[Samba] samba 2.2.8a PDC LDAP CTRL+ALT+DEL password change, not chaning Unix password

Gémes Géza geza at kzsdabas.sulinet.hu
Wed Jan 14 21:28:02 GMT 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

With

unix password sync = No
ldap password sync = No

you wont get any passwd syncronisation. If you use the later you
wouldn't need any other passwd related parameters, since it uses the
LDAP EXOP operation supported on OpenLDAP 2.0.x-2.2.x I think.

Regards,

Geza

| I am running samba 2.2.8a with ldap PDC. From windows machine If I change
| password by process CTL+ALT+DEL key its changing only windows password.
|
| from command line  smbldap-passwd.pl  script changing the both UNIX and
| samba password.
|
| any idea why its not changing UNIX password?
|
| Thanks
| SR
|
| Here my smb.conf file
|
| encrypt passwords = Yes
|  min passwd length = 5
|  null passwords = No
|  password server =
|  smb passwd file = /etc/samba/smbpasswd
|  pam password change = Yes
|  passwd program = /usr/local/sbin/smbldap-passwd.pl %u
|  passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password*
| %n\n*passwd:*all*authentication*tokens*updated*successfully*
|  passwd chat debug = Yes
|  password level = 0
|  unix password sync = No
|  machine password timeout = 604800
|
| my smbldap-passwd.pl  file
| ===================
| use FindBin;
| use FindBin qw($RealBin);
| use lib "$RealBin/";
|
| use smbldap_tools;
| use smbldap_conf;
|
| my $user;
| my $oldpass;
| my $ret;
|
| my $arg;
|
| foreach $arg (@ARGV) {
|  if ($< != 0) {
|   die "Only root can specify parameters\n";
|  } else {
|   if ( ($arg eq '-?') || ($arg eq '--help') ) {
|    print "Usage: $0 [username]\n";
|    print "  -?, --help   show this help message\n";
|    exit (6);
|   } elsif (substr($arg,0) ne '-')  {
|    $user = $arg;
|   }
|   $oldpass = 1;
|  }
| }
|
| if (!defined($user)) {
|  $user=$ENV{"USER"};
| }
|
| # test existence of user in LDAP
| my $dn_line;
| if (!defined($dn_line = get_user_dn($user))) {
|     print "$0: user $user doesn't exist\n";
|     exit (10);
| }
|
| my $dn = get_dn_from_line($dn_line);
|
| my $samba = is_samba_user($user);
|
| print "Changing password for $user\n";
|
| # non-root user
| if (!defined($oldpass)) {
|     # prompt for current password
|  system "stty -echo";
|  print "(current) UNIX password: ";
|  chomp($oldpass=<STDIN>);
|  print "\n";
|  system "stty echo";
|
|  if (!is_user_valid($user, $dn, $oldpass)) {
|      print "Authentication failure\n";
|      exit (10);
|  }
| }
|
| # prompt for new password
|
| my $pass;
| my $pass2;
|
| system "stty -echo";
| print "New password : ";
| chomp($pass=<STDIN>);
| print "\n";
| system "stty echo";
|
| system "stty -echo";
| print "Retype new password : ";
| chomp($pass2=<STDIN>);
| print "\n";
| system "stty echo";
|
| if ($pass ne $pass2) {
|     print "New passwords don't match!\n";
|     exit (10);
| }
|
| # only modify smb passwords if smb user
| if ($samba == 1) {
|     if (!$with_smbpasswd) {
| # generate LanManager and NT clear text passwords
|  if ($mk_ntpasswd eq '') {
|      print "Either set \$with_smbpasswd = 1 or specify \$mk_ntpasswd\n";
|      exit(1);
|  }
|  my $ntpwd = `$mk_ntpasswd '$pass'`;
|         chomp(my $lmpassword = substr($ntpwd, 0, index($ntpwd, ':')));
|         chomp(my $ntpassword = substr($ntpwd, index($ntpwd, ':')+1));
|
| # change nt/lm passwords
|  my $tmpldif =
| "$dn_line
| changetype: modify
| replace: lmpassword
| lmpassword: $lmpassword
| -
| changetype: modify
| replace: ntpassword
| ntpassword: $ntpassword
| -
|
| ";
|  die "$0: error while modifying password for $user\n"
|      unless (do_ldapmodify($tmpldif) == 0);
|  undef $tmpldif;
|     }
|     else {
|  if ($< != 0) {
|      my $FILE="|$smbpasswd -s >/dev/null";
|      open (FILE, $FILE) || die "$!\n";
|      print FILE <<EOF;
| '$oldpass'
| '$pass'
| '$pass'
| EOF
|     ;
|      close FILE;
|  } else {
|      my $FILE="|$smbpasswd $user -s >/dev/null";
|      open (FILE, $FILE) || die "$!\n";
|      print FILE <<EOF;
| '$pass'
| '$pass'
| EOF
|     ;
|      close FILE;
|  }
|     }
| }
| # change unix password
| $ret = system "$ldappasswd $dn -s '$pass' > /dev/null";
| if ($ret == 0) {
|     print "all authentication tokens updated successfully\n";
| } else {
|     return $ret;
| }
|
| exit 0;
|

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFABbRi/PxuIn+i1pIRAgvMAKCj8zTdIOScHjyU73Hva74F/038sACdE3sV
lVEKI7LhGuejdmLlCNdABRw=
=F7eU
-----END PGP SIGNATURE-----

More information about the samba mailing list