[Samba] modifying password on W2K PDC from Linux (samba 2.2.7-4.8.0)

Richard Duran rduran at dallasairmotive.com
Mon Apr 14 22:50:02 GMT 2003

On May 1st, Chuck Sullivan posted the following:

No mention was made of /etc/pam.d/passwd, which is what I think we need
to set to enable a user to change their domain password. Our current
settings are:

auth       required     /lib/security/pam_stack.so service=system-auth
auth       sufficient   /lib/security/pam_winbind.so
auth       required     /lib/security/pam_pwdb.so use_first_pass shadow
account    required     /lib/security/pam_stack.so service=system-auth
account    sufficient   /lib/security/pam_winbind.so
password   required     /lib/security/pam_stack.so service=system-auth
password   sufficient   /lib/security/pam_winbind.so

# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/pam_env.so
#auth        sufficient    /lib/security/pam_winbind.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
auth        required      /lib/security/pam_deny.so

#account     sufficient    /lib/security/pam_winbind.so
account     required      /lib/security/pam_unix.so

password    required      /lib/security/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/pam_unix.so nullok use_authtok
md5 shadow
password    required      /lib/security/pam_deny.so

session     required      /lib/security/pam_mkhomedir.so skel=/etc/skel/
session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so

We've tried setting the control to required on the pam_winbind.so
module, but no difference. The output I get when entering 'passwd
"ntdomain\ntuser"' is:

Changing password for user ntdomain\ntuser.
Changing password for ntdomain\ntuser
(current) NT password:
passwd: Authentication token manipulation error

Any ideas/suggestions/URLs?

-richard duran

More information about the samba mailing list