[Samba] 'passwd chat' for Debian Woody password sync

John H Terpstra jht at samba.org
Sat Oct 18 16:10:07 GMT 2003 

On Sat, 18 Oct 2003 inkwire at thegoldenear.org wrote:

> what is the 'passwd chat' line for Samba 2.2.3a-12.3 on Debian Woody that enables
> password synchronisation with Windows 2000 clients in a domain?
>
> I currently have this in smb.conf but it doesn't work:
>
> unix password sync = yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:*
> %n\n

When, as 'root' you run /bin/passwd, what is the prompt sequence on
Debian?

Does it do:

Enter new UNIX password:
Retype new UNIX password:

Because that is what your "passwd chat" sequence indicates.

My entry for this is:
passwd chat = *New*Password* %n\n *Re-enter*new*password* %n\n
*Password*changed*

And that is for SuSE Linux.

You should be able to run with the default setting for "passwd program"

I hope this helps.

- John T.

>
> I get the Windows message "username or old password is wrong...". the username is 'p',
> the old password is 'p' and the new password is 'ppppp'
>
> most examples on the web use this format. but Debian clearly asks first for the existing
> password, so it would appear most examples I can find are wrong. so I've tried using
> this:
>
> passwd chat =
> (current)\sUNIX\spassword:*%o\nEnter\snew\UNIX\spassword:*%n\nRetype\snew\UNIX\
> spassword:*%n\n
>
> most examples I see use the syntax '\n' but the samba.org documentation says to use
> '\\n'
>
> similarly I see '%u' used but the samba.org documentation says to use '%U'
>
> some examples puit a ' .' at the end of the passwd chat line, some don't
>
> the samba.org documentation on 'passwd chat' misses out so many words in its
> sentences that it is at times incomprehensible
>
> I see that I could use 'pam password change = yes' but I  can't get this to work either
>
> I tried setting SUID on /etc/samba/smbpasswd with chmod u+s /etc/samba/smbpasswd
> as I read that it neeeds to run as root but am confused now whether it was this file or
> another that was meant to be run SUID
>
> this is a log from when I turned on 'pam password change = yes':
>
> [2003/10/18 11:01:56, 1] lib/util_sock.c:get_socket_name(962)
>   Gethostbyaddr failed for 10.0.0.10
> [2003/10/18 11:01:56, 0] passdb/pampass.c:smb_pam_chauthtok(709)
>
> PAM: UNKNOWN PAM ERROR (19) for User: p
> [2003/10/18 11:01:56, 2] passdb/pampass.c:smb_pam_error_handler(71)
>   smb_pam_error_handler: PAM: Password Change Failed : Conversation error
> [2003/10/18 11:01:56, 0] passdb/pampass.c:smb_pam_passchange(865)
>   smb_pam_passchange: PAM: Password Change Failed for user p!
>
> this is a log WITHOUT 'pam password change = yes':
>
> [2003/10/18 11:08:40, 10] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1344)
>
> pdb_getsampwnam: search by name: p
> [2003/10/18 11:08:40, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(167)
>   startsmbfilepwent_internal: opening file /etc/samba/smbpasswd
> [2003/10/18 11:08:40, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(436)
>   getsmbfilepwent: returning passwd entry for user root, uid 0
> [2003/10/18 11:08:40, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(436)
>   getsmbfilepwent: returning passwd entry for user p, uid 1000
> [2003/10/18 11:08:40, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(256)
>   endsmbfilepwent_internal: closed password file.
> [2003/10/18 11:08:40, 10] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1386)
>   pdb_getsampwnam: found by name: p
> [2003/10/18 11:08:40, 4] lib/substitute.c:automount_server(160)
>   Home server: file-server
> [2003/10/18 11:08:40, 4] smbd/password.c:smb_password_ok(467)
>
> smb_password_ok: Checking SMB password for user p
> [2003/10/18 11:08:40, 5] smbd/password.c:smb_password_ok(481)
>   smb_password_ok: challenge received
> [2003/10/18 11:08:40, 4] smbd/password.c:smb_password_ok(491)
>
> smb_password_ok: Checking NT MD4 password
> [2003/10/18 11:08:40, 4] smbd/password.c:smb_password_ok(493)
>   smb_password_ok: NT MD4 password check succeeded
> [2003/10/18 11:08:40, 7] param/loadparm.c:lp_servicenumber(3520)
>   lp_servicenumber: couldn't find p
> [2003/10/18 11:08:40, 3] param/loadparm.c:lp_add_home(1912)
>   adding home directory p at /home/p
> [2003/10/18 11:08:40, 10] smbd/password.c:register_vuid(289)
>
> register_vuid: (1000,1000) p p [DOMAIN NAME REMOVED] guest=0
> [2003/10/18 11:08:40, 10] smbd/password.c:register_vuid(299)
>   register_vuid: allocated vuid = 100
> [2003/10/18 11:08:40, 3] smbd/sec_ctx.c:push_sec_ctx(282)
>   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2003/10/18 11:08:40, 3] smbd/uid.c:push_conn_ctx(285)
>
> push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2003/10/18 11:08:40, 3] smbd/sec_ctx.c:set_sec_ctx(314)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2003/10/18 11:08:40, 3] smbd/sec_ctx.c:get_current_groups(162)
>
> get_current_groups: user is in 2 groups: 1000, 108
> [2003/10/18 11:08:40, 3] smbd/sec_ctx.c:pop_sec_ctx(421)
>   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2003/10/18 11:08:40, 3] smbd/sec_ctx.c:get_current_groups(162)
>
> get_current_groups: user is in 2 groups: 1000, 108
> [2003/10/18 11:08:40, 10] smbd/uid.c:uid_to_sid(569)
>   uid_to_sid: local 1000 -> S-1-5-21-2542762088-
> 1498583555-2696612650-3000
> [2003/10/18 11:08:40, 10] smbd/uid.c:gid_to_sid(597)
>   gid_to_sid: local 1000 -> S-1-5-21-2542762088-
> 1498583555-2696612650-3001
> [2003/10/18 11:08:40, 10] smbd/uid.c:gid_to_sid(597)
>   gid_to_sid: local 108 -> S-1-5-21-2542762088-
> 1498583555-2696612650-1217
> [2003/10/18 11:08:40, 5] smbd/password.c:create_nt_token(255)
>   user token sid S-1-5-21-2542762088-
> 1498583555-2696612650-3000
> [2003/10/18 11:08:40, 5] smbd/password.c:create_nt_token(255)
>   user token sid S-1-5-21-2542762088-
> 1498583555-2696612650-3001
> [2003/10/18 11:08:40, 5] smbd/password.c:create_nt_token(255)
>   user token sid S-1-5-21-2542762088-
> 1498583555-2696612650-1217
> [2003/10/18 11:08:40, 5] smbd/password.c:create_nt_token(255)
>   user token sid S-1-1-0
> [2003/10/18 11:08:40, 5] smbd/password.c:create_nt_token(255)
>   user token sid S-1-5-2
> [2003/10/18 11:08:40, 5] smbd/password.c:create_nt_token(255)
>   user token sid S-1-5-11
> [2003/10/18 11:08:40, 3] smbd/password.c:register_vuid(328)
>   uid 1000 registered to name p
> [2003/10/18 11:08:40, 3] smbd/password.c:register_vuid(330)
>
> Clearing default real name
> [2003/10/18 11:08:40, 3] smbd/password.c:register_vuid(332)
>   User name: p	Real name: ,,,
> [2003/10/18 11:08:40, 18] tdb/tdbutil.c:tdb_pack(354)
>   tdb_pack(fffdd, 1024) -> 26
> [2003/10/18 11:08:40, 6] smbd/reply.c:reply_sesssetup_and_X(1080)
>   Client requested max send size of 65535
> [2003/10/18 11:08:40, 3] smbd/process.c:chain_reply(1005)
>   Chained message
>
> any help would be appreciated, thanks
> pete
>
>

-- 
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list