[Samba] Password change from WinXP (PAM Error)

Clint Sharp clint at typhoon.org
Mon Mar 22 01:41:49 GMT 2004 

On Sun, 21 Mar 2004, Markus wrote:

> Hi,
> When I try to change my Password with XP's Password-Change-Box, I get
> the following error in log.smbd:
> [2004/03/21 11:16:06, 0] passdb/pampass.c:smb_pam_chauthtok(709)
>    PAM: UNKNOWN PAM ERROR (19) for User: testuser
> [2004/03/21 11:16:06, 0] passdb/pampass.c:smb_pam_passchange(865)
>    smb_pam_passchange: PAM: Password Change Failed for user testuser!
> 
>  From my smb.conf:
>          # PDC
>          os level = 65
>          domain master = yes
>          local master = yes
>          preferred master = yes
> 
>          # Security
>          security = user
>          hosts allow = 192.168.1.
>          encrypt passwords = yes
>          domain logons = yes
> 
>          # Roaming profiles/HomeDirs
>          logon path = \\%L\%U\profiles
>          logon home = \\%L\%U\profiles
>          # logon drive = Y:
> 
>          # Password change
>          obey pam restrictions = no
>          pam password change = yes
>          passwd program = /usr/bin/passwd %u
>          passwd chat = Newpassword* %n Re-enternewpassword %n
> *passwd:allauthenticationtokensupdatedsuccessfully
>          update encrypted = Yes
>          passwd chat debug = yes
>          # Additional
>          unix password sync = yes
>          admin users = markus
>          domain admin group = @smbadm
>          domain logons = yes
>          wins support = yes
>          add user script = /usr/sbin/useradd -g machines -c sambaclient
> -d /dev/null -s /bin/false %m$
>          nt acl support = no
>          logon script = login.cmd
> 
> Can someone help me please.
> 
> Thx
>       Markus
> 
> 
> 

What OS is this?  You password chat has no wildchards between the words.  
I'd double check the output from /usr/bin/passwd and make sure your 
password chat matches as closely as possible.  Also, you could set your 
password chat debug = yes and set your log level up to like 100 to see 
the output of the passwd change dialog.  Secondly, I would take out pam 
password change (this has never worked properly for me). Unix password 
sync (and the deritative passwd program and passwd chat) and pam 
password change are mutually exclusive if I remember right.

Clint

More information about the samba mailing list