[Samba] change passwd from windows--more grief
Felipe Augusto van de Wiel
felipe at paranacidade.org.br
Thu Oct 5 13:57:40 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/02/2006 07:50 PM, Steve Glasser escreveu:
> Hi group,
>
> I can't seem to get passwd change from windows to work. I am running
> samba 3.0.20-3.1.20060mdk installed from rpms on Mandriva 2006; the
> clients are windows XP sp2. When I try to change passwd from windows I
> get "You do not have permission to change your password".
>
> What am I doing wrong?
I saw that you are using "pam password change", are
you aware of [1]how it works?
1.http://lists.samba.org/archive/samba/2002-November/055729.html
> My global smb.conf is below.
>>From log.smbd I think this error pertains to the windows error:
>
> [2006/10/02 15:25:00, 3] smbd/chgpasswd.c:chgpasswd(457)
> chgpasswd: Password change (as_root=Yes) for user: foo
> PAM: unable to obtain the new authentication token - is password to
> weak?
It looks like something related with your pam options.
The manpage says that usually no change is needed in the
passwd chat, but maybe you found a corner case. ;)
Does it works with you turn off the 'pam password change'
paramenter in smb.conf?
> This is while using a new passwd of 9 random letters/numbers.
> Any suggestions welcome, thanks in advance
> ========================================================
>
>
> dos charset = 850
> unix charset = ISO8859-1
> workgroup = DELTAGRADING
> server string = %h server (Samba, Mandrake)
> passdb backend = tdbsam
> pam password change = Yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew
> \sUNIX\spassword:* %n\n .
> passwd chat debug = Yes
> username map = /etc/samba/smbusers
> unix password sync = Yes
> log level = 3
> name resolve order = wins bcast hosts
> time server = Yes
> printcap name = CUPS
> add user script = /usr/sbin/useradd -m %u
> delete user script = /usr/sbin/userdel -r %u
> add group script = /usr/sbin/groupadd %g
> delete group script = /usr/sbin/groupdel %g
> add user to group script = /usr/sbin/usermod -G %g %u
> add machine script = /usr/sbin/useradd -s /bin/false
> -d /dev/null %u
> logon script = scripts\%U.bat
> logon path =
> logon drive = H:
> domain logons = Yes
> os level = 128
> preferred master = Yes
> domain master = Yes
> wins support = Yes
> ldap passwd sync = Yes
> idmap uid = 15000-20000
> idmap gid = 15000-20000
I don't know if it has an impact, but you don't need
'ldap passwd sync' if you are not using LDAP, and looks like
you are not using it.
Kind regards,
- --
Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
iD8DBQFFJQ9UCj65ZxU4gPQRAnoeAKCMdmVkHvIUX2WaR7RR7OO4VAiFkACfW9SC
3itThn6cPZc4pUkjU17By94=
=a6Jh
-----END PGP SIGNATURE-----
More information about the samba
mailing list