[Samba] tdbsam +Windows 2k/XP Change Password
net-warrior at softhome.net
net-warrior at softhome.net
Mon Aug 28 14:59:07 GMT 2006
Hi there guys.
I've been able to set up a samba domain as a PDC using tdbsam
profiles seems to work fine, users can login to the domain and so on.
The problem that I found is that I do not know how to set it up
to allow users to change their password from the Windows Boxes.
The get, you have not permission to change you password.
Allow me to post my configurtation and some loggin..
With pam password change = yes
check_ntlm_password: authentication for user [decoder] -> [decoder] ->
[decoder] succeeded
[2006/08/21 19:48:09, 0] lib/username.c:map_username(128)
can't open username map /etc/samba/smbusers. Error No such file or
directory
[2006/08/21 19:48:09, 0] auth/pampass.c:smb_pam_chauthtok(692)
PAM: UNKNOWN PAM ERROR (19) for User: decoder
[2006/08/21 19:48:09, 2] auth/pampass.c:smb_pam_error_handler(73)
smb_pam_error_handler: PAM: Password Change Failed : Conversation error
[2006/08/21 19:48:09, 0] auth/pampass.c:smb_pam_passchange(848)
smb_pam_passchange: PAM: Password Change Failed for user decoder!
[2006/08/21 19:48:09, 0] lib/username.c:map_username(128)
can't open username map /etc/samba/smbusers. Error No such file or
directory
[2006/08/21 19:48:09, 0] auth/pampass.c:smb_pam_chauthtok(692)
PAM: UNKNOWN PAM ERROR (19) for User: decoder
[2006/08/21 19:48:09, 2] auth/pampass.c:smb_pam_error_handler(73)
smb_pam_error_handler: PAM: Password Change Failed : Conversation error
[2006/08/21 19:48:09, 0] auth/pampass.c:smb_pam_passchange(848)
smb_pam_passchange: PAM: Password Change Failed for user decoder!
[2006/08/21 19:48:09, 0] lib/username.c:map_username(128)
can't open username map /etc/samba/smbusers. Error No such file or
directory
[2006/08/21 19:48:09, 0] auth/pampass.c:smb_pam_chauthtok(692)
PAM: UNKNOWN PAM ERROR (19) for User: decoder
[2006/08/21 19:48:09, 2] auth/pampass.c:smb_pam_error_handler(73)
smb_pam_error_handler: PAM: Password Change Failed : Conversation error
[2006/08/21 19:48:09, 0] auth/pampass.c:smb_pam_passchange(848)
smb_pam_passchange: PAM: Password Change Failed for user decoder!
[2006/08/21 19:48:09, 0] lib/username.c:map_username(128)
can't open username map /etc/samba/smbusers. Error No such file or
directory
[2006/08/21 19:48:09, 0] auth/pampass.c:smb_pam_chauthtok(692)
PAM: UNKNOWN PAM ERROR (19) for User: decoder
[2006/08/21 19:48:09, 2] auth/pampass.c:smb_pam_error_handler(73)
smb_pam_error_handler: PAM: Password Change Failed : Conversation error
[2006/08/21 19:48:09, 0] auth/pampass.c:smb_pam_passchange(848)
smb_pam_passchange: PAM: Password Change Failed for user decoder!
[2006/08/21 19:49:10, 0] printing/print_cups.c:cups_cache_reload(85)
Without pam password change = yes
check_ntlm_password: authentication for user [decoder] -> [decoder] ->
[decoder] succeeded
[2006/08/21 19:50:19, 0] lib/username.c:map_username(128)
can't open username map /etc/samba/smbusers. Error No such file or
directory
[2006/08/21 19:50:21, 2] smbd/chgpasswd.c:expect(281)
expect: Success
[2006/08/21 19:50:21, 0] lib/username.c:map_username(128)
can't open username map /etc/samba/smbusers. Error No such file or
directory
[2006/08/21 19:50:24, 2] smbd/chgpasswd.c:expect(281)
expect: Success
[2006/08/21 19:50:24, 0] lib/username.c:map_username(128)
can't open username map /etc/samba/smbusers. Error No such file or
directory
[2006/08/21 19:50:26, 2] smbd/chgpasswd.c:expect(281)
expect: Success
[2006/08/21 19:50:26, 0] lib/username.c:map_username(128)
can't open username map /etc/samba/smbusers. Error No such file or
directory
[2006/08/21 19:50:28, 2] smbd/chgpasswd.c:expect(281)
expect: Success
under /etc/pam.d/ the file samba contains:
@include common-auth
@include common-account
@include common-session
common-auth
auth required pam_unix.so nullok_secure
common-session
session required pam_unix.so
common-account
account required pam_unix.so
[global]
# Nombre del servidor.
workgroup = NETWARRIOR
# Nombre de la maquina.
netbios name = SUSE10-SLESX64
server string = MIEM PDC Server
smb ports = 139
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
printer admin = @ntadmin, root, administrator
username map = /etc/samba/smbusers
map to guest = Never
logon path = \\%L\profiles\%U
logon home = \\%L\%U
logon drive = P:
logon script = netlogon\logon.bat
interfaces = eth0, lo
# Si tiene mas de una interfase y una esta conectada a internet
# le decimos que escuche y acepte peticiones solo en esta interfases.
bind interfaces only = Yes
passdb backend = tdbsam
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Ingrese*Nueva*Clave* %n\n
*Re-Ingrese*Nueva*Clave*%n\n*Clave*Modificada*
;username map = /etc/samba/smbusers
unix password sync = Yes
log file = /var/log/samba/%m
log level = 2
syslog = 0
time server = Yes
domain logons = Yes
preferred master = Yes
;wins support = yes
# Que no se logue root usamos admin users ;)
invalid users = root
admin users = decoder
;utmp = Yes
map acl inherit = Yes
;veto files = /*.eml/*.nws/*.{*}/
add user script = /usr/sbin/useradd -m '%u'
delete user script = /usr/sbin/userdel -r '%u'
add group script = /usr/sbin/groupadd '%g'
delete group script = /usr/sbin/groupdel '%g'
add user to group script = /usr/sbin/usermod -G '%g' '%u'
add machine script = /usr/sbin/useradd -s /bin/false -d /tmp '%u'
shutdown script = /var/lib/samba/scripts/shutdown.sh
abort shutdown script = /sbin/shutdown -c
[homes]
comment = Home Directories
valid users = @smbusers
browseable = no
read only = No
inherit permissions = Yes
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = Yes
locking = No
[profiles]
comment = Network Profiles Service
path = %H
;path = /home/samba/profiles
browsable = No
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
valid users = @smbusers
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin root
force group = ntadmin
create mask = 0664
directory mask = 0775
browsable = No
Version:
Samba 3.0.14a-Debian
pdbedit -Lv for user decoder
Unix username: decoder
NT username:
Account Flags: [U ]
User SID: S-1-5-21-2124705929-3829328788-1896619671-3000
Primary Group SID: S-1-5-21-2124705929-3829328788-1896619671-3001
Full Name: decoder,,,
Home Directory: \\suse10-slesx64\decoder
HomeDir Drive: P:
Logon Script: netlogon\logon.bat
Profile Path: \\suse10-slesx64\profiles\decoder
Domain: DEBIAN
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Tue, 19 Jan 2038 00:14:07 GMT
Kickoff time: Tue, 19 Jan 2038 00:14:07 GMT
Password last set: Mon, 21 Aug 2006 19:19:21 GMT
Password can change: Mon, 21 Aug 2006 19:19:21 GMT
Password must change: Tue, 19 Jan 2038 00:14:07 GMT
Last bad password : 0
Bad password count : 0
debian:/etc/samba# net groupmap list |sort
Account Operators (S-1-5-32-548) -> -1
Administrators (S-1-5-32-544) -> -1
Backup Operators (S-1-5-32-551) -> -1
Domain Admins (S-1-5-21-1640604796-2699206214-1263102184-512) -> -1
Domain Admins (S-1-5-21-2124705929-3829328788-1896619671-1001) -> root
Domain Admins (S-1-5-21-2124705929-3829328788-1896619671-512) -> -1
Domain Guests (S-1-5-21-1640604796-2699206214-1263102184-514) -> -1
Domain Guests (S-1-5-21-2124705929-3829328788-1896619671-3007) -> nobody
Domain Guests (S-1-5-21-2124705929-3829328788-1896619671-514) -> -1
Domain Users (S-1-5-21-1640604796-2699206214-1263102184-513) -> -1
Domain Users (S-1-5-21-2124705929-3829328788-1896619671-1201) -> users
Domain Users (S-1-5-21-2124705929-3829328788-1896619671-3003) -> smbusers
Domain Users (S-1-5-21-2124705929-3829328788-1896619671-513) -> -1
Guests (S-1-5-32-546) -> -1
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Replicators (S-1-5-32-552) -> -1
System Operators (S-1-5-32-549) -> -1
Users (S-1-5-32-545) -> -1
Thanks in advance.. and sorry for my very basica question.
More information about the samba
mailing list