stephane.purnelle@corman.be
2004-Jan-14 16:29 UTC
Réf. : [Samba] samba 2.2.8a PDC LDAP CTRL+ALT+DEL password change, not chaning Unix password
Hi, Why you sp?cifie : smb passwd file = /etc/samba/smbpasswd pam password change = Yes If you use LDAP ? It's the interaction between LDAP and these parameter which cause the problem. ----------------------------------- St?phane PURNELLE stephane.purnelle@corman.be Service Informatique Corman S.A. Tel : 00 32 087/342467 "Sundaram Ramasamy" <sun@percipia.com> Envoy? par : Pour : <dkrnic@lycos.com>, <Progman2000@usa.net> samba-bounces+stephane.purnelle=corman.be@lists cc : samba@lists.samba.org .samba.org Objet : [Samba] samba 2.2.8a PDC LDAP CTRL+ALT+DEL password change, not chaning Unix password 14/01/2004 16:01 Hi, I am running samba 2.2.8a with ldap PDC. From windows machine If I change password by process CTL+ALT+DEL key its changing only windows password. from command line smbldap-passwd.pl script changing the both UNIX and samba password. any idea why its not changing UNIX password? Thanks SR Here my smb.conf file encrypt passwords = Yes min passwd length = 5 null passwords = No password server smb passwd file = /etc/samba/smbpasswd pam password change = Yes passwd program = /usr/local/sbin/smbldap-passwd.pl %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n*passwd:*all*authentication*tokens*updated*successfully* passwd chat debug = Yes password level = 0 unix password sync = No machine password timeout = 604800 my smbldap-passwd.pl file ==================use FindBin; use FindBin qw($RealBin); use lib "$RealBin/"; use smbldap_tools; use smbldap_conf; my $user; my $oldpass; my $ret; my $arg; foreach $arg (@ARGV) { if ($< != 0) { die "Only root can specify parameters\n"; } else { if ( ($arg eq '-?') || ($arg eq '--help') ) { print "Usage: $0 [username]\n"; print " -?, --help show this help message\n"; exit (6); } elsif (substr($arg,0) ne '-') { $user = $arg; } $oldpass = 1; } } if (!defined($user)) { $user=$ENV{"USER"}; } # test existence of user in LDAP my $dn_line; if (!defined($dn_line = get_user_dn($user))) { print "$0: user $user doesn't exist\n"; exit (10); } my $dn = get_dn_from_line($dn_line); my $samba = is_samba_user($user); print "Changing password for $user\n"; # non-root user if (!defined($oldpass)) { # prompt for current password system "stty -echo"; print "(current) UNIX password: "; chomp($oldpass=<STDIN>); print "\n"; system "stty echo"; if (!is_user_valid($user, $dn, $oldpass)) { print "Authentication failure\n"; exit (10); } } # prompt for new password my $pass; my $pass2; system "stty -echo"; print "New password : "; chomp($pass=<STDIN>); print "\n"; system "stty echo"; system "stty -echo"; print "Retype new password : "; chomp($pass2=<STDIN>); print "\n"; system "stty echo"; if ($pass ne $pass2) { print "New passwords don't match!\n"; exit (10); } # only modify smb passwords if smb user if ($samba == 1) { if (!$with_smbpasswd) { # generate LanManager and NT clear text passwords if ($mk_ntpasswd eq '') { print "Either set \$with_smbpasswd = 1 or specify \$mk_ntpasswd\n"; exit(1); } my $ntpwd = `$mk_ntpasswd '$pass'`; chomp(my $lmpassword = substr($ntpwd, 0, index($ntpwd, ':'))); chomp(my $ntpassword = substr($ntpwd, index($ntpwd, ':')+1)); # change nt/lm passwords my $tmpldif "$dn_line changetype: modify replace: lmpassword lmpassword: $lmpassword - changetype: modify replace: ntpassword ntpassword: $ntpassword - "; die "$0: error while modifying password for $user\n" unless (do_ldapmodify($tmpldif) == 0); undef $tmpldif; } else { if ($< != 0) { my $FILE="|$smbpasswd -s >/dev/null"; open (FILE, $FILE) || die "$!\n"; print FILE <<EOF; '$oldpass' '$pass' '$pass' EOF ; close FILE; } else { my $FILE="|$smbpasswd $user -s >/dev/null"; open (FILE, $FILE) || die "$!\n"; print FILE <<EOF; '$pass' '$pass' EOF ; close FILE; } } } # change unix password $ret = system "$ldappasswd $dn -s '$pass' > /dev/null"; if ($ret == 0) { print "all authentication tokens updated successfully\n"; } else { return $ret; } exit 0; -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba