thr3ads.net - samba - Réf. : [Samba] samba 2.2.8a PDC LDAP CTRL+ALT+DEL password change, not chaning Unix password [Jan 2004]

If this information is useful, please help other people find it:
Share via:

stephane.purnelle@corman.be

2004-Jan-14 16:29 UTC

Réf. : [Samba] samba 2.2.8a PDC LDAP CTRL+ALT+DEL password change, not chaning Unix password

Hi,

Why you sp?cifie :

 smb passwd file = /etc/samba/smbpasswd
 pam password change = Yes

If you use LDAP ?
It's the interaction between  LDAP and these parameter which cause the
problem.

-----------------------------------
St?phane PURNELLE                         stephane.purnelle@corman.be
Service Informatique       Corman S.A.           Tel : 00 32 087/342467



                    "Sundaram Ramasamy" <sun@percipia.com>
                    Envoy? par :                                           Pour
:  <dkrnic@lycos.com>, <Progman2000@usa.net>
                    samba-bounces+stephane.purnelle=corman.be@lists        cc : 
samba@lists.samba.org
                    .samba.org                                             Objet
:      [Samba] samba 2.2.8a PDC LDAP CTRL+ALT+DEL password change,
                                                                           not
chaning Unix password

                    14/01/2004 16:01






Hi,

I am running samba 2.2.8a with ldap PDC. From windows machine If I change
password by process CTL+ALT+DEL key its changing only windows password.

from command line  smbldap-passwd.pl  script changing the both UNIX and
samba password.

any idea why its not changing UNIX password?

Thanks
SR

Here my smb.conf file

encrypt passwords = Yes
 min passwd length = 5
 null passwords = No
 password server  smb passwd file = /etc/samba/smbpasswd
 pam password change = Yes
 passwd program = /usr/local/sbin/smbldap-passwd.pl %u
 passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password*
%n\n*passwd:*all*authentication*tokens*updated*successfully*
 passwd chat debug = Yes
 password level = 0
 unix password sync = No
 machine password timeout = 604800

my smbldap-passwd.pl  file
==================use FindBin;
use FindBin qw($RealBin);
use lib "$RealBin/";

use smbldap_tools;
use smbldap_conf;

my $user;
my $oldpass;
my $ret;

my $arg;

foreach $arg (@ARGV) {
 if ($< != 0) {
  die "Only root can specify parameters\n";
 } else {
  if ( ($arg eq '-?') || ($arg eq '--help') ) {
   print "Usage: $0 [username]\n";
   print "  -?, --help   show this help message\n";
   exit (6);
  } elsif (substr($arg,0) ne '-')  {
   $user = $arg;
  }
  $oldpass = 1;
 }
}

if (!defined($user)) {
 $user=$ENV{"USER"};
}

# test existence of user in LDAP
my $dn_line;
if (!defined($dn_line = get_user_dn($user))) {
    print "$0: user $user doesn't exist\n";
    exit (10);
}

my $dn = get_dn_from_line($dn_line);

my $samba = is_samba_user($user);

print "Changing password for $user\n";

# non-root user
if (!defined($oldpass)) {
    # prompt for current password
 system "stty -echo";
 print "(current) UNIX password: ";
 chomp($oldpass=<STDIN>);
 print "\n";
 system "stty echo";

 if (!is_user_valid($user, $dn, $oldpass)) {
     print "Authentication failure\n";
     exit (10);
 }
}

# prompt for new password

my $pass;
my $pass2;

system "stty -echo";
print "New password : ";
chomp($pass=<STDIN>);
print "\n";
system "stty echo";

system "stty -echo";
print "Retype new password : ";
chomp($pass2=<STDIN>);
print "\n";
system "stty echo";

if ($pass ne $pass2) {
    print "New passwords don't match!\n";
    exit (10);
}

# only modify smb passwords if smb user
if ($samba == 1) {
    if (!$with_smbpasswd) {
# generate LanManager and NT clear text passwords
 if ($mk_ntpasswd eq '') {
     print "Either set \$with_smbpasswd = 1 or specify
\$mk_ntpasswd\n";
     exit(1);
 }
 my $ntpwd = `$mk_ntpasswd '$pass'`;
        chomp(my $lmpassword = substr($ntpwd, 0, index($ntpwd, ':')));
        chomp(my $ntpassword = substr($ntpwd, index($ntpwd, ':')+1));

# change nt/lm passwords
 my $tmpldif "$dn_line
changetype: modify
replace: lmpassword
lmpassword: $lmpassword
-
changetype: modify
replace: ntpassword
ntpassword: $ntpassword
-

";
 die "$0: error while modifying password for $user\n"
     unless (do_ldapmodify($tmpldif) == 0);
 undef $tmpldif;
    }
    else {
 if ($< != 0) {
     my $FILE="|$smbpasswd -s >/dev/null";
     open (FILE, $FILE) || die "$!\n";
     print FILE <<EOF;
'$oldpass'
'$pass'
'$pass'
EOF
    ;
     close FILE;
 } else {
     my $FILE="|$smbpasswd $user -s >/dev/null";
     open (FILE, $FILE) || die "$!\n";
     print FILE <<EOF;
'$pass'
'$pass'
EOF
    ;
     close FILE;
 }
    }
}
# change unix password
$ret = system "$ldappasswd $dn -s '$pass' > /dev/null";
if ($ret == 0) {
    print "all authentication tokens updated successfully\n";
} else {
    return $ret;
}

exit 0;

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Maybe Matching Threads

Search for more apparently analagous threads

samba - Jan 2004 - Réf. : samba 2.2.8a PDC LDAP CTRL+ALT+DEL password change, not chaning Unix password

Réf. : [Samba] samba 2.2.8a PDC LDAP CTRL+ALT+DEL password change, not chaning Unix password

Maybe Matching Threads

Wisdom of the Ancients