is running as a PDC for 15 Win2K(SP2/3) systems. Everything runs beautifully except the users cannot change their passwds. When a user CTRL-ALT-DEL and change passwd they ultimately get a messages stating that the old passwd is incorrect.... If I log into a shell as a user on the system and invoke smbpasswd, It goes through all of the motions of asking for the old and new passwds, then it hangs for about 15-20 secs. While its hung, if I invoke `ps auxw | grep passwd` I see this: sc 1567 0.0 0.2 2840 1340 pts/1 S 22:46 0:00 smbpasswd -D10 root 1569 0.0 0.1 1720 712 pts/0 S 22:46 0:00 /usr/bin/passwd sc Everything looks good because I have "unix passwd sync = yes" and I see that the system passwd command is running as root(good) as well as the username is being passed to it. After the 15-20 sec wait smbpasswd eventually returns stating, "Password changed for user sc". The thing is that neither the samba or the system passwd is changed, and whats more, the system passwd command is still running in the background until I kill it manually. Has anyone seen this or know what is going on? Any help would be greatly appreciated. Below are my [global] settings. Thanks [global] add user script = /usr/sbin/useradd -g machines -c "NT Machine Account" domain master = Yes encrypt passwords = yes wins support = yes max log size = 1000 interfaces = 10.0.25.1/24 obey pam restrictions = yes large readwrite = yes security = user local master = yes username map = /etc/samba/smbusers passwd chat debug = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spas sword:* %n\n printing = lprng dns proxy = no logon path = \\%L\profiles\%U socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = /etc/printcap preferred master = yes logon script = %U.bat map to guest = Bad User domain admin group = @ntadmin ntadmin ; invalid users = root domain logons = Yes printer admin = @ntadmin @users unix password sync = True smb passwd file = /etc/samba/smbpasswd workgroup = UBSC0 server string = %h server (MTX v1.2-02) message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' & syslog = 1 log level = 2 log file = /var/log/samba/log.%m load printers = Yes guest account = nobody os level = 65 ; logon home = \\%L\profiles\%U logon home = \\%L\%U nt acl support = Yes
Ulrich Kohlhase
2003-Mar-23 17:52 UTC
[Samba] Desperate! passwd sync problem...please help!
> After the 15-20 sec wait smbpasswd eventually returns stating, > "Password changed for user sc". The thing is that neither the samba > or the system passwd is changed, and whats more, the system passwd > command is still running in the background until I kill it manually.Did you try to change the user's password in a linux terminal first? Please note that the Samba password change fails if the Linux password change failed before. This is by design and documented in the "passwd program" section of the smb.conf doc.> obey pam restrictions = yesDo you have any PAM restrictions on password length or password quality set? We don't have Samba's PAM support enabled and I'm no PAM expert either but this may be worth looking at.> passwd chat debug = yes > passwd program = /usr/bin/passwd %u > passwd chat = *Enter\snew\sUNIX\spassword:* %n\n > *Retype\snew\sUNIX\spassword:* %n\nDoes the "passwd chat" string *exactly* match the messages you get when changing a password on the console? You have "passwd chat debug" enabled, so what does the logging output show you? If you still can't get the password sync working, you could use a wrapper script to do the Linux password synchronisation. We use this small Perl script to do the pass change and some logging (see the comments and necessary changes): -------------------------------- #!/usr/bin/perl # # in smb.conf: # encrypt passwords = Yes # passwd program = /path/to/samba/scripts/chgpasswd.pl %u %n # passwd chat = . # unix password sync = Yes # # touch /path/to/samba/logs/log.pass # # in /path/to/samba/source/smbd/chgpasswd.c: # after the line 'pstring_sub(passwordprogram, "%u", name);' # append # pstring_sub(passwordprogram, "%n", newpass); # use Time::localtime; ($username, $newpass) = @ARGV; # Change the Linux password and do some logging: my $tm = localtime(); $datestring = sprintf "%02d.%02d.%04d",$tm->mday, $tm->mon + 1, $tm->year + 1900; $logdateiname = sprintf ">>/path/to/samba/logs/pass.log"; # change password in /etc/shadow without interaction: $cmdtext = sprintf "echo %s:%s | /usr/sbin/chpasswd", $username, $newpass; system($cmdtext); $logtext = sprintf "User \"%s\" password changed",$username; open (logfile, $logdateiname); printf logfile "%s - %02d:%02d:%02d : %s \n", $datestring, $tm->hour, $tm->min, $tm->sec, $logtext; close logfile; # change NIS DB # $cmdtext = sprintf "make -C /var/yp >> /dev/null"; # system($cmdtext); ------------------------------------- Good luck, Uli
Reasonably Related Threads
- root prexec/postexec & login scripts
- passwords for NT and AIX
- [LLVMdev] A way to write new pass by keeping source and build directories separate
- [LLVMdev] A way to write new pass by keeping source and build directories separate
- ldap passwd sync old password