[Samba] FW: Password change on Windows 2000 clients not working

Buchan Milne bgmilne at cae.co.za
Wed Aug 14 09:04:01 GMT 2002 

> From: <james at jsquared.ca>
> To: <samba at lists.samba.org>
> Date: Tue, 13 Aug 2002 21:47:45 -0400
> Subject: [Samba] FW: Password change on Windows 2000 clients not working
> 
> Hi, I sent this in a couple of days ago and have only gotten one
> suggestion.  Can someone read the below problem and try to help me out?
> I have searched everywhere for a solution to this and have tried
> numerous 'passwd chat' strings to no avail.

OK, lets take a look.

> 
> Help is much appreciated!
> 
> James Herschel
> JSquared Network Solutions
> (905)847-0799
> james at jsquared.ca
> 
> 
> -----Original Message-----
> From: James Herschel [mailto:jdh34 at cogeco.ca] On Behalf Of
> james at jsquared.ca
> Sent: Sunday, August 11, 2002 11:09 PM
> To: 'samba at lists.samba.org'
> Subject: Password change on Windows 2000 clients not working
> 
> Hello, I have searched hi and lo for a solution to being unable to
> change passwords from Windows 2000.  Everything seems to work fine,
> shares, etc.  but when I press ctrl-alt-del to bring up the Change
> Password dialogue, I get the message that "The user doesn't exist or the
> password was entered incorrectly" from Windows.  

This is after attempting a password change I assume?

> 
> I am running Samba 2.2.3a on Mandrake Linux 8.2

You may be interested in samba-2.2.5 (with or without LDAP support) 
compiled for Mandrake 8.0, 8.1 and 8.2, available from ftp.samba.org, 
http://ranger.dnsalias.com/mandrake/samba or 
http://people.mandrakesoft.com/~staburet/samba

> 
> In my logs, I see the following at the computer I was testing on:
> 
> [2002/08/08 18:47:17, 0] smbd/chgpasswd.c:chgpasswd(474)
>   Password Change: user sralph, New password is shorter than minimum
> password length = 5

Looks like your password is too short for your cracklib options (set in 
/etc/pam.d/passwd

> [2002/08/08 18:47:19, 0] smbd/chgpasswd.c:chgpasswd(474)
>   Password Change: user sralph, New password is shorter than minimum
> password length = 5
> [2002/08/08 18:47:24, 0] smbd/chgpasswd.c:check_oem_password(817)
>   check_oem_password: incorrect password length (-1576411271).
> [2002/08/08 18:48:03, 0] smbd/chgpasswd.c:check_oem_password(817)
>   check_oem_password: incorrect password length (-1576411277).

Anyway, are you sure you need to have samba change the unix password? We 
haven't until recently when we switched to LDAP since some app can auth 
against unix passwords but not against pam. In most cases, pam_smb works 
very well.

Also, you may want to investigate using "pam password change = yes".

> 
> This is using the commented out "passwd chat" line.  Using the original
> "passwd chat" line that is listed below, these errors were logged:

The original one should work. If you are unsure, run your 'passwd 
program' on the command line and see.

> 
> [2002/07/22 17:03:24, 0] smbd/chgpasswd.c:chgpasswd(541)
>   chgpasswd: Running as root the 'passwd program' parameter *MUST*
> contain the string %u, and the given string /bin/passwd does not.

Looks like you had changed 'passwd program' also, according to this.

> [2002/07/22 17:03:44, 0] smbd/chgpasswd.c:chgpasswd(541)
>   chgpasswd: Running as root the 'passwd program' parameter *MUST*
> contain the string %u, and the given string /bin/passwd does not.
> [2002/07/22 17:04:02, 0] smbd/chgpasswd.c:check_oem_password(878)
>   check_oem_password: old nt password doesn't match.

Are you sure you typed the right password?

> [2002/07/22 17:04:26, 0] smbd/chgpasswd.c:chgpasswd(474)
>   Password Change: user sralph, New password is shorter than minimum
> password length = 5

Once again, you need to use a longer password, or change the cracklib 
settings.

> [2002/07/22 17:05:24, 0] smbd/chgpasswd.c:chgpasswd(541)
>   chgpasswd: Running as root the 'passwd program' parameter *MUST*
> contain the string %u, and the given string /bin/passwd does not.
> [2002/07/22 17:05:31, 0] smbd/chgpasswd.c:check_oem_password(817)
>   check_oem_password: incorrect password length (-614147710).
> 
> Here is my smb.conf file [global] section
> 
> #Samba Configuration file
> [global]
>   #PDC Specific
>   workgroup = pjglease.com
>   netbios name = serve-on
>   server string = Workgroup Server
> 
>   security = user
>   encrypt passwords = yes
> 
>   smb passwd file = /etc/samba/smbpasswd
>   unix password sync = yes
>   passwd chat debug = true
>   passwd program = /bin/passwd %u
>   passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n
> *passwd:*all*authentication*tokens*updated*successfully*
>   #passwd chat =  *new password* %n\n *new password* %n\n *changed*
> 
>   local master = yes
>   os level = 34
>   domain master = yes
>   preferred master = yes
>   domain logons = yes
>   logon script = logon.bat
> 
>   # auto-add machine accounts
>   add user script = /usr/sbin/useradd -d /dev/null -g machines -c
> 'Machine Account' -s /bin/false -M %u
> 
>   #Logs
>   log file = /var/log/samba/log.%m
>   max log size = 50
> 
>   #Optimizations
>   socket options = SO_RCVBUF=8192
>   socket options = SO_SNDBUF=8192
>   socket options = TCP_NODELAY
> 
>   #naming
>   wins support = yes
>   name resolve order = wins lmhosts hosts bcast
> 
>   #Home Dirs
>   logon drive = Z:
>   logon home = \\serve-on\%u
> 
>   #printing
>   #printcap name = lpstat
>   #load printers = yes
>   #printing = cups
> 
> Hope someone out there can make sense of this email and what's going on
> ... and if you can, that would be fantastic!


I don't know if I did, but let's hope we can get it fixed.

-- 
|----------------Registered Linux User #182071-----------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work            +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering         http://www.cae.co.za
GPG Key                   http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7

More information about the samba mailing list