password sync

Andrew Bartlett abartlet at pcug.org.au
Tue Jan 8 01:30:08 GMT 2002


Christian Barth wrote:
> 
> > Hi, Thanks,
> >
> > I had tried all combo's of the chat script, including copying and
> > pasting the results of the actual program, and filling in the necessary
> > variables. None of it worked. (The version below is the copied version,
> > with slight modification.)
> >
> > I added "password chat debug = yes" and log level = 100 and without
> > changing anything else, it worked. (I still can't understand why,
> > because I then changed then removed the chat debug, and reset the log
> > level, and it still worked.
> 
> We had this situation too, even worse because it some times worked
> with out "password chat debug = yes" and some time not. I guessed
> that it is a time out problem and increased the timeout values in
> source/smbd/chgpasswd.c (line 213 and 224 for samba 2.0.7) form 2000
> to 12000 and 200 to 1200 and recompailed. We do not have any
> problemes since. Normaly our machine is fast engnough, so I don't
> understand, wy we had to increase the timeouts. AND: I do not no if
> this has any security impacts!!
> 
> Christian

I always recommend running 2.2.2 and compiling --with-pam, setting 'pam
password change = yes' in your smb.conf.  This means you must have an
/etc/pam.d/samba file containing a 'password' line, but is *much* easier
to debug becouse it doesn't use timeouts and other nasties - it uses the
PAM interface directly.  We even get meaningful errors out of it :-).

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net




More information about the samba mailing list