[Samba] Change AD user password from Linux

john lists.john at gmail.com
Wed Jan 20 13:16:03 MST 2010 

Hi Masao,

I have essentially the same setup as you (ltsp, AD, Winbind). My users
are able to change their passwords with the 'passwd' command.

Here's the contents of

/etc/pam.d/common-password file

password        sufficient      pam_winbind.so
password   required   pam_unix.so nullok obscure min=4 max=8 md5

Hth,

John

On Wed, Jan 20, 2010 at 11:22 AM, Masao Garcia <masaog at fshac.com> wrote:
> Has anyone gotten Active Directory user passwords changed from a Linux
> (Ubuntu 8.04) client?  I used
> https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto as a guide, so
> I'm using Kerberos and Winbind (all apt-get).  Samba version is 3.0.28a with
> a Windows Sever 2008 R2 DC, but running AD 2003 native.  The client box is
> an LTSP box, and I'm able to ssh in with AD accounts.  However, when I type
> passwd I get the error message "passwd: Authentication token manipulation
> error".  In the auth.log file I get "pam_unix(passwd:chauthtok): user
> "kmasters" does not exist in /etc/passwd".  Is it possible my Samba version
> is too old?
>
>
>
> common-auth:
>
> auth    sufficient      pam_krb5.so
>
> auth    required        pam_unix.so nullok_secure use_first_pass
>
>
>
> common-account:
>
> account sufficient      pam_winbind.so
>
> account required        pam_unix.so
>
>
>
> common-session:
>
> session required        pam_mkhomedir.so umask=0022 skel=/etc/skel
>
>
>
> common-password:
>
> password   sufficient   pam_unix.so nullok md5 shadow
>
> password   sufficient   pam_ldap.so use_first_pass
>
> password   required     pam_deny.so
>
>
>
> smb.conf:
>
> [global]
>
>        workgroup = MYDOMAIN
>
>        realm = MYDOMAIN.COM
>
>        server string = %h server (Samba, Ubuntu)
>
>        security = ADS
>
>        map to guest = Bad User
>
>        obey pam restrictions = Yes
>
>        password server = dc1.mydomain.com
>
>        passdb backend = tdbsam
>
>        pam password change = Yes
>
>        passwd program = /usr/bin/passwd %u
>
>        passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>
>        unix password sync = Yes
>
>        syslog = 0
>
>        log file = /var/log/samba/log.%m
>
>        max log size = 1000
>
>        domain master = No
>
>        dns proxy = No
>
>        usershare allow guests = Yes
>
>        panic action = /usr/share/samba/panic-action %d
>
>        idmap uid = 10000-20000
>
>        idmap gid = 10000-20000
>
>        template homedir = /home/%U
>
>        template shell = /bin/bash
>
>        winbind separator = +
>
>        winbind enum users = Yes
>
>        winbind enum groups = Yes
>
>        winbind use default domain = Yes
>
>        invalid users = root
>
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list