Markus Scharitzer
2011-Mar-23 12:53 UTC
[Samba] Issue with "change password" on windows dialog
Hi everybody! I am having an issue regarding my samba/pam configuration. I am trying to sync my unix/samba passwords, but everything i found online doesn't help. My System runs Gentoo/Samba 3.5.8 as PDC(roaming profiles host and so on) , and WinXP Clients. Domainjoin and Login work fine. But I want to change the Passwords from the Windows interface. When I try to change the password using the Windows "change password" dialog. I get an error saying that i don't have permissions to do so. It works fine from the Unixshell. Samba log looks like: [2011/03/23 12:06:05.149471, 2] auth/auth.c:304(check_ntlm_password) check_ntlm_password: authentication for user [xx] -> [xx] -> [xx] succeeded [2011/03/23 12:06:05.152839, 0] auth/pampass.c:699(smb_pam_chauthtok) PAM: User not known to PAM [2011/03/23 12:06:05.152863, 2] auth/pampass.c:77(smb_pam_error_handler) smb_pam_error_handler: PAM: Password Change Failed : User not known to the underlying authentication module [2011/03/23 12:06:05.152873, 0] auth/pampass.c:861(smb_pam_passchange) smb_pam_passchange: PAM: Password Change Failed for user xx! [2011/03/23 12:06:05.156622, 0] auth/pampass.c:699(smb_pam_chauthtok) PAM: User not known to PAM [2011/03/23 12:06:05.156637, 2] auth/pampass.c:77(smb_pam_error_handler) smb_pam_error_handler: PAM: Password Change Failed : User not known to the underlying authentication module [2011/03/23 12:06:05.156650, 0] auth/pampass.c:861(smb_pam_passchange) smb_pam_passchange: PAM: Password Change Failed for user xx! [2011/03/23 12:06:05.162118, 0] auth/pampass.c:699(smb_pam_chauthtok) PAM: User not known to PAM [2011/03/23 12:06:05.162133, 2] auth/pampass.c:77(smb_pam_error_handler) smb_pam_error_handler: PAM: Password Change Failed : User not known to the underlying authentication module [2011/03/23 12:06:05.162143, 0] auth/pampass.c:861(smb_pam_passchange) smb_pam_passchange: PAM: Password Change Failed for xx! [2011/03/23 12:06:05.165908, 0] auth/pampass.c:699(smb_pam_chauthtok) PAM: User not known to PAM [2011/03/23 12:06:05.165923, 2] auth/pampass.c:77(smb_pam_error_handler) smb_pam_error_handler: PAM: Password Change Failed : User not known to the underlying authentication module [2011/03/23 12:06:05.165932, 0] auth/pampass.c:861(smb_pam_passchange) smb_pam_passchange: PAM: Password Change Failed for user xx! my smb.conf looks like: unix password sync = yes pam password change = yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Re*ype*new*password* %n\n \ *passwd:*all*authentication*tokens*updated*successfully* my pam-files look like: samba: @include system-auth @include system-password auth required pam_smbpass.so nodelay account include system-auth session include system-auth password required pam_smbpass.so nodelay smbconf=/etc/samba/smb.conf system-auth auth required pam_env.so auth required pam_unix.so try_first_pass likeauth nullok auth optional pam_permit.so auth optional pam_smbpass.so migrate account required pam_unix.so account optional pam_permit.so password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password required pam_unix.so try_first_pass use_authtok nullok sha512 shadow password optional pam_permit.so password required pam_smbpass.so nullok use_authok try_first_pass session required pam_limits.so session required pam_env.so session required pam_unix.so session optional pam_permit.so system-password: password requisite pam_unix.so nullok obscure min=4 max=8 md5 password required pam_smbpass.so nullok try_first_pass Thanks kindly! Best regards,
TAKAHASHI Motonobu
2011-Mar-23 18:36 UTC
[Samba] Issue with "change password" on windows dialog
Your error is probably caused by the PAM setting. Set "debug" option to PAM modules and look at syslog files. Anyway, if you enable "pam password change = yes", both "passwd program" and "passwd chat" parameters will be ignored. --- TAKAHASHI Motonobu <monyo at samba.gr.jp> From: Markus Scharitzer <markus.scharitzer at gmail.com> Date: Wed, 23 Mar 2011 13:53:16 +0100 Hi everybody! I am having an issue regarding my samba/pam configuration. I am trying to sync my unix/samba passwords, but everything i found online doesn't help. My System runs Gentoo/Samba 3.5.8 as PDC(roaming profiles host and so on) , and WinXP Clients. Domainjoin and Login work fine. But I want to change the Passwords from the Windows interface. When I try to change the password using the Windows "change password" dialog. I get an error saying that i don't have permissions to do so. It works fine from the Unixshell. Samba log looks like: [2011/03/23 12:06:05.149471, 2] auth/auth.c:304(check_ntlm_password) check_ntlm_password: authentication for user [xx] -> [xx] -> [xx] succeeded [2011/03/23 12:06:05.152839, 0] auth/pampass.c:699(smb_pam_chauthtok) PAM: User not known to PAM [2011/03/23 12:06:05.152863, 2] auth/pampass.c:77(smb_pam_error_handler) smb_pam_error_handler: PAM: Password Change Failed : User not known to the underlying authentication module [2011/03/23 12:06:05.152873, 0] auth/pampass.c:861(smb_pam_passchange) smb_pam_passchange: PAM: Password Change Failed for user xx! [2011/03/23 12:06:05.156622, 0] auth/pampass.c:699(smb_pam_chauthtok) PAM: User not known to PAM [2011/03/23 12:06:05.156637, 2] auth/pampass.c:77(smb_pam_error_handler) smb_pam_error_handler: PAM: Password Change Failed : User not known to the underlying authentication module [2011/03/23 12:06:05.156650, 0] auth/pampass.c:861(smb_pam_passchange) smb_pam_passchange: PAM: Password Change Failed for user xx! [2011/03/23 12:06:05.162118, 0] auth/pampass.c:699(smb_pam_chauthtok) PAM: User not known to PAM [2011/03/23 12:06:05.162133, 2] auth/pampass.c:77(smb_pam_error_handler) smb_pam_error_handler: PAM: Password Change Failed : User not known to the underlying authentication module [2011/03/23 12:06:05.162143, 0] auth/pampass.c:861(smb_pam_passchange) smb_pam_passchange: PAM: Password Change Failed for xx! [2011/03/23 12:06:05.165908, 0] auth/pampass.c:699(smb_pam_chauthtok) PAM: User not known to PAM [2011/03/23 12:06:05.165923, 2] auth/pampass.c:77(smb_pam_error_handler) smb_pam_error_handler: PAM: Password Change Failed : User not known to the underlying authentication module [2011/03/23 12:06:05.165932, 0] auth/pampass.c:861(smb_pam_passchange) smb_pam_passchange: PAM: Password Change Failed for user xx! my smb.conf looks like: unix password sync = yes pam password change = yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Re*ype*new*password* %n\n \ *passwd:*all*authentication*tokens*updated*successfully* my pam-files look like: samba: @include system-auth @include system-password auth required pam_smbpass.so nodelay account include system-auth session include system-auth password required pam_smbpass.so nodelay smbconf=/etc/samba/smb.conf system-auth auth required pam_env.so auth required pam_unix.so try_first_pass likeauth nullok auth optional pam_permit.so auth optional pam_smbpass.so migrate account required pam_unix.so account optional pam_permit.so password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password required pam_unix.so try_first_pass use_authtok nullok sha512 shadow password optional pam_permit.so password required pam_smbpass.so nullok use_authok try_first_pass session required pam_limits.so session required pam_env.so session required pam_unix.so session optional pam_permit.so system-password: password requisite pam_unix.so nullok obscure min=4 max=8 md5 password required pam_smbpass.so nullok try_first_pass Thanks kindly! Best regards,