Unix and Samba password sync

Benjamin Kuit bj at mcs.uts.edu.au
Wed Jun 23 11:53:01 GMT 1999 

> If I then put "Unix Password Synx = Yes" in smb.conf file this is the error
> that I get when I run "testparm":
> ERROR: the 'passwd chat' script [*old*password* %o\n *new*password* %n\n
> *new*password* %n\n *changed*] expects to use the old plaintext password
> via the %o substitution. With encrypted passwords this is not possible.

With the smb.conf option 'encryption' set to yes, you dont know what the
old password is because the old passwords are encrypted. The only
information available to you is the new password.

Samba sees that your password chat includes a reference to the old password,
ie %o, and also knows that it will not be able to obtain the old password.

With 'encryption=yes', you need a program to chat to that has the ability
to change someone's password without knowing what the old password was. 
Seeing as this program will be run as supa-usea should make it alittle
easier =)

You then got to change the 'password chat' parameter to the conversation
you plan with this program.

eg (similar to what we have)

password chat = *username* %u\n *password* %n\n *changed*

Another problem you might run up against, which I have had to deal with.
If you try and change your password from windows, and it seems that your
password program is being called and it finishes successfully, but
the workstation said password change failed, and your logs say something
like 'The process is no longer waiting', then you're the victom of a
signal race condition.

In short another process catches the signal from the program before
it can be caught more 'locally'.

I use this patch to get around the problem. I get the feeling you
might come up with the same problem as I do since I use solaris
aswell (Sparc though).

--- samba/source/smbd/chgpasswd.c.orig  Wed Jun 23 21:46:56 1999
+++ samba/source/smbd/chgpasswd.c       Wed Jun 23 21:47:48 1999
@@ -319,6 +319,7 @@
 
   /* we now have a pty */
   if (pid > 0){                        /* This is the parent process */
+    CatchSignal(SIGCLD, SIG_DFL );
     if ((chstat = talktochild(master, chatsequence)) == False) {
       DEBUG(3,("Child failed to change password: %s\n",name));
       kill(pid, SIGKILL); /* be sure to end this process */
@@ -329,6 +330,7 @@
       close(master);
       return(False);
     }
+    CatchChild();
 
     close(master);

Bj

+-------------------------------+--------------------------------------+
|      Benjamin (Bj) Kuit       |  Faculty of Mathematical             |
|      Systems Programmer       |          and Computing Sciences.     |
|      Phone: 02 9514 1841      |  University of Technology, Sydney    |
|      Mobile: 0412 182 972     |  bj at mcs.uts.edu.au                   |
+-------------------------------+--------------------------------------+

More information about the samba-ntdom mailing list