[Samba] Re: LDAP Ctrl-Alt-Del Password Change
rossp at ppc.ucsc.edu
rossp at ppc.ucsc.edu
Fri Mar 7 16:21:43 GMT 2003
No one has anything to say about this? Did I not give enough info?
Has anyone gotten Ctrl-Alt-Del password change working with LDAP? If
so can I please see your smb.conf and pam.d files? Thanks so much for
any help. We've been running samba here for a few years and love it,
just in case it makes a difference.
Ross Patterson
Programmer/Analyst
831-459-2792
rossp at ucsc.edu
1156 High St, Barn G, PP&C
Santa Cruz, CA 95064
On Tue, 4 Mar 2003, rossp at ppc.ucsc.edu wrote:
> One fixed problem, one new problem.
>
> Okay, I fixed the pam_smbpass problem by upgrading to 2.2.7a. So for
> anyone out there, pam_smbpass won't work with ldap (./configure
> --with-ldapsam) on 2.2.3a and will work with 2.2.7a.
>
> Now, onto the next problem, changing passwords by Ctrl-Alt-Del from a
> Windows XP Pro machine.
>
> Logging onto the samba server from a WinXP machine works just fine.
>
> If I try to Ctrl-Alt-Del Change Password... from a WinXP machine where
> the username or password of the currently logged in (WinXP) user is
> different from the username or password being used on the samba
> server, then the password change fails with "1727: the remote
> procedure call failed and did not execute".
>
> If I try it when the username and password of the currently logged in
> user is the same as the current username and password being used on
> the samba server, then the password change succeeds.
>
> From an strace, I verififed what I suspected which is that its only
> when samba falls back on the lanman password that authentication
> succeeds and the password change can go forward, which, of course,
> explains this behavior.
>
> I suppose it could be that pam is misconfigured on some auth component
> somewhere. But the odd thing is that an strace of the samba daemons
> while simply connecting to a share shows pam.d files being consulted,
> while an strace of the daemons during a failed Ctrl-Alt-Del Change
> Password... session shows no pam.d files consulted.
>
> Can anyone help here? Can anyone at least verify that they were able
> to do Ctrl-Alt-Del Change Password... against a samba/LDAP server?
>
> Thanks.
>
> Ross Patterson
> Programmer/Analyst
> 831-459-2792
> rossp at ucsc.edu
> 1156 High St, Barn G, PP&C
> Santa Cruz, CA 95064
>
> On Wed, 19 Feb 2003, rossp at ppc.ucsc.edu wrote:
>
> > On a Debian 3.0 system with user accounts stored in openldap, I have
> > unix and windows auth working just fine through ldap. smbpasswd can
> > change the samba passwd attributes, and passwd can change the unix
> > password attributes.
> >
> > I'm trying to get pam_smbpass to work to keep everything in sync, but
> > it only says "Failed to find entry for user test0." which indicates to
> > me that its looking in the smbpasswd file which has, of course,
> > nothing. "ldd /lib/security/pam_smbpass.so" gives libpam and libldap
> > among other things.
> >
> > Can someone tell me if pam_smbpass is using the SAM DB API? If
> > pam_smbpass is hardwired for the smbpasswd file, that would explain my
> > troubles.
> >
> > If it is using the SAM DB API, can anyone give me any direction?
> >
> > Ross Patterson
> > Programmer/Analyst
> > 831-459-2792
> > rossp at ucsc.edu
> > 1156 High St, Barn G, PP&C
> > Santa Cruz, CA 95064
> >
> >
>
>
More information about the samba
mailing list