Richard Duran
2003-Apr-14 22:50 UTC
[Samba] modifying password on W2K PDC from Linux (samba 2.2.7-4.8.0)
On May 1st, Chuck Sullivan posted the following: https://listman.redhat.com/pipermail/k12osn/2003-March/007755.html No mention was made of /etc/pam.d/passwd, which is what I think we need to set to enable a user to change their domain password. Our current settings are: /etc/pam.d/passwd: #%PAM-1.0 auth required /lib/security/pam_stack.so service=system-auth auth sufficient /lib/security/pam_winbind.so auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok account required /lib/security/pam_stack.so service=system-auth account sufficient /lib/security/pam_winbind.so password required /lib/security/pam_stack.so service=system-auth password sufficient /lib/security/pam_winbind.so /etc/pam.d/system-auth: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/pam_env.so #auth sufficient /lib/security/pam_winbind.so auth sufficient /lib/security/pam_unix.so likeauth nullok use_first_pass auth required /lib/security/pam_deny.so #account sufficient /lib/security/pam_winbind.so account required /lib/security/pam_unix.so password required /lib/security/pam_cracklib.so retry=3 typepassword sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow password required /lib/security/pam_deny.so session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so We've tried setting the control to required on the pam_winbind.so module, but no difference. The output I get when entering 'passwd "ntdomain\ntuser"' is: Changing password for user ntdomain\ntuser. Changing password for ntdomain\ntuser (current) NT password: passwd: Authentication token manipulation error Any ideas/suggestions/URLs? Regards, -richard duran