Changing passwords from Windows 95 950 B
brianw.hall at compaq.com
Thu Mar 16 17:28:19 GMT 2000
OK, how about the reverse? IOW, how do I change the my network NT password from
Linux? When I try to use "smbpasswd -r" I get this error message after entering
the old and new passwords:
machine CXO-BRWSMSTR-1 rejected the password change: Error was : code 2221.
Failed to change password entry for BwHall
On 16-Mar-2000 Michael Ju. Tokarev wrote:
> I just verified this, as I last checked it about half year ago.
> And this is works fine. Go to control panel, choose passwords,
> click "change password" (and check "password for windows networking"),
> type old password and new one twice and - voila!, both passwords
> (in smbpasswd and shadow) are changed.
> I'm using encrypted passwords for this. My windows is 4.0.950 B (OSR2),
> also checked with 98 and 98 OSR1.
> Only two issues -- it can't enforce password restrictions as set up at my
> unix box (since passwd program run as root it disables all checks).
> And any mistake I made got a responce "invalid password", but _what_
> password is invalid, I don't know. For example, if I incorrectly enters
> old password, or chooses too short password for new one, in both this cases
> I get "invalid password" message.
> Relevant entries from my smb.conf (this is on Solaris 2.6):
> domain logons = yes
>#domain master = yes
> preferred master = yes
> local master = yes
> os level = 65
> encrypt passwords = yes
> null passwords = no
> passwd chat = "" "New password: " "%n\n" "*Re-enter new password:*" "%n\n"
> "*successfully changed*"
> passwd program = /usr/bin/passwd %u
> passwd chat debug = false
> unix password sync = true
> I already asked this, but:
> maybe anybody knows if it is possible to add some message exchange between
> samba and
> client machine when client is autentificating by samba, to enforce some
> restrictions (expiration, warnings about it, force user to change password,
> etc etc)
> and add some more explanation in "change password" dialog, so, for example,
> samba can
> use pam_cracklib (yes, PAMified) and so that user can see, for example, "New
> is a palindrome to new one" message from samba?
> The first thing (add some checks at auth stage) is a big difference from the
> (allow to see messages from, e.g. pam), and these are separate things.
> Richard Sharpe wrote:
>> I am having lots of problems changing passwords from a Win95 system. The
>> system is running 4.0.950 B.
>> The log files show that the sesssetupX failed, and I suspect that Win95 has
>> uppercased the oldpassword I supplied before doing the LMhash and then
>> generating the response to the challenge that Samba sent, tsk tsk.
>> Since this will take me some time to confirm, I wonder if anyone has seen
>> In anycase, the Win95 system continues on, issues the SamOEMChangePassword
>> LanMan API call, but because of the above problem, and the fact that the
>> SessSetupX above was against the IPC$ share, and Samba maps the request to
>> the guest account, when Samba tries to run the passwd command as root
>> (because I have unix passwd sync set tto true), it fails ...
>> Richard Sharpe, sharpe at ns.aus.com, Master Linux Administrator :-),
>> Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org)
>> Co-author, SAMS Teach Yourself Samba in 24 Hours
>> Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course
>> Author: First Australian 2-day, intensive, hands-on Samba course
More information about the samba-technical