Hi group, I can't seem to get passwd change from windows to work. I am running samba 3.0.20-3.1.20060mdk installed from rpms on Mandriva 2006; the clients are windows XP sp2. When I try to change passwd from windows I get "You do not have permission to change your password". What am I doing wrong? My global smb.conf is below.>From log.smbd I think this error pertains to the windows error:[2006/10/02 15:25:00, 3] smbd/chgpasswd.c:chgpasswd(457) chgpasswd: Password change (as_root=Yes) for user: foo PAM: unable to obtain the new authentication token - is password to weak? This is while using a new passwd of 9 random letters/numbers. Any suggestions welcome, thanks in advance ======================================================= dos charset = 850 unix charset = ISO8859-1 workgroup = DELTAGRADING server string = %h server (Samba, Mandrake) passdb backend = tdbsam pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew \sUNIX\spassword:* %n\n . passwd chat debug = Yes username map = /etc/samba/smbusers unix password sync = Yes log level = 3 name resolve order = wins bcast hosts time server = Yes printcap name = CUPS add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u logon script = scripts\%U.bat logon path logon drive = H: domain logons = Yes os level = 128 preferred master = Yes domain master = Yes wins support = Yes ldap passwd sync = Yes idmap uid = 15000-20000 idmap gid = 15000-20000
Felipe Augusto van de Wiel
2006-Oct-05 13:57 UTC
[Samba] change passwd from windows--more grief
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/02/2006 07:50 PM, Steve Glasser escreveu:> Hi group, > > I can't seem to get passwd change from windows to work. I am running > samba 3.0.20-3.1.20060mdk installed from rpms on Mandriva 2006; the > clients are windows XP sp2. When I try to change passwd from windows I > get "You do not have permission to change your password". > > What am I doing wrong?I saw that you are using "pam password change", are you aware of [1]how it works? 1.http://lists.samba.org/archive/samba/2002-November/055729.html> My global smb.conf is below. >>From log.smbd I think this error pertains to the windows error: > > [2006/10/02 15:25:00, 3] smbd/chgpasswd.c:chgpasswd(457) > chgpasswd: Password change (as_root=Yes) for user: foo > PAM: unable to obtain the new authentication token - is password to > weak?It looks like something related with your pam options. The manpage says that usually no change is needed in the passwd chat, but maybe you found a corner case. ;) Does it works with you turn off the 'pam password change' paramenter in smb.conf?> This is while using a new passwd of 9 random letters/numbers. > Any suggestions welcome, thanks in advance > =======================================================> > > dos charset = 850 > unix charset = ISO8859-1 > workgroup = DELTAGRADING > server string = %h server (Samba, Mandrake) > passdb backend = tdbsam > pam password change = Yes > passwd program = /usr/bin/passwd %u > passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew > \sUNIX\spassword:* %n\n . > passwd chat debug = Yes > username map = /etc/samba/smbusers > unix password sync = Yes > log level = 3 > name resolve order = wins bcast hosts > time server = Yes > printcap name = CUPS > add user script = /usr/sbin/useradd -m %u > delete user script = /usr/sbin/userdel -r %u > add group script = /usr/sbin/groupadd %g > delete group script = /usr/sbin/groupdel %g > add user to group script = /usr/sbin/usermod -G %g %u > add machine script = /usr/sbin/useradd -s /bin/false > -d /dev/null %u > logon script = scripts\%U.bat > logon path > logon drive = H: > domain logons = Yes > os level = 128 > preferred master = Yes > domain master = Yes > wins support = Yes > ldap passwd sync = Yes > idmap uid = 15000-20000 > idmap gid = 15000-20000I don't know if it has an impact, but you don't need 'ldap passwd sync' if you are not using LDAP, and looks like you are not using it. Kind regards, - -- Felipe Augusto van de Wiel <felipe@paranacidade.org.br> Coordenadoria de Tecnologia da Informa??o (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFJQ9UCj65ZxU4gPQRAnoeAKCMdmVkHvIUX2WaR7RR7OO4VAiFkACfW9SC 3itThn6cPZc4pUkjU17By94=a6Jh -----END PGP SIGNATURE-----