Changing passwords on both UNIX & SAMBA

Tue Jun 29 07:17:42 GMT 1999

When using encrypted passwords you don't have access to the %o variable
since it is the unencrypted original password that the client never sends.
To get around this passwd program is run as root eliminating the need for
the original passwd, so change your passwd chat to reflect what passwd says
when root runs it like "passwd <user>".

Jim Crilly
Management Science Associates

-----Original Message-----
From: samba-ntdom at samba.org [mailto:samba-ntdom at samba.org]On Behalf Of
Aaron Rainwater/CADC Co-op
Sent: Monday, June 28, 1999 9:48 PM
To: Multiple recipients of list
Subject: Changing passwords on both UNIX & SAMBA

Here's the parts of my smb.conf that I believe are pertinent:

-----------------------------------------
null passwords = true
security = user
unix password sync = True
encrypt passwords = yes
passwd program = /usr/bin/passwd
passwd chat = "*Enter login(NIS) password*" %o\n "*New password*" %n\n
"*Re-enter new password*" %n\n "*NIS passwd/attributes changed on*"
passwd chat debug = Yes
-----------------------------------------

I get this error when I run "testparm".  Is there a
'passwd chat' script that will allow me to use encrypted
passwords?

-----------------------------------------
ERROR: the 'passwd chat' script [*Enter login(NIS) password*" %o\n "*New
password*" %n\n "*Re-enter new password*" %n\n "*NIS passwd/attributes
changed on*] expects to use the old plaintext password via the %o
substitution. With encrypted passwords this is not possible.
-----------------------------------------

I suspect this is the problem for when I try to use smbpasswd to change
both the SMB password and the UNIX password.  Here's the output from my
smbpasswd session:

-----------------------------------------
>> smbpasswd -U $USER -r $SMB_SERVER -D 4
Old SMB password:
New SMB password:
Retype new SMB password:
resolve_name: Attempting lmhosts lookup for name cadc_smb1<0x20>
startlmhosts: Can't open lmhosts file /usr/local/samba/lib/lmhosts.
Error was No such file or directory
resolve_name: Attempting host lookup for name cadc_smb1<0x20>
Connecting to 157.95.15.60 at port 139
machine cadc_smb1 rejected the password change: Error was : The
specified password is invalid.
Failed to change password for aar
-----------------------------------------

The SMB password is changed successfully when I comment out
the following settings:

#unix password sync = True
#passwd program = /usr/bin/passwd
#passwd chat = "*Enter login(NIS) password*" %o\n "*New password*" %n\n
"*Re-enter new #password*" %n\n "*NIS passwd/attributes changed on*"
#passwd chat debug = Yes

I thought that I might be able to write a script that will change both
the UNIX and SMB passwords at the same time, but I don't know how to get
the UNIX "passwd" program to accept arguments from a script, which
"smbpasswd"
is supposed to be able to do.

--
Aaron Rainwater
CADC Co-op