[Samba] Changing password from windows

Sundaram Ramasamy sun at percipia.com
Tue Dec 30 20:23:01 GMT 2003


Hi,

I am also getting same kind of error message with samab 2.2.8a LDAP PDC.

Here my smb.conf file.

[global]
        coding system =
        client code page = 850
        code page directory = /usr/share/samba/codepages
        netbios aliases =
        netbios scope =
        server string = Percipia PDC Server
        interfaces =
        bind interfaces only = No
        security = USER
        encrypt passwords = Yes
        update encrypted = No
        allow trusted domains = Yes
        hosts equiv =
        min passwd length = 5
        map to guest = Never
        null passwords = No
        obey pam restrictions = Yes
        password server =
        smb passwd file = /etc/samba/smbpasswd
        root directory =
        pam password change = Yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password*
%n\n*passwd:*all*authentication*tokens*updated*successfully*
        passwd chat debug = Yes
        username map =
        password level = 0
        username level = 0
        unix password sync = Yes
        restrict anonymous = No
        lanman auth = Yes
        use rhosts = No
        admin log = No
        log level = 103
        syslog = 1
        syslog only = No
        log file = /var/log/samba/%m.log
        max log size = 50
        timestamp logs = Yes
        debug hires timestamp = No
        debug pid = No
        debug uid = No
        protocol = NT1
        large readwrite = Yes
        max protocol = NT1
        min protocol = CORE
        read bmpx = No
        read raw = Yes
        write raw = Yes
        acl compatibility =
        nt smb support = Yes
        nt pipe support = Yes
        nt status support = Yes
        announce version = 4.9
        announce as = NT
        max mux = 50
        max xmit = 16644
        name resolve order = lmhosts host wins bcast
        max ttl = 259200
        max wins ttl = 518400
        min wins ttl = 21600
        time server = No
        unix extensions = No
        change notify timeout = 60
        deadtime = 0
        getwd cache = Yes
        keepalive = 300
        lpq cache time = 10
        max smbd processes = 0
        max disk size = 0
        max open files = 10000
        name cache timeout = 660
        read size = 16384
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        stat cache size = 50
        use mmap = Yes
        total print jobs = 0
        load printers = Yes
        printcap name = /etc/printcap
        disable spoolss = No
        enumports command =
        addprinter command =
        deleteprinter command =
        show add printer wizard = Yes
        os2 driver map =
        strip dot = No
        mangling method = hash
        character set = ISO8859-1
        mangled stack = 50
        stat cache = Yes
        domain admin group =
        domain guest group =
        machine password timeout = 604800
        add user script = /usr/local/sbin/smbldap-useradd.pl -m -d
/dev/null -g "Domain Computers" -s /bin/false
        delete user script =
        logon script =
        logon path = \\%N\%U\profile
        logon drive = H:
        logon home = \\%N\%U
        domain logons = Yes
        os level = 64
        lm announce = Auto
        lm interval = 60
        preferred master = Yes
        local master = Yes
        domain master = Yes
        browse list = Yes
        enhanced browsing = Yes
        dns proxy = Yes
        wins proxy = No
        wins server =
        wins support = Yes
        wins hook =
        kernel oplocks = Yes
        lock spin count = 3
        lock spin time = 10
        oplock break wait time = 0
        ldap server = 127.0.0.1
        ldap port = 389
        ldap suffix = "dc=sfgroup,dc=com"
        ldap filter = "(&(uid=%u)(objectclass=sambaAccount))"
        ldap admin dn = "cn=Manager,dc=sfgroup,dc=com"
        ldap ssl = no
        add share command =
        change share command =
        delete share command =
        config file =
        preload =
        lock dir = /var/cache/samba
        pid directory = /var/run
        utmp directory =
        wtmp directory =
        utmp = No
        default service =
        message command =
        dfree command =
        valid chars =
        remote announce =
        remote browse sync =
        socket address = 0.0.0.0
        homedir map = auto.home
        time offset = 0
        NIS homedir = No
        source environment =
        panic action =
        hide local users = No
        host msdfs = No
        winbind uid =
        winbind gid =
        template homedir = /home/%D/%U

 template shell = /bin/false
        winbind separator = \
        winbind cache time = 15
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = No
        comment =
        path =
        alternate permissions = No
        username =
        guest account = nobody
        invalid users =
        valid users =
        admin users =
        read list =
        write list =
        printer admin =
        force user =
        force group =
        read only = Yes
        create mask = 0744
        force create mode = 00
        security mask = 0777
        force security mode = 00
        directory mask = 0755
        force directory mode = 00
        directory security mask = 0777
        force directory security mode = 00
        force unknown acl user = 00
        inherit permissions = No
        inherit acls = No
        guest only = No
        guest ok = No
        only user = No
        hosts allow =
        hosts deny =
        status = Yes
        nt acl support = Yes
        profile acls = No
        block size = 1024
        max connections = 0
        min print space = 0
        strict allocate = No
        strict sync = No
        sync always = No
        write cache size = 0
        max print jobs = 1000
        printable = No
        postscript = No
        printing = cups
        print command = lpr -r -P%p %s
        lpq command = lpq -P%p
        lprm command = lprm -P%p %j
        lppause command =
        lpresume command =
        queuepause command =
        queueresume command =
        printer name =
        use client driver = No
        default devmode = No
        printer driver =
        printer driver file = /etc/samba/printers.def
        printer driver location =
        default case = lower
        case sensitive = No
        preserve case = Yes
        short preserve case = Yes
        mangle case = No
        mangling char = ~
        hide dot files = Yes
        hide unreadable = No
        delete veto files = No
        veto files =
        hide files =
        veto oplock files =
        map system = No
        map hidden = No
        map archive = Yes
        mangled names = Yes
        mangled map =
        browseable = Yes
        blocking locks = Yes
        csc policy = manual
        fake oplocks = No
        locking = Yes
        oplocks = Yes
        level2 oplocks = Yes
        oplock contention limit = 2
        posix locking = Yes
        strict locking = No
        share modes = Yes
        copy =
        include =
        exec =
        preexec close = No
        postexec =
        root preexec =
        root preexec close = No
        root postexec =
        available = Yes
        volume =
        fstype = NTFS
        set directory = No
        wide links = Yes
        follow symlinks = Yes
        dont descend =
        magic script =
        magic output =
        delete readonly = No
        dos filemode = No
        dos filetimes = No
        dos filetime resolution = No
        fake directory create times = No
        vfs object =
        vfs options =
        msdfs root = No

[homes]
        comment = Home Directories
        valid users = %S
        read only = No
        create mask = 0664
        directory mask = 0775
        browseable = No


Here my password char log message:-
 smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: trying to match || to
|Enter login(LDAP) password:|
  smb_pam_passchange_conv: Could not find reply for PAM prompt: Enter
login(LDAP) password:
  PAM: unable to obtain the new authentication token - is password to weak?
  smb_pam_error_handler: PAM: Password Change Failed : Authentication
token manipulation error
  smb_pam_passchange: PAM: Password Change Failed for user sundaram!
  smb_pam_end: PAM: PAM_END OK.
  pop_sec_ctx (1023, 100) - sec_ctx_stack_ndx = 1
  init_r_chgpasswd_user
  _samr_chgpasswd_user: 1270
  000000 samr_io_r_chgpasswd_user
      0000 status: NT_STATUS_WRONG_PASSWORD
  created /tmp/out_api_samr_rpc_55.3.prs
  api_rpcTNP: called api_samr_rpc successfully
  api_rpcTNP: rpc input buffer underflow (parse error?)
  048c : 86 11 19 1b
  pop_sec_ctx (1023, 100) - sec_ctx_stack_ndx = 0
  free_pipe_context: destroying talloc pool of size 36
  write_to_pipe: data_used = 1200
  read_from_pipe: 732c name: samr len: 1024
  read_from_pipe: samr: fault_state = 0 : data_sent_length = 0,
prs_offset(&p->out_data.rdata) = 4.
  000000 smb_io_rpc_hdr hdr
      0000 major     : 05
      0001 minor     : 00
      0002 pkt_type  : 02
      0003 flags     : 03
      0004 pack_type0: 10
      0005 pack_type1: 00
      0006 pack_type2: 00
      0007 pack_type3: 00
      0008 frag_len  : 0034
      000a auth_len  : 0010
      000c call_id   : 00000002
  000010 smb_io_rpc_hdr_resp resp
      0010 alloc_hint: 00000004
      0014 context_id: 0000
      0016 cancel_ct : 00
      0017 reserved  : 00
  create_next_pdu: sign: Yes seal: Yes data 4 auth 16
  crc32_calc_buffer: eebb0acb
  [000] 6A 00 00 C0                                       j...
  00001c smb_io_rpc_hdr_auth hdr_auth
      001c auth_type    : 0a
      001d auth_level   : 06
      001e stub_type_len: 08
      001f padding      : 00
      0020 unknown      : 00000001
  000024 smb_io_rpc_auth_ntlmssp_chk auth_sign
      0024 ver     : 00000001
      0028 reserved: 00000000
      002c crc32   : eebb0acb
      0030 seq_num : 00000003
  copy_trans_params_and_data: params[0..0] data[0..52]
  size=108
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=1
  smb_tid=1
  smb_pid=236
  smb_uid=100
  smb_mid=48128
  smt_wct=10
  smb_vwv[0]=0 (0x0)
  smb_vwv[1]=52 (0x34)
  smb_vwv[2]=0 (0x0)
  smb_vwv[3]=0 (0x0)
  smb_vwv[4]=56 (0x38)
  smb_vwv[5]=0 (0x0)
  smb_vwv[6]=52 (0x34)
  smb_vwv[7]=56 (0x38)
  smb_vwv[8]=0 (0x0)
  smb_vwv[9]=0 (0x0)
  smb_bcc=53
  [000] 00 05 00 02 03 10 00 00  00 34 00 10 00 02 00 00  ........ .4......
  [010] 00 04 00 00 00 00 00 00  00 75 D9 E6 97 0A 06 08  ........ .u......
  [020] 00 01 00 00 00 01 00 00  00 9E 6F 43 67 0E 07 83  ........ ..oCg...
  [030] 4C 75 EA 08 B8                                    Lu...
  write_socket(12,112)
  write_socket(12,112) wrote 112
  got smb length of 41
  got message type 0x0 of len 0x29
  Transaction 8 of length 45
  size=41
  smb_com=0x4
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=24
  smb_flg2=18439
  smb_tid=1
  smb_pid=65279
  smb_uid=100
  smb_mid=48192
  smt_wct=3
  smb_vwv[0]=29484 (0x732C)
  smb_vwv[1]=65535 (0xFFFF)
  smb_vwv[2]=65535 (0xFFFF)
  smb_bcc=0
  switch message SMBclose (pid 30566)
  change_to_user: Skipping user change - already user
  search for pipe pnum=732c
  pipe name samr pnum=732c (pipes_open=1)
  reply_pipe_close: pnum:732c
  close_policy_by_pipe: deleted handle list for pipe samr
  closed pipe name samr pnum=732c (pipes_open=0)
  size=35
  smb_com=0x4
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=1
  smb_tid=1
  smb_pid=65279
  smb_uid=100
  smb_mid=48192
  smt_wct=0
  smb_bcc=0
  write_socket(12,39)
  write_socket(12,39) wrote 39
  got smb length of 35
  got message type 0x0 of len 0x23
  Transaction 9 of length 39
  size=35
  smb_com=0x71
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=24
  smb_flg2=18439
  smb_tid=1
  smb_pid=65279
  smb_uid=100
  smb_mid=48256
  smt_wct=0
  smb_bcc=0
  switch message SMBtdis (pid 30566)
  created /tmp/SMBtdis.13.req len 39
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
  change_to_root_user: now uid=(0,0) gid=(0,0)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
  change_to_root_user: now uid=(0,0) gid=(0,0)
  rsundaram (192.168.1.140) closed connection to service IPC$
  Yielding connection to IPC$
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
  change_to_root_user: now uid=(0,0) gid=(0,0)
  vfs_ChDir to /
  created /tmp/SMBtdis.13.resp len 39
  size=35
  smb_com=0x71
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=1
  smb_tid=1
  smb_pid=65279
  smb_uid=100
  smb_mid=48256
  smt_wct=0
  smb_bcc=0
  write_socket(12,39)
  write_socket(12,39) wrote 39
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
  change_to_root_user: now uid=(0,0) gid=(0,0)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
  change_to_root_user: now uid=(0,0) gid=(0,0)
  Closing idle connection
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
  change_to_root_user: now uid=(0,0) gid=(0,0)
  Closing connections
  tdb_unpack(fffdd, 37) -> 37
  smb_pam_start: PAM: Init user: sundaram
  smb_pam_start: PAM: setting rhost to: 192.168.1.140
  smb_pam_start: PAM: setting tty
  smb_pam_start: PAM: Init passed for user: sundaram
  smb_internal_pam_session: PAM: tty set to: smb/2
  smb_pam_end: PAM: PAM_END OK.
  Yielding connection to
  receive_local_message: doing select with timeout of 1 ms
  Server exit (normal exit)



More information about the samba mailing list