[Samba] changing passwords from win2k
Jeffrey R. Meyer
jeffm at andersonlabs.com
Thu Dec 26 21:32:01 GMT 2002
I having been trouble by this for a few days now and was wondering if anyone
else has had any luck with this?
I am currently running Samba 2.2.6pre2 on FreeBSD 4.7-RELEASE
I have successfully set up samba to be the PDC
I am unsuccessfully trying to change the passwords on the W2k box and I am
recieving the error that the user name/password are incorrect make sure the
caps lock is not on.
When I check the logs on the BSD box the following appears:
[2002/12/26 14:49:26, 0] passdb/pampass.c:smb_pam_chauthtok(697)
PAM: Permission denied.
[2002/12/26 14:49:26, 2] passdb/pampass.c:smb_pam_error_handler(71)
smb_pam_error_handler: PAM: Password Change Failed : Permission denied
[2002/12/26 14:49:26, 0] passdb/pampass.c:smb_pam_passchange(865)
smb_pam_passchange: PAM: Password Change Failed for user root!
I am making the uneducated assumption that my problem is not with samba but
it is with PAM?
If anyone could help me with this problem it would be greatly appreciated!!!
Thanks,
Jeff Meyer
The smb.conf and pam.conf files that I am using are below.
pam.conf
login auth sufficient pam_skey.so
login auth sufficient pam_opie.so
no_fake_prompts
#login auth required pam_opieaccess.so
login auth requisite pam_cleartext_pass_ok.so
#login auth sufficient pam_kerberosIV.so
try_first_pass
#login auth sufficient pam_krb5.so
try_first_pass
login auth required pam_unix.so
try_first_pass
login account required pam_unix.so
login password required pam_permit.so
login session required pam_permit.so
# Same requirement for ftpd as login
ftpd auth sufficient pam_skey.so
ftpd auth sufficient pam_opie.so
no_fake_prompts
#ftpd auth required pam_opieaccess.so
ftpd auth requisite pam_cleartext_pass_ok.so
#ftpd auth sufficient pam_kerberosIV.so
try_first_pass
#ftpd auth sufficient pam_krb5.so
try_first_pass
ftpd auth required pam_unix.so
try_first_pass
# OpenSSH with PAM support requires similar modules. The session one is
# a bit strange, though...
sshd auth sufficient pam_skey.so
sshd auth sufficient pam_opie.so
no_fake_prompts
#sshd auth required pam_opieaccess.so
#sshd auth sufficient pam_kerberosIV.so
try_first_pass
#sshd auth sufficient pam_krb5.so
try_first_pass
sshd auth required pam_unix.so
try_first_pass
sshd account required pam_unix.so
sshd password required pam_permit.so
sshd session required pam_permit.so
# "telnetd" is for SRA authenticated telnet only. Non-SRA uses 'login'
telnetd auth required pam_unix.so
try_first_pass
# Don't break startx
xserver auth required pam_permit.so
# XDM is difficult; it fails or moans unless there are modules for each
# of the four management groups; auth, account, session and password.
xdm auth required pam_unix.so
#xdm auth sufficient pam_kerberosIV.so
try_first_pass
#xdm auth sufficient pam_krb5.so
try_first_pass
xdm account required pam_unix.so
try_first_pass
xdm session required pam_deny.so
xdm password required pam_deny.so
# GDM (GNOME Display Manager)
gdm auth required pam_unix.so
#gdm auth sufficient pam_kerberosIV.so
try_first_pass
#gdm auth sufficient pam_krb5.so
try_first_pass
gdm account required pam_unix.so
try_first_pass
gdm session required pam_permit.so
gdm password required pam_deny.so
# Mail services
imap auth required pam_unix.so
try_first_pass
pop3 auth required pam_unix.so
try_first_pass
# If we don't match anything else, default to using getpwnam().
other auth sufficient pam_skey.so
other auth required pam_unix.so
try_first_pass
other account required pam_unix.so
try_first_pass
samba auth required pam_unix.so
try_first_pass
samba account required pam_unix.so
try_first_pass
smb.conf
# /usr/local/etc/smb.conf
# samba configuration file
[global]
# basic server settings
workgroup = labnet
netbios name = pdcsrv1
server string = Samba PDC running %v
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192
SO_RCVBUF=819
2
# PDC and master browser settings
os level = 64
preferred master = yes
local master = yes
domain master = yes
# security and logging settings
security = user
encrypt passwords = yes
domain logons = yes
log file = /var/log/samba/log.%m
log level = 2
max log size = 50
# hosts allow = 127.0.0.1 192.168.0.0/255.255.255.0
# user profiles and home directory
# logon home = \\%L\home\%U\.profile
# logon drive = H:
# logon path = \\%L\profiles\%U
logon home = ""
logon path = ""
logon script = netlogon.bat
#sync UNIX passwords
unix password sync = yes
pam password change = yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password*
%n\n *
passwd: *all*authentication*tokens*updated*successfully*
passwd chat debug = yes
#===Shares===
[homes]
comment = Home Directories
browseable = no
writable = yes
#[profiles]
# path = /home/samba/profiles
# writeable = yes
# browseable = no
# create mask = 0600
# directory mask = 0700
[netlogon]
path = /home/netlogon
read only = yes
write list = jeffm
More information about the samba
mailing list