Changing passwords from Windows 95 950 B
Michael Ju. Tokarev
mjt at tls.msk.ru
Thu Mar 16 14:58:06 GMT 2000
I just verified this, as I last checked it about half year ago.
And this is works fine. Go to control panel, choose passwords,
click "change password" (and check "password for windows networking"),
type old password and new one twice and - voila!, both passwords
(in smbpasswd and shadow) are changed.
I'm using encrypted passwords for this. My windows is 4.0.950 B (OSR2),
also checked with 98 and 98 OSR1.
Only two issues -- it can't enforce password restrictions as set up at my
unix box (since passwd program run as root it disables all checks).
And any mistake I made got a responce "invalid password", but _what_
password is invalid, I don't know. For example, if I incorrectly enters
old password, or chooses too short password for new one, in both this cases
I get "invalid password" message.
Relevant entries from my smb.conf (this is on Solaris 2.6):
[global]
domain logons = yes
#domain master = yes
preferred master = yes
local master = yes
os level = 65
encrypt passwords = yes
null passwords = no
passwd chat = "" "New password: " "%n\n" "*Re-enter new password:*" "%n\n" "*successfully changed*"
passwd program = /usr/bin/passwd %u
passwd chat debug = false
unix password sync = true
I already asked this, but:
maybe anybody knows if it is possible to add some message exchange between samba and
client machine when client is autentificating by samba, to enforce some password-related
restrictions (expiration, warnings about it, force user to change password, etc etc)
and add some more explanation in "change password" dialog, so, for example, samba can
use pam_cracklib (yes, PAMified) and so that user can see, for example, "New password
is a palindrome to new one" message from samba?
The first thing (add some checks at auth stage) is a big difference from the second
(allow to see messages from, e.g. pam), and these are separate things.
Richard Sharpe wrote:
>
> Hi,
>
> I am having lots of problems changing passwords from a Win95 system. The
> system is running 4.0.950 B.
>
> The log files show that the sesssetupX failed, and I suspect that Win95 has
> uppercased the oldpassword I supplied before doing the LMhash and then
> generating the response to the challenge that Samba sent, tsk tsk.
>
> Since this will take me some time to confirm, I wonder if anyone has seen
> this.
>
> In anycase, the Win95 system continues on, issues the SamOEMChangePassword
> LanMan API call, but because of the above problem, and the fact that the
> SessSetupX above was against the IPC$ share, and Samba maps the request to
> the guest account, when Samba tries to run the passwd command as root
> (because I have unix passwd sync set tto true), it fails ...
>
> Regards
> -------
> Richard Sharpe, sharpe at ns.aus.com, Master Linux Administrator :-),
> Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org)
> Co-author, SAMS Teach Yourself Samba in 24 Hours
> Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course
> Author: First Australian 2-day, intensive, hands-on Samba course
More information about the samba-technical
mailing list