[Samba] Change AD user password from Linux
Masao Garcia
masaog at fshac.com
Wed Jan 20 12:22:43 MST 2010
Has anyone gotten Active Directory user passwords changed from a Linux
(Ubuntu 8.04) client? I used
https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto as a guide, so
I'm using Kerberos and Winbind (all apt-get). Samba version is 3.0.28a with
a Windows Sever 2008 R2 DC, but running AD 2003 native. The client box is
an LTSP box, and I'm able to ssh in with AD accounts. However, when I type
passwd I get the error message "passwd: Authentication token manipulation
error". In the auth.log file I get "pam_unix(passwd:chauthtok): user
"kmasters" does not exist in /etc/passwd". Is it possible my Samba version
is too old?
common-auth:
auth sufficient pam_krb5.so
auth required pam_unix.so nullok_secure use_first_pass
common-account:
account sufficient pam_winbind.so
account required pam_unix.so
common-session:
session required pam_mkhomedir.so umask=0022 skel=/etc/skel
common-password:
password sufficient pam_unix.so nullok md5 shadow
password sufficient pam_ldap.so use_first_pass
password required pam_deny.so
smb.conf:
[global]
workgroup = MYDOMAIN
realm = MYDOMAIN.COM
server string = %h server (Samba, Ubuntu)
security = ADS
map to guest = Bad User
obey pam restrictions = Yes
password server = dc1.mydomain.com
passdb backend = tdbsam
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
domain master = No
dns proxy = No
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
idmap uid = 10000-20000
idmap gid = 10000-20000
template homedir = /home/%U
template shell = /bin/bash
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
invalid users = root
More information about the samba
mailing list