[Samba] changing password only works the second time?
Gianluca Cecchi
gianluca.cecchi at gmail.com
Tue Dec 12 11:13:38 GMT 2006
Env. is samba-3.0.9-1.3E.10 on CentOS 3.7 as PDC with WXP SP2 clients.
Situation:
1) a user receives notification at logon that the password is expiring
and that only few days remain to change it
2) he/she answers yes and puts old and new passwords and press ok
3) the system sends the error message:
authorization to change the password is missing
(real message is in italian: "Manca l'autorizzazione per cambiare la password)
4) user presses ok in this window and receives the change password window again
5) he/she retypes old and new passwords and press ok
6) now the system changes the password!
it is the same if the user has local admin privileges or not.
relevant directives in smb.conf are:
passdb backend = tdbsam
unix password sync = yes
passwd program = /usr/local/bin/align_pwd.sh %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*auth
entication*tokens*updated*successfully*
There is a custom script align_pwd.sh that makes some things when
changing password.
The script is this:
#!/bin/bash
USER=$1
LOGFILE=/tmp/${USER}_pwdchange.log
SYSMAIL="our_mail at our_mail_domain"
export USER LOGFILE SYSMAIL
echo "New password"
read newpwd1
echo "Retype new password"
read newpwd2
if [ "$newpwd1" != "$newpwd2" ]
then
echo "Sorry, passwords do not match" > $LOGFILE
exit 1
fi
NEWPWD=$newpwd1
export USER NEWPWD
echo "updating pdc..." > $LOGFILE 2>&1
echo "$NEWPWD" | passwd --stdin $USER >> $LOGFILE 2>&1
if [ $? -eq 0 ]
then
echo "updating server2..." >> $LOGFILE 2>&1
echo "$NEWPWD" | ssh server2 "passwd --stdin $USER" >> $LOGFILE 2>&1
FULLNAME=$(pdbedit -Lv $USER | grep "^Full Name" | awk '{print $3" "$4}'
| sed "s/'/\\\'/") >> $LOGFILE 2>&1
echo "updating AD server..." >> $LOGFILE 2>&1
ssh adsrv "/usr/local/bin/set_adpwd.sh $FULLNAME $NEWPWD" >>
$LOGFILE 2>&1
else
echo "an error occured in ssh ad script!" >> $LOGFILE 2>&1
exit 1
fi
echo "passwd: all authentication tokens updated successfully"
cat $LOGFILE | mail -s "$USER changed password" $SYSMAIL
In /var/log/messages I can only see
Dec 12 08:43:15 pevpdc smbd[25891]: [2006/12/12 08:43:15, 0]
lib/util_sock.c:get_peer_addr(1000)
Dec 12 08:43:15 pevpdc smbd[25891]: getpeername failed. Error was
Transport endpoint is not connected
Dec 12 08:43:15 pevpdc smbd[25891]: [2006/12/12 08:43:15, 0]
lib/util_sock.c:get_peer_addr(1000)
Dec 12 08:43:15 pevpdc smbd[25891]: getpeername failed. Error was
Transport endpoint is not connected
Dec 12 08:43:15 pevpdc smbd[25891]: [2006/12/12 08:43:15, 0]
lib/util_sock.c:write_socket_data(430)
Dec 12 08:43:15 pevpdc smbd[25891]: write_socket_data: write
failure. Error = Connessione abbattuta dal corrispondente
Dec 12 08:43:15 pevpdc smbd[25891]: [2006/12/12 08:43:15, 0]
lib/util_sock.c:write_socket(455)
Dec 12 08:43:15 pevpdc smbd[25891]: write_socket: Error writing 4
bytes to socket 22: ERRNO = Connessione abbattuta dal corrispondente
Dec 12 08:43:15 pevpdc smbd[25891]: [2006/12/12 08:43:15, 0]
lib/util_sock.c:send_smb(647)
Dec 12 08:43:15 pevpdc smbd[25891]: Error writing 4 bytes to client.
-1. (Connessione abbattuta dal corrispondente)
Dec 12 08:43:15 pevpdc passwd(pam_unix)[25904]: password changed for user_name
Dec 12 08:43:18 pevpdc passwd(pam_unix)[25915]: password changed for user_name
Any hints to debug?
Thanks in advance,
Gianluca
More information about the samba
mailing list