[Samba] Re: probleb with 'passwd chat' and 'passwd program'

M. Vancl mvancl at setuza.cz
Thu Apr 22 17:12:42 GMT 2004


"Loc Nguyen" <nguyenbloc at tuluc.com> wrote in his reply to Jérôme Tournier:

> when unix password sync = yes is used, SAMBA tries to
> update password in /etc/passwd which I believe you don't have the entry
> in it; this option is helpful when you use flat file sambapasswd

I'm solving the same problem as described in original question now.
After some testings It seems to be much more complicated:

When I set "unix password sync = no", Samba will cease to call "passwd
program" and will change sambaLMPassword and SambaNTPassword attributes in
sam database directly by ldap (I put tracing output into the scripts too)
and therefore no problem with external passwd program occurs. It is not true
that Samba tries update password in /etc/passwd - unix password can be
stored (and it is useful) in ldap database beside Samba/NT passwords and
usualy it is need to keep these passwords in sync.

Problem with uncompleted external smbldap-passwd (IDEALX) script is in this
script or in its interaction with Samba.
Perl script is using system('stty -echo') to change terminal settings before
and system('stty echo') after "typing" password. It can be used because
communication between smbd and Perl script is done by pseudo tty and it is
used because script can be called from command line. By simple look to "ps
axf" when waiting for password change I saw that script hangs execution (*)
during second "stty echo" (i.e. after retyping new password) and it seems to
be killed by smbd after 20 sec. Thus execution is not completed and then
Unix password is not set. Second implication of this is annoying long time
for completion of password change in Windows (20 sec.).
I had tried to replace system('stty...') in script by calling
IO::Stty::stty(). It works equally as original IDEALX script when called
from commandline but there is another problem when called from Samba.
Exactly - my modified script do its work immediately and change all three
passwords but Windows user is informed about wrongly typed password and in
the samba log (debuglevel = 100 !) occurs only (!) such messages:

[2004/04/22 16:49:49, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1417)
  ldapsam_update_sam_account: failed to modify user with uid = p01861,
error: modify/delete: sambaLMPassword: no such value (Success)
[2004/04/22 16:49:49, 0] smbd/chgpasswd.c:check_oem_password(832)
  check_oem_password: incorrect password length (-1895505390).

I don't know what it mean.

Does anybody have some explain of hanging stty command in script ? Does
anybody offer right solution ?

M. Vancl

*) I'm not sure why, maybe master tty is prematurely closed by smbd after
typing out the password and before script is finished.

More information about the samba mailing list