[Samba] Change AD user password from Linux
john
lists.john at gmail.com
Wed Jan 20 13:16:03 MST 2010
Hi Masao,
I have essentially the same setup as you (ltsp, AD, Winbind). My users
are able to change their passwords with the 'passwd' command.
Here's the contents of
/etc/pam.d/common-password file
password sufficient pam_winbind.so
password required pam_unix.so nullok obscure min=4 max=8 md5
Hth,
John
On Wed, Jan 20, 2010 at 11:22 AM, Masao Garcia <masaog at fshac.com> wrote:
> Has anyone gotten Active Directory user passwords changed from a Linux
> (Ubuntu 8.04) client? I used
> https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto as a guide, so
> I'm using Kerberos and Winbind (all apt-get). Samba version is 3.0.28a with
> a Windows Sever 2008 R2 DC, but running AD 2003 native. The client box is
> an LTSP box, and I'm able to ssh in with AD accounts. However, when I type
> passwd I get the error message "passwd: Authentication token manipulation
> error". In the auth.log file I get "pam_unix(passwd:chauthtok): user
> "kmasters" does not exist in /etc/passwd". Is it possible my Samba version
> is too old?
>
>
>
> common-auth:
>
> auth sufficient pam_krb5.so
>
> auth required pam_unix.so nullok_secure use_first_pass
>
>
>
> common-account:
>
> account sufficient pam_winbind.so
>
> account required pam_unix.so
>
>
>
> common-session:
>
> session required pam_mkhomedir.so umask=0022 skel=/etc/skel
>
>
>
> common-password:
>
> password sufficient pam_unix.so nullok md5 shadow
>
> password sufficient pam_ldap.so use_first_pass
>
> password required pam_deny.so
>
>
>
> smb.conf:
>
> [global]
>
> workgroup = MYDOMAIN
>
> realm = MYDOMAIN.COM
>
> server string = %h server (Samba, Ubuntu)
>
> security = ADS
>
> map to guest = Bad User
>
> obey pam restrictions = Yes
>
> password server = dc1.mydomain.com
>
> passdb backend = tdbsam
>
> pam password change = Yes
>
> passwd program = /usr/bin/passwd %u
>
> passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>
> unix password sync = Yes
>
> syslog = 0
>
> log file = /var/log/samba/log.%m
>
> max log size = 1000
>
> domain master = No
>
> dns proxy = No
>
> usershare allow guests = Yes
>
> panic action = /usr/share/samba/panic-action %d
>
> idmap uid = 10000-20000
>
> idmap gid = 10000-20000
>
> template homedir = /home/%U
>
> template shell = /bin/bash
>
> winbind separator = +
>
> winbind enum users = Yes
>
> winbind enum groups = Yes
>
> winbind use default domain = Yes
>
> invalid users = root
>
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list