[Samba] modifying password on W2K PDC from Linux (samba 2.2.7-4.8.0)
Richard Duran
rduran at dallasairmotive.com
Mon Apr 14 22:50:02 GMT 2003
On May 1st, Chuck Sullivan posted the following:
https://listman.redhat.com/pipermail/k12osn/2003-March/007755.html
No mention was made of /etc/pam.d/passwd, which is what I think we need
to set to enable a user to change their domain password. Our current
settings are:
/etc/pam.d/passwd:
#%PAM-1.0
auth required /lib/security/pam_stack.so service=system-auth
auth sufficient /lib/security/pam_winbind.so
auth required /lib/security/pam_pwdb.so use_first_pass shadow
nullok
account required /lib/security/pam_stack.so service=system-auth
account sufficient /lib/security/pam_winbind.so
password required /lib/security/pam_stack.so service=system-auth
password sufficient /lib/security/pam_winbind.so
/etc/pam.d/system-auth:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/pam_env.so
#auth sufficient /lib/security/pam_winbind.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
use_first_pass
auth required /lib/security/pam_deny.so
#account sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3 type=
password sufficient /lib/security/pam_unix.so nullok use_authtok
md5 shadow
password required /lib/security/pam_deny.so
session required /lib/security/pam_mkhomedir.so skel=/etc/skel/
umask=0022
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
We've tried setting the control to required on the pam_winbind.so
module, but no difference. The output I get when entering 'passwd
"ntdomain\ntuser"' is:
Changing password for user ntdomain\ntuser.
Changing password for ntdomain\ntuser
(current) NT password:
passwd: Authentication token manipulation error
Any ideas/suggestions/URLs?
Regards,
-richard duran
More information about the samba
mailing list