[Samba] pam_winbind troubles
gat1182 at free.fr
gat1182 at free.fr
Mon Jan 3 14:03:29 GMT 2005
Hi and happy New Year.
I test the integration of samba 3.0.10 on a fedora core 3 box in a Microsoft
Active Directory (Windows 2003) environment.
I already configure samba for the integration in the AD domain and it works fine
but I have a problem with the pam_winbind.
I can authenticate my AD domain users on the fedora box but I cant change their
password with the passwd command.
For example, I can log with the "VDP\kalaghan" domain user but when I try to
change his password with the passwd command, Ive got the next error messages
Jan 3 14:55:01 fedogat pam_winbind: user 'VDP\kalaghan' granted access
Jan 3 14:55:20 fedogat pam_winbind: request failed:
NT_STATUS_PASSWORD_RESTRICTION, PAM error was 4, NT error was
Jan 3 14:55:20 fedogat pam_winbind: internal module error (retval = 4,
user = `VDP\kalaghan'
The password Im using is more than eight characters and Ive disabled the GPO
in AD which concerns the complexity of password.
My /etc/pam.d/system-auth file:
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_winbind.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so
account sufficient /lib/security/$ISA/pam_winbind.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account required /lib/security/$ISA/pam_permit.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5
password sufficient /lib/security/$ISA/pam_winbind.so
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
If someone have an idea
More information about the samba