Hi and happy New Year.
I test the integration of samba 3.0.10 on a fedora core 3 box in a Microsoft
Active Directory (Windows 2003) environment.
I already configure samba for the integration in the AD domain and it works fine
but I have a problem with the pam_winbind.
I can authenticate my AD domain users on the fedora box but I can?t change their
password with the passwd command.
For example, I can log with the "VDP\kalaghan" domain user but when I
try to
change his password with the passwd command, I?ve got the next error messages
in /var/log/messages:
Jan 3 14:55:01 fedogat pam_winbind[2869]: user 'VDP\kalaghan' granted
access
Jan 3 14:55:20 fedogat pam_winbind[2869]: request failed:
NT_STATUS_PASSWORD_RESTRICTION, PAM error was 4, NT error was
NT_STATUS_PASSWORD_RESTRICTION
Jan 3 14:55:20 fedogat pam_winbind[2869]: internal module error (retval = 4,
user = `VDP\kalaghan'
The password I?m using is more than eight characters and I?ve disabled the GPO
in AD which concerns the complexity of password.
My /etc/pam.d/system-auth file:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_winbind.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so
account sufficient /lib/security/$ISA/pam_winbind.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100
quiet
account required /lib/security/$ISA/pam_permit.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5
shadow
password sufficient /lib/security/$ISA/pam_winbind.so
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
If someone have an idea
Regards