[Samba] change passwd from windows--more grief
Felipe Augusto van de Wiel
felipe at paranacidade.org.br
Thu Oct 5 13:57:40 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
On 10/02/2006 07:50 PM, Steve Glasser escreveu:
> Hi group,
> I can't seem to get passwd change from windows to work. I am running
> samba 3.0.20-3.1.20060mdk installed from rpms on Mandriva 2006; the
> clients are windows XP sp2. When I try to change passwd from windows I
> get "You do not have permission to change your password".
> What am I doing wrong?
I saw that you are using "pam password change", are
you aware of how it works?
> My global smb.conf is below.
>>From log.smbd I think this error pertains to the windows error:
> [2006/10/02 15:25:00, 3] smbd/chgpasswd.c:chgpasswd(457)
> chgpasswd: Password change (as_root=Yes) for user: foo
> PAM: unable to obtain the new authentication token - is password to
It looks like something related with your pam options.
The manpage says that usually no change is needed in the
passwd chat, but maybe you found a corner case. ;)
Does it works with you turn off the 'pam password change'
paramenter in smb.conf?
> This is while using a new passwd of 9 random letters/numbers.
> Any suggestions welcome, thanks in advance
> dos charset = 850
> unix charset = ISO8859-1
> workgroup = DELTAGRADING
> server string = %h server (Samba, Mandrake)
> passdb backend = tdbsam
> pam password change = Yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew
> \sUNIX\spassword:* %n\n .
> passwd chat debug = Yes
> username map = /etc/samba/smbusers
> unix password sync = Yes
> log level = 3
> name resolve order = wins bcast hosts
> time server = Yes
> printcap name = CUPS
> add user script = /usr/sbin/useradd -m %u
> delete user script = /usr/sbin/userdel -r %u
> add group script = /usr/sbin/groupadd %g
> delete group script = /usr/sbin/groupdel %g
> add user to group script = /usr/sbin/usermod -G %g %u
> add machine script = /usr/sbin/useradd -s /bin/false
> -d /dev/null %u
> logon script = scripts\%U.bat
> logon path =
> logon drive = H:
> domain logons = Yes
> os level = 128
> preferred master = Yes
> domain master = Yes
> wins support = Yes
> ldap passwd sync = Yes
> idmap uid = 15000-20000
> idmap gid = 15000-20000
I don't know if it has an impact, but you don't need
'ldap passwd sync' if you are not using LDAP, and looks like
you are not using it.
Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba