[Samba] Changing password from windows

Sharp, Clint clint.sharp at attws.com
Tue Dec 30 16:06:43 GMT 2003 

The passwd program it is is expecting is a program which modifies your UNIX password.  Smbpasswd modifies your samba password.  Try setting the following:

passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*

Clint

> -----Original Message-----
> From: samba-bounces+clint=typhoon.org at lists.samba.org 
> [mailto:samba-bounces+clint=typhoon.org at lists.samba.org] On 
> Behalf Of s.jousse at free.fr
> Sent: Tuesday, December 30, 2003 9:12 AM
> To: samba at lists.samba.org
> Subject: [Samba] Changing password from windows
> 
> 
> Hi all!
> I had some problem with LDAP, so I setup a Samba PDC without 
> LDAP and then I 
> migrate it to LDAP.
> Before that, all worked fine, changing password from Windows 
> too. But now, a 
> popup in windows says "username or old password incorrect. 
> Password is case 
> sensitive" (it's not the exact sentence for you since I 
> translated it from my 
> language) and I got this error in log:
>   sambaPwdCanChange: value #0 already exists
> But the password is REALLY changed and the sync is OK!
> --> I got an error message but the command succeeded...
> 
> When I did it in a shell, I got no error...
> 
> Here is smb.conf:
> --- BEGIN SMB.CONF ---
> [global]
>   netbios name = PDCLINUX
>   workgroup = TESTDOMAIN
>   server string = TestCenter
>   comment = Controleur de Domaine
>   time server = yes
> 
>   passdb backend = ldapsam:ldap://ldap.mydomain.com
> 
>   encrypt passwords = yes
>   security = user
>   preferred master = yes
>   domain master = yes
>   local master = yes
>   domain logons = yes
>   wins support = yes
>   os level = 80
>   hosts allow = 192.168.0. 127.
> 
>   # LDAP
>   ldap admin dn = "cn=Manager,dc=mydomain,dc=com"
>   ldap ssl = off
>   ldap delete dn = no
>   ldap user suffix = ou=People
>   ldap group suffix = ou=Groups
>   ldap machine suffix = ou=Computers
>   ldap suffix = dc=mydomain,dc=com
>   ldap passwd sync = yes
>   unix password sync = yes
> 
> log level = 256
> log file = /var/samba/log/%U.log
> passwd chat debug = yes
> passwd program = /usr/local/samba/bin/smbpasswd %u
> passwd chat = *ew*password* %n\n *ew*password* %n\n
> 
>   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> 
>   logon path = \\pdc.mydomain.com\profiles\%U
>   logon drive = H:
>   logon home = \\pdc.mydomain.com\%U
>   logon script = %U.bat
> 
>   add machine script = /usr/sbin/useradd -d /dev/null -g 
> machines - s /bin/false -c %U%I %U
> 
> [homes]
>   comment = Home Directory
>   guest ok = no
>   read only = no
>   create mask = 0664
>   directory mask = 0775
> 
> [netlogon]
>   comment = Network Logon Service
>   path = /var/samba/netlogon
>   read only = yes
>   guest ok = yes
>   share modes = no
>   root preexec = /var/samba/netlogon/login.pl %U %G %L
>   browseable = no
> --- END SMB.CONF ---
> 
> And here the log:
> --- BEGIN LOG ---
> [2003/12/30 15:43:49, 10] smbd/chgpasswd.c:dochild(217)
>   Invoking '/usr/local/samba/bin/smbpasswd testuser' as 
> password change program. [2003/12/30 15:43:49, 10] 
> lib/util_sock.c:read_socket_with_timeout(263)
>   read_socket_with_timeout: timeout read. select timed out. 
> [2003/12/30 15:43:49, 100] smbd/chgpasswd.c:expect(274)
>   expect: expected [*ew*password*] received [New SMB 
> password:] match yes [2003/12/30 15:43:49, 10] 
> smbd/chgpasswd.c:expect(285)
>   expect: returning True
> [2003/12/30 15:43:49, 100] smbd/chgpasswd.c:expect(237)
>   expect: sending [testuser
>   ]
> [2003/12/30 15:43:49, 10] 
> lib/util_sock.c:read_socket_with_timeout(263)
>   read_socket_with_timeout: timeout read. select timed out. 
> [2003/12/30 15:43:49, 100] smbd/chgpasswd.c:expect(274)
>   expect: expected [*ew*password*] received [
>   Retype new SMB password:] match yes
> [2003/12/30 15:43:49, 10] smbd/chgpasswd.c:expect(285)
>   expect: returning True
> [2003/12/30 15:43:49, 100] smbd/chgpasswd.c:expect(237)
>   expect: sending [testuser
>   ]
> [2003/12/30 15:43:49, 3] smbd/chgpasswd.c:chat_with_program(438)
>   Password change successful for user testuser
> [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
>   element 32 -> now CHANGED
> [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
>   element 31 -> now CHANGED
> [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
>   element 10 -> now CHANGED
> [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
>   element 20 -> now CHANGED
> [2003/12/30 15:43:49, 10] lib/account_pol.c:account_policy_get(134)
>   account_policy_get: maximum password age:-1
> [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
>   element 9 -> now CHANGED
> [2003/12/30 15:43:49, 10] lib/account_pol.c:account_policy_get(134)
>   account_policy_get: minimum password age:0
> [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
>   element 8 -> now CHANGED
> [2003/12/30 15:43:49, 4] 
> passdb/pdb_ldap.c:ldapsam_update_sam_account(1370)
>   ldapsam_update_sam_account: user testuser to be modified 
> has dn: uid=testuser, ou=People,dc=phonambule-tv,dc=com 
> [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
>   element 11: SET
> [2003/12/30 15:43:49, 2] passdb/pdb_ldap.c:init_ldap_from_sam(769)
>   init_ldap_from_sam: Setting entry for user: testuser 
> [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
>   element 17: SET
> [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
>   element 18: SET
> [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
>   element 12: SET
> [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
>   element 22: DEFAULT
> [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
>   element 23: DEFAULT
> [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
>   element 25: DEFAULT
> [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
>   element 1: DEFAULT
> [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
>   element 3: DEFAULT
> [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
>   element 4: DEFAULT
> [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
>   element 2: DEFAULT
> [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
>   element 5: DEFAULT
> [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
>   element 6: DEFAULT
> [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
>   element 7: DEFAULT
> [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
>   element 8: SET
> [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194)
>   element 8: CHANGED
> [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
>   element 9: SET
> [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194)
>   element 9: CHANGED
> [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
>   element 31: SET
> [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194)
>   element 31: CHANGED
> [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
>   element 32: SET
> [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194)
>   element 32: CHANGED
> [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
>   element 20: SET
> [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194)
>   element 20: CHANGED
> [2003/12/30 15:43:49, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
>   element 19: SET
> [2003/12/30 15:43:49, 11] lib/smbldap.c:smbldap_open(822)
>   smbldap_open: already connected to the LDAP server 
> [2003/12/30 15:43:49, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1203)
>   ldapsam_modify_entry: Failed to modify user dn= 
> uid=testuser,ou=People,dc=phon ambule-tv,dc=com with: Type or 
> value exists
>         modify/add: sambaPwdCanChange: value #0 already 
> exists [2003/12/30 15:43:49, 0] 
> passdb/pdb_ldap.c:ldapsam_update_sam_account(1397)
>   ldapsam_update_sam_account: failed to modify user with uid 
> = testuser, error:
> modify/add: sambaPwdCanChange: value #0 already exists 
> (Success) [2003/12/30 15:43:49, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
>   pop_sec_ctx (1001, 547) - sec_ctx_stack_ndx = 1
> [2003/12/30 15:43:49, 5] 
> rpc_parse/parse_samr.c:init_samr_r_chgpasswd_user(7120)
>   init_r_chgpasswd_user
> [2003/12/30 15:43:49, 5] 
> rpc_server/srv_samr_nt.c:_samr_chgpasswd_user(1469)
>   _samr_chgpasswd_user: 1469
> [2003/12/30 15:43:49, 5] rpc_parse/parse_prs.c:prs_debug(82)
>   000000 samr_io_r_chgpasswd_user
> [2003/12/30 15:43:49, 5] rpc_parse/parse_prs.c:prs_ntstatus(665)
>       0000 status: NT_STATUS_ACCESS_DENIED
> --- END LOG ---
> 
> Can someone explain me why I got an error with the field 
> sambaPwdCanChange in 
> LDAP, when I look it after the command, this field is 
> changed... Thanks alot!
> 
> Sébastien.
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list