thr3ads.net - samba - [Samba] tdbsam +Windows 2k/XP Change Password [Aug 2006]

If this information is useful, please help other people find it:
Share via:

net-warrior@softhome.net

2006-Aug-28 15:06 UTC

[Samba] tdbsam +Windows 2k/XP Change Password

Hi there guys. 

I've been able to set up a samba domain as a PDC using tdbsam
profiles seems to work fine, users can login to the domain and so on.
The problem that I found is that I do not know how to set it up
to allow users to change their password from the Windows Boxes.
The get, you have not permission to change you password. 

Allow me to post my configurtation and some loggin.. 

With  pam password change = yes 

check_ntlm_password:  authentication for user [decoder] -> [decoder] -> 
[decoder] succeeded
[2006/08/21 19:48:09, 0] lib/username.c:map_username(128)
 can't open username map /etc/samba/smbusers. Error No such file or 
directory
[2006/08/21 19:48:09, 0] auth/pampass.c:smb_pam_chauthtok(692)
 PAM: UNKNOWN PAM ERROR (19) for User: decoder
[2006/08/21 19:48:09, 2] auth/pampass.c:smb_pam_error_handler(73)
 smb_pam_error_handler: PAM: Password Change Failed : Conversation error
[2006/08/21 19:48:09, 0] auth/pampass.c:smb_pam_passchange(848)
 smb_pam_passchange: PAM: Password Change Failed for user decoder!
[2006/08/21 19:48:09, 0] lib/username.c:map_username(128)
 can't open username map /etc/samba/smbusers. Error No such file or 
directory
[2006/08/21 19:48:09, 0] auth/pampass.c:smb_pam_chauthtok(692)
 PAM: UNKNOWN PAM ERROR (19) for User: decoder
[2006/08/21 19:48:09, 2] auth/pampass.c:smb_pam_error_handler(73)
 smb_pam_error_handler: PAM: Password Change Failed : Conversation error
[2006/08/21 19:48:09, 0] auth/pampass.c:smb_pam_passchange(848)
 smb_pam_passchange: PAM: Password Change Failed for user decoder!
[2006/08/21 19:48:09, 0] lib/username.c:map_username(128)
 can't open username map /etc/samba/smbusers. Error No such file or 
directory
[2006/08/21 19:48:09, 0] auth/pampass.c:smb_pam_chauthtok(692)
 PAM: UNKNOWN PAM ERROR (19) for User: decoder
[2006/08/21 19:48:09, 2] auth/pampass.c:smb_pam_error_handler(73)
 smb_pam_error_handler: PAM: Password Change Failed : Conversation error
[2006/08/21 19:48:09, 0] auth/pampass.c:smb_pam_passchange(848)
 smb_pam_passchange: PAM: Password Change Failed for user decoder!
[2006/08/21 19:48:09, 0] lib/username.c:map_username(128)
 can't open username map /etc/samba/smbusers. Error No such file or 
directory
[2006/08/21 19:48:09, 0] auth/pampass.c:smb_pam_chauthtok(692)
 PAM: UNKNOWN PAM ERROR (19) for User: decoder
[2006/08/21 19:48:09, 2] auth/pampass.c:smb_pam_error_handler(73)
 smb_pam_error_handler: PAM: Password Change Failed : Conversation error
[2006/08/21 19:48:09, 0] auth/pampass.c:smb_pam_passchange(848)
 smb_pam_passchange: PAM: Password Change Failed for user decoder!
[2006/08/21 19:49:10, 0] printing/print_cups.c:cups_cache_reload(85) 

Without  pam password change = yes 

check_ntlm_password:  authentication for user [decoder] -> [decoder] -> 
[decoder] succeeded
[2006/08/21 19:50:19, 0] lib/username.c:map_username(128)
 can't open username map /etc/samba/smbusers. Error No such file or 
directory
[2006/08/21 19:50:21, 2] smbd/chgpasswd.c:expect(281)
 expect: Success
[2006/08/21 19:50:21, 0] lib/username.c:map_username(128)
 can't open username map /etc/samba/smbusers. Error No such file or 
directory
[2006/08/21 19:50:24, 2] smbd/chgpasswd.c:expect(281)
 expect: Success
[2006/08/21 19:50:24, 0] lib/username.c:map_username(128)
 can't open username map /etc/samba/smbusers. Error No such file or 
directory
[2006/08/21 19:50:26, 2] smbd/chgpasswd.c:expect(281)
 expect: Success
[2006/08/21 19:50:26, 0] lib/username.c:map_username(128)
 can't open username map /etc/samba/smbusers. Error No such file or 
directory
[2006/08/21 19:50:28, 2] smbd/chgpasswd.c:expect(281)
 expect: Success 


under /etc/pam.d/ the file samba contains:
@include common-auth
@include common-account
@include common-session 

common-auth
auth    required        pam_unix.so nullok_secure 

common-session
session required        pam_unix.so 

common-account
account required        pam_unix.so 

 


[global]
       # Nombre del servidor.
       workgroup = NETWARRIOR
       # Nombre  de la maquina.
       netbios name = SUSE10-SLESX64
       server string = MIEM PDC Server
       smb ports = 139
       printing = cups
       printcap name = cups
       printcap cache time = 750
       cups options = raw
       printer admin = @ntadmin, root, administrator
       username map = /etc/samba/smbusers
       map to guest = Never
       logon path = \\%L\profiles\%U
 logon home = \\%L\%U
       logon drive = P:
       logon script = netlogon\logon.bat
       interfaces = eth0, lo 

       # Si tiene mas de una interfase y una esta conectada a internet
       # le decimos que escuche y acepte peticiones solo en esta interfases.
       bind interfaces only = Yes 

       passdb backend = tdbsam
       pam password change = Yes
       passwd program = /usr/bin/passwd %u
       passwd chat = *Ingrese*Nueva*Clave* %n\n 
*Re-Ingrese*Nueva*Clave*%n\n*Clave*Modificada*
       ;username map = /etc/samba/smbusers
       unix password sync = Yes
       log file = /var/log/samba/%m
       log level = 2
       syslog = 0
       time server = Yes
       domain logons = Yes
       preferred master = Yes
        ;wins support = yes
       # Que no se logue root usamos admin users ;)
       invalid users = root
       admin users = decoder
       ;utmp = Yes
       map acl inherit = Yes
       ;veto files = /*.eml/*.nws/*.{*}/
       add user script = /usr/sbin/useradd -m '%u'
       delete user script = /usr/sbin/userdel -r '%u'
       add group script = /usr/sbin/groupadd '%g'
       delete group script = /usr/sbin/groupdel '%g'
       add user to group script = /usr/sbin/usermod -G '%g' '%u'
       add machine script = /usr/sbin/useradd -s /bin/false -d /tmp '%u'
       shutdown script = /var/lib/samba/scripts/shutdown.sh
       abort shutdown script = /sbin/shutdown -c 


[homes]
       comment = Home Directories
       valid users = @smbusers
       browseable = no
       read only = No
       inherit permissions = Yes 

[netlogon]
       comment = Network Logon Service
       path = /var/lib/samba/netlogon
       guest ok = Yes
       locking = No
  [profiles]
       comment = Network Profiles Service
       path = %H
       ;path = /home/samba/profiles
       browsable = No
       read only = No
       store dos attributes = Yes
       create mask = 0600
       directory mask = 0700
       valid users = @smbusers 

[printers]
       comment = All Printers
       path = /var/tmp
       printable = Yes
       create mask = 0600
       browseable = No 

[print$]
       comment = Printer Drivers
       path = /var/lib/samba/drivers
       write list = @ntadmin root
       force group = ntadmin
       create mask = 0664
       directory mask = 0775
       browsable = No 

Version:
Samba 3.0.14a-Debian 

pdbedit -Lv for user decoder
Unix username:        decoder
NT username:
Account Flags:        [U          ]
User SID:             S-1-5-21-2124705929-3829328788-1896619671-3000
Primary Group SID:    S-1-5-21-2124705929-3829328788-1896619671-3001
Full Name:            decoder,,,
Home Directory:       \\suse10-slesx64\decoder
HomeDir Drive:        P:
Logon Script:         netlogon\logon.bat
Profile Path:         \\suse10-slesx64\profiles\decoder
Domain:               DEBIAN
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          Tue, 19 Jan 2038 00:14:07 GMT
Kickoff time:         Tue, 19 Jan 2038 00:14:07 GMT
Password last set:    Mon, 21 Aug 2006 19:19:21 GMT
Password can change:  Mon, 21 Aug 2006 19:19:21 GMT
Password must change: Tue, 19 Jan 2038 00:14:07 GMT
Last bad password   : 0
Bad password count  : 0 


debian:/etc/samba# net groupmap list |sort
Account Operators (S-1-5-32-548) -> -1
Administrators (S-1-5-32-544) -> -1
Backup Operators (S-1-5-32-551) -> -1
Domain Admins (S-1-5-21-1640604796-2699206214-1263102184-512) -> -1
Domain Admins (S-1-5-21-2124705929-3829328788-1896619671-1001) -> root
Domain Admins (S-1-5-21-2124705929-3829328788-1896619671-512) -> -1
Domain Guests (S-1-5-21-1640604796-2699206214-1263102184-514) -> -1
Domain Guests (S-1-5-21-2124705929-3829328788-1896619671-3007) -> nobody
Domain Guests (S-1-5-21-2124705929-3829328788-1896619671-514) -> -1
Domain Users (S-1-5-21-1640604796-2699206214-1263102184-513) -> -1
Domain Users (S-1-5-21-2124705929-3829328788-1896619671-1201) -> users
Domain Users (S-1-5-21-2124705929-3829328788-1896619671-3003) -> smbusers
Domain Users (S-1-5-21-2124705929-3829328788-1896619671-513) -> -1
Guests (S-1-5-32-546) -> -1
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Replicators (S-1-5-32-552) -> -1
System Operators (S-1-5-32-549) -> -1
Users (S-1-5-32-545) -> -1 

 

Thanks in advance.. and sorry for my very basica question.

francisco F.

2006-Aug-29 07:09 UTC

head link

[Samba] tdbsam +Windows 2k/XP Change Password

El Lunes, 28 de Agosto de 2006 16:59, net-warrior@softhome.net
escribi?:> unix password sync = Yes
unix password sync = no

at the moment to my I work myself

Seemingly Similar Threads

Search for more possibly parallel threads

samba - Aug 2006 - tdbsam +Windows 2k/XP Change Password

[Samba] tdbsam +Windows 2k/XP Change Password

[Samba] tdbsam +Windows 2k/XP Change Password

Seemingly Similar Threads