[Samba] FW: Password change on Windows 2000 clients not working
james at jsquared.ca
james at jsquared.ca
Sun Aug 18 15:20:01 GMT 2002
Buchan,
I hope you don't mind me picking on you ;-)
I spent some time with this system today and was able to try many of
your suggestions. I have eliminated some issues, but am still quite
confused as to what's happening ... I have commented your suggestions
below marked with "-->"
-----Original Message-----
From: Buchan Milne [mailto:bgmilne at cae.co.za]
Sent: Wednesday, August 14, 2002 2:03 PM
To: james at jsquared.ca
Cc: samba at lists.samba.org
Subject: Re: [Samba] FW: Password change on Windows 2000 clients not
working
> From: <james at jsquared.ca>
> To: <samba at lists.samba.org>
> Date: Tue, 13 Aug 2002 21:47:45 -0400
> Subject: [Samba] FW: Password change on Windows 2000 clients not
working
>
> Hi, I sent this in a couple of days ago and have only gotten one
> suggestion. Can someone read the below problem and try to help me
out?
> I have searched everywhere for a solution to this and have tried
> numerous 'passwd chat' strings to no avail.
OK, lets take a look.
>
> Help is much appreciated!
>
> James Herschel
> JSquared Network Solutions
> (905)847-0799
> james at jsquared.ca
>
>
> -----Original Message-----
> From: James Herschel [mailto:jdh34 at cogeco.ca] On Behalf Of
> james at jsquared.ca
> Sent: Sunday, August 11, 2002 11:09 PM
> To: 'samba at lists.samba.org'
> Subject: Password change on Windows 2000 clients not working
>
> Hello, I have searched hi and lo for a solution to being unable to
> change passwords from Windows 2000. Everything seems to work fine,
> shares, etc. but when I press ctrl-alt-del to bring up the Change
> Password dialogue, I get the message that "The user doesn't exist or
the
> password was entered incorrectly" from Windows.
This is after attempting a password change I assume?
--> Yes, this is what I receive when I press ctrl-alt-delete and choose
"change password" from Windows 2000 sp2
>
> I am running Samba 2.2.3a on Mandrake Linux 8.2
You may be interested in samba-2.2.5 (with or without LDAP support)
compiled for Mandrake 8.0, 8.1 and 8.2, available from ftp.samba.org,
http://ranger.dnsalias.com/mandrake/samba or
http://people.mandrakesoft.com/~staburet/samba
--> I upgraded to 2.2.5 today and the issue still persists.
>
> In my logs, I see the following at the computer I was testing on:
>
> [2002/08/08 18:47:17, 0] smbd/chgpasswd.c:chgpasswd(474)
> Password Change: user sralph, New password is shorter than minimum
> password length = 5
Looks like your password is too short for your cracklib options (set in
/etc/pam.d/passwd
--> my cracklib options set a minimum password length of 2
--> when I
> [2002/08/08 18:47:19, 0] smbd/chgpasswd.c:chgpasswd(474)
> Password Change: user sralph, New password is shorter than minimum
> password length = 5
> [2002/08/08 18:47:24, 0] smbd/chgpasswd.c:check_oem_password(817)
> check_oem_password: incorrect password length (-1576411271).
> [2002/08/08 18:48:03, 0] smbd/chgpasswd.c:check_oem_password(817)
> check_oem_password: incorrect password length (-1576411277).
Anyway, are you sure you need to have samba change the unix password? We
haven't until recently when we switched to LDAP since some app can auth
against unix passwords but not against pam. In most cases, pam_smb works
very well.
Also, you may want to investigate using "pam password change = yes".
--> I have not installed pam_smb yet and therefore thought this option
was unnecessary. However, I tried it anyway - nothing changed.
>
> This is using the commented out "passwd chat" line. Using the
original
> "passwd chat" line that is listed below, these errors were logged:
The original one should work. If you are unsure, run your 'passwd
program' on the command line and see.
--> I have reverted to the original passwd chat line that is included
with the Mandrake Samba RPM.
>
> [2002/07/22 17:03:24, 0] smbd/chgpasswd.c:chgpasswd(541)
> chgpasswd: Running as root the 'passwd program' parameter *MUST*
> contain the string %u, and the given string /bin/passwd does not.
Looks like you had changed 'passwd program' also, according to this.
--> Changed this back to default
> [2002/07/22 17:03:44, 0] smbd/chgpasswd.c:chgpasswd(541)
> chgpasswd: Running as root the 'passwd program' parameter *MUST*
> contain the string %u, and the given string /bin/passwd does not.
> [2002/07/22 17:04:02, 0] smbd/chgpasswd.c:check_oem_password(878)
> check_oem_password: old nt password doesn't match.
Are you sure you typed the right password?
--> Quite sure ;-)
> [2002/07/22 17:04:26, 0] smbd/chgpasswd.c:chgpasswd(474)
> Password Change: user sralph, New password is shorter than minimum
> password length = 5
Once again, you need to use a longer password, or change the cracklib
settings.
--> This is confusing because my cracklib options set this to minimum
password length to 2 ... is there somewhere else where this is set? I
have tested a 4 character password and I receive the above error.
Perhaps the most confusing thing of all is the fact that NO errors show
up in the logs when I enter a password of 5+ characters ... I've turned
on passwd chat debug on, but I can't see where the process is failing
... would I have to put a sniffer on the line to see the process in
action? Or is there another log I should be looking at?
Here is my latest smb.conf file [global] section
#Samba Configuration file
workgroup = pjglease.com
netbios name = serve-on
server string = Workgroup Server
security = user
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
#pam password change = yes
unix password sync = yes
passwd chat debug = true
passwd program = /bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password*
%n\n *passwd:*all*authenticatio
n*tokens*updated*successfully*
local master = yes
os level = 34
domain master = yes
preferred master = yes
domain logons = yes
logon script = logon.bat
# auto-add machine accounts
add user script = /usr/sbin/useradd -d /dev/null -g machines -c
'Machine Account' -s /bin/false -M
%u
#Logs
log file = /var/log/samba/log.%m
max log size = 50
#Optimizations
socket options = SO_RCVBUF=8192
socket options = SO_SNDBUF=8192
socket options = TCP_NODELAY
#naming
wins support = yes
name resolve order = wins lmhosts hosts bcast
#Home Dirs
logon drive = Z:
logon home = \\serve-on\%u
#printing
#printcap name = lpstat
#load printers = yes
#printing = cups
Thanks Buchan! Let me know if you would like any of my pam.d files.
James Herschel
JSquared Network Solutions
(905)847-0799
james at jsquared.ca
More information about the samba
mailing list