[Samba] change password on w2k workstation

Daniel Chénard dchenard at croesus.com
Tue Aug 26 16:18:53 GMT 2003 

Hi!!

I'm not able to change a user password on a workstation and with
smbpasswd when I'm log.

ex:
[usertest at pc070 usertest]$ smbpasswd
Old SMB password:
New SMB password:
Retype new SMB password:
machine 127.0.0.1 rejected the password change: Error was : RAP86: The
specified password is invalid.
Failed to change password for usertest

so when I'm root, that's work

The log message for this case is:
[2003/08/26 11:59:11, 0] auth/pampass.c:smb_pam_chauthtok(692)
  PAM: UNKNOWN PAM ERROR (19) for User: usertest
[2003/08/26 11:59:11, 0] auth/pampass.c:smb_pam_passchange(848)
  smb_pam_passchange: PAM: Password Change Failed for user usertest!

When I'm on a w2k workstation, the log say:
[2003/08/26 12:04:53, 0] auth/pampass.c:smb_pam_chauthtok(692)
  PAM: UNKNOWN PAM ERROR (19) for User: usertest
[2003/08/26 12:04:53, 0] auth/pampass.c:smb_pam_passchange(848)
  smb_pam_passchange: PAM: Password Change Failed for user usertest!

My smb.conf is
 passdb backend = ldapsam:ldap://192.168.53.58, guest
        passwd program = /usr/bin/smbpasswd %u
        passwd chat = *New*UNIX*password* %n\n
*ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
        unix password sync = Yes
        encrypt passwords = Yes
        passwd chat debug = Yes
        logon script = netlogon.bat
        logon path = \\srv-image\profiles\%u
        logon drive = X:
        logon home = \\srv-image\%u
        domain logons = Yes
        os level = 65
        preferred master = Yes
        domain master = Yes
        dns proxy = No
        ldap suffix = dc=mydomain,dc=com
        ldap machine suffix = ou=machines
        ldap user suffix = ou=People
        ldap group suffix = ou=Groups
        ldap admin dn = cn=manager,dc=mydomain,dc=com
        ldap delete dn = Yes
        ldap trust ids = Yes
        ldap ssl = no
        ldap passwd sync = Yes
        admin users = Administrator root
        hosts allow = 192.168.53.0/255.255.255.0 127.0.0.1

my slapd.conf
index           cn,sn,uid,displayName           pres,sub,eq
index           uidNumber,gidNumber             eq
index           sambaSID                        eq
index           sambaPrimaryGroupSID            eq
index           sambaDomainName                 eq
index           objectClass                     eq
index           default                         sub

access to dn=".*dc=unigiciel,dc=com"
        by self write
        by *    read
access to dn=".*dc=unigiciel,dc=com"
        attrs=userPassword,sambaLMPassword,sambaNTPassword
        by dn="cn=manager,dc=unigiciel,dc=com" write
        by self write
        by anonymous auth
        by * read

my /etc/ldap.conf
ssl no
port    389
rootbinddn      cn=manager,dc=mydomain,dc=com
pam_filter objectclass=posixAccount
pam_login_attribute uid

My samba version samba-3.0.0beta3-1

my pam login 
auth       required     /lib/security/pam_securetty.so
auth       required     /lib/security/pam_nologin.so
auth       sufficient   /lib/security/pam_ldap.so
auth       required     /lib/security/pam_unix_auth.so try_first_pass
account    sufficient   /lib/security/pam_ldap.so
account    required     /lib/security/pam_unix_acct.so
password   required     /lib/security/pam_cracklib.so
password   required     /lib/security/pam_ldap.so
password   required     /lib/security/pam_pwdb.so use_first_pass
session    sufficient   /lib/security/pam_ldap.so
session    required     /lib/security/pam_unix_session.so
session    optional     /lib/security/pam_console.so



Someone can help me??

More information about the samba mailing list