pam_winbind change password problem

Mon Nov 15 09:11:33 MST 2010

Hi *,
  I have a problem in changing user passwords with pam_winbind.

the samba server joined a samba domain (samba+ldap PDC),
user authentication through ldap, getent passwd, wbinfo -u & co. works
perfectly, but when I try to change a password, in my log I find:

Nov 15 17:03:20 ltsp-1 passwd[25438]: pam_winbind(passwd:chauthtok):
[pamh: 0x8d4e170] ENTER: pam_sm_chauthtok (flags: 0x4000)
Nov 15 17:03:20 ltsp-1 passwd[25438]: pam_winbind(passwd:chauthtok):
username [ssasso] obtained
Nov 15 17:03:20 ltsp-1 passwd[25438]: pam_winbind(passwd:chauthtok):
valid_user: wbcGetpwnam gave WBC_ERR_DOMAIN_NOT_FOUND
Nov 15 17:03:20 ltsp-1 passwd[25438]: pam_winbind(passwd:chauthtok):
[pamh: 0x8d4e170] LEAVE: pam_sm_chauthtok returning 4 (PAM_SYSTEM_ERR)
Nov 15 17:03:20 ltsp-1 passwd[25438]: pam_unix(passwd:chauthtok): user
"ssasso" does not exist in /etc/passwd

what's going wrong?

thanks,
stefano

My configuration is the following:

smb.conf
[global]
   workgroup = BARBARIGO
   unix charset = LOCALE

   security = DOMAIN
   username map = /etc/samba/smbusers

   netbios name = LTSP-1
   server string = %h server (Samba, Ubuntu)

   local master = no
   domain master = no
   preferred master = no
   dns proxy = no

   encrypt passwords = Yes

   name resolve order = wins bcast hosts

   wins server = 192.168.2.5
   password server = 192.168.2.5

   ldap suffix = dc=barbarigo,dc=dom
   ldap machine suffix = ou=Computers
   ldap user suffix = ou=Users
   ldap group suffix = ou=Groups
   ldap idmap suffix = ou=Idmap
   ldap admin dn = cn=Manager,dc=barbarigo,dc=dom

   ldap ssl = Off

   idmap backend = ldap:ldap://192.168.2.5
   idmap uid = 30000-50000
   idmap gid = 30000-50000

   winbind trusted domains only = Yes
   winbind use default domain = yes

pam config:
password	sufficient	pam_winbind.so use_authtok debug
password	required	pam_unix.so nullok obscure md5
# here's the fallback if no module succeeds
password	requisite			pam_deny.so

------------
root at ltsp-1:~# getent passwd | grep ssasso
ssasso:x:1292:513:Stefano Sasso,,,,:/srv/homes/ssasso:/bin/bash
------------
root at ltsp-1:~# wbinfo -u | grep ssasso
LTSP-1\ssasso
ssasso

-- 
Stefano Sasso
http://stefano.dscnet.org/