Kristian Rasmussen
2025-Aug-15 11:36 UTC
[Samba] pam-winbind: When trying to update a password, this return status indicates that the value provided as the current password is not correct.
On 15.08.2025 10:13, Rowland Penny via samba wrote:> > I am a bit confused about this email, first the subject mentions > updating a password and then in the text there is this: > > because no one tried to update a password!If you read the post carefully you'll see that the subject refers to the actual error message, while the post itself clarifies that the error occurs during a failed authentication unrelated to password changes.> But, hey ho, it doesn't really matter, because that error message is > not coming from Samba, it is coming from PAM, try reading the PAM man > page:The return code from PAM is PAM_AUTH_ERR, which is just a run-of-the-mill authentication failure. The exact text of this error message can be found in the Samba source code, specifically in libcli/util/ntstatus_err_table.txt. KR
Rowland Penny
2025-Aug-15 12:40 UTC
[Samba] pam-winbind: When trying to update a password, this return status indicates that the value provided as the current password is not correct.
On Fri, 15 Aug 2025 11:36:00 +0000 Kristian Rasmussen via samba <samba at lists.samba.org> wrote:> On 15.08.2025 10:13, Rowland Penny via samba wrote: > > > > I am a bit confused about this email, first the subject mentions > > updating a password and then in the text there is this: > > > > because no one tried to update a password! > > If you read the post carefully you'll see that the subject refers to > the actual error message, while the post itself clarifies that the > error occurs during a failed authentication unrelated to password > changes.I did read the post carefully and what is more I tried the command in the same way and got the same result, just without: When trying to update a password, this return status indicates that the value provided as the current password is not correct. between the password prompt and the error message.> > > But, hey ho, it doesn't really matter, because that error message is > > not coming from Samba, it is coming from PAM, try reading the PAM > > man page: > > The return code from PAM is PAM_AUTH_ERR, which is just a > run-of-the-mill authentication failure.The thing is, yes PAM is returning 'PAM_AUTH_ERR', but PAM is then turning it into 'Authentication failure' and returning it.> > The exact text of this error message can be found in the Samba source > code, specifically in libcli/util/ntstatus_err_table.txt.Where ? I cannot see 'Authentication failure' in that file, what I can see is STATUS_WRONG_PASSWORD with the text: When trying to update a password, this return status indicates that the value provided as the current password is not correct. However, from what I can find with a quick check is that Samba maps 'PAM_AUTH_ERR' to 'NT_STATUS_WRONG_PASSWORD', but the command shown in the initial post was what happens when you try to become another user and mistype the password, so, in essence, what is returned is correct (and initially comes from PAM), but could be better. I suggest that if anyone is really bothered about this, then they provide a patch to fix it. Rowland