[Samba] 'passwd chat' for Debian Woody password sync

Sat Oct 18 15:50:04 GMT 2003

what is the 'passwd chat' line for Samba 2.2.3a-12.3 on Debian Woody that enables 
password synchronisation with Windows 2000 clients in a domain?

I currently have this in smb.conf but it doesn't work:

unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* 
%n\n

I get the Windows message "username or old password is wrong...". the username is 'p', 
the old password is 'p' and the new password is 'ppppp'

most examples on the web use this format. but Debian clearly asks first for the existing 
password, so it would appear most examples I can find are wrong. so I've tried using 
this:

passwd chat = 
(current)\sUNIX\spassword:*%o\nEnter\snew\UNIX\spassword:*%n\nRetype\snew\UNIX\
spassword:*%n\n

most examples I see use the syntax '\n' but the samba.org documentation says to use 
'\\n'

similarly I see '%u' used but the samba.org documentation says to use '%U'

some examples puit a ' .' at the end of the passwd chat line, some don't

the samba.org documentation on 'passwd chat' misses out so many words in its 
sentences that it is at times incomprehensible

I see that I could use 'pam password change = yes' but I  can't get this to work either

I tried setting SUID on /etc/samba/smbpasswd with chmod u+s /etc/samba/smbpasswd 
as I read that it neeeds to run as root but am confused now whether it was this file or 
another that was meant to be run SUID

this is a log from when I turned on 'pam password change = yes':

[2003/10/18 11:01:56, 1] lib/util_sock.c:get_socket_name(962)
  Gethostbyaddr failed for 10.0.0.10
[2003/10/18 11:01:56, 0] passdb/pampass.c:smb_pam_chauthtok(709)

PAM: UNKNOWN PAM ERROR (19) for User: p
[2003/10/18 11:01:56, 2] passdb/pampass.c:smb_pam_error_handler(71)
  smb_pam_error_handler: PAM: Password Change Failed : Conversation error
[2003/10/18 11:01:56, 0] passdb/pampass.c:smb_pam_passchange(865)
  smb_pam_passchange: PAM: Password Change Failed for user p!

this is a log WITHOUT 'pam password change = yes':

[2003/10/18 11:08:40, 10] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1344)

pdb_getsampwnam: search by name: p
[2003/10/18 11:08:40, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(167)
  startsmbfilepwent_internal: opening file /etc/samba/smbpasswd
[2003/10/18 11:08:40, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(436)
  getsmbfilepwent: returning passwd entry for user root, uid 0
[2003/10/18 11:08:40, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(436)
  getsmbfilepwent: returning passwd entry for user p, uid 1000
[2003/10/18 11:08:40, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(256)
  endsmbfilepwent_internal: closed password file.
[2003/10/18 11:08:40, 10] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1386)
  pdb_getsampwnam: found by name: p
[2003/10/18 11:08:40, 4] lib/substitute.c:automount_server(160)
  Home server: file-server
[2003/10/18 11:08:40, 4] smbd/password.c:smb_password_ok(467)

smb_password_ok: Checking SMB password for user p
[2003/10/18 11:08:40, 5] smbd/password.c:smb_password_ok(481)
  smb_password_ok: challenge received
[2003/10/18 11:08:40, 4] smbd/password.c:smb_password_ok(491)

smb_password_ok: Checking NT MD4 password
[2003/10/18 11:08:40, 4] smbd/password.c:smb_password_ok(493)
  smb_password_ok: NT MD4 password check succeeded
[2003/10/18 11:08:40, 7] param/loadparm.c:lp_servicenumber(3520)
  lp_servicenumber: couldn't find p
[2003/10/18 11:08:40, 3] param/loadparm.c:lp_add_home(1912)
  adding home directory p at /home/p
[2003/10/18 11:08:40, 10] smbd/password.c:register_vuid(289)

register_vuid: (1000,1000) p p [DOMAIN NAME REMOVED] guest=0
[2003/10/18 11:08:40, 10] smbd/password.c:register_vuid(299)
  register_vuid: allocated vuid = 100
[2003/10/18 11:08:40, 3] smbd/sec_ctx.c:push_sec_ctx(282)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2003/10/18 11:08:40, 3] smbd/uid.c:push_conn_ctx(285)

push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2003/10/18 11:08:40, 3] smbd/sec_ctx.c:set_sec_ctx(314)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2003/10/18 11:08:40, 3] smbd/sec_ctx.c:get_current_groups(162)

get_current_groups: user is in 2 groups: 1000, 108
[2003/10/18 11:08:40, 3] smbd/sec_ctx.c:pop_sec_ctx(421)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2003/10/18 11:08:40, 3] smbd/sec_ctx.c:get_current_groups(162)

get_current_groups: user is in 2 groups: 1000, 108
[2003/10/18 11:08:40, 10] smbd/uid.c:uid_to_sid(569)
  uid_to_sid: local 1000 -> S-1-5-21-2542762088-
1498583555-2696612650-3000
[2003/10/18 11:08:40, 10] smbd/uid.c:gid_to_sid(597)
  gid_to_sid: local 1000 -> S-1-5-21-2542762088-
1498583555-2696612650-3001
[2003/10/18 11:08:40, 10] smbd/uid.c:gid_to_sid(597)
  gid_to_sid: local 108 -> S-1-5-21-2542762088-
1498583555-2696612650-1217
[2003/10/18 11:08:40, 5] smbd/password.c:create_nt_token(255)
  user token sid S-1-5-21-2542762088-
1498583555-2696612650-3000
[2003/10/18 11:08:40, 5] smbd/password.c:create_nt_token(255)
  user token sid S-1-5-21-2542762088-
1498583555-2696612650-3001
[2003/10/18 11:08:40, 5] smbd/password.c:create_nt_token(255)
  user token sid S-1-5-21-2542762088-
1498583555-2696612650-1217
[2003/10/18 11:08:40, 5] smbd/password.c:create_nt_token(255)
  user token sid S-1-1-0
[2003/10/18 11:08:40, 5] smbd/password.c:create_nt_token(255)
  user token sid S-1-5-2
[2003/10/18 11:08:40, 5] smbd/password.c:create_nt_token(255)
  user token sid S-1-5-11
[2003/10/18 11:08:40, 3] smbd/password.c:register_vuid(328)
  uid 1000 registered to name p
[2003/10/18 11:08:40, 3] smbd/password.c:register_vuid(330)

Clearing default real name
[2003/10/18 11:08:40, 3] smbd/password.c:register_vuid(332)
  User name: p	Real name: ,,,
[2003/10/18 11:08:40, 18] tdb/tdbutil.c:tdb_pack(354)
  tdb_pack(fffdd, 1024) -> 26
[2003/10/18 11:08:40, 6] smbd/reply.c:reply_sesssetup_and_X(1080)
  Client requested max send size of 65535
[2003/10/18 11:08:40, 3] smbd/process.c:chain_reply(1005)
  Chained message

any help would be appreciated, thanks
pete