[Samba] FreeBSD: Changing UNIX password - Password Chat?
Edmundo Valle Neto
edmundo.valle at terra.com.br
Wed Feb 13 21:12:06 GMT 2008
Jon Theil Nielsen escreveu:
> I can't get my Samba PDC (FreeBSD 7,0-BETA3) changing UNIX passwords
> from Windows clients (Ctrl-Alt-Del).
> I now have the password chat debug active and I have loglevel 100.
> I am not certain about the syntax in the password chat. But if I from
> a console try to change the password of a given user (here testuser1),
> I see these lines:
>
> mflserver3# /usr/bin/passwd testuser1
> Changing local password for testuser1
> New Password: (entering the password)
> Retype New Password: (entering it again)
>
> >From that i guess the expression in the chat would be:
> *Changing*local*password*for* %u\n *New*Password* %n\n
> *Retype*New*Password* %n\n
>
No.
%u is the username and %n is the newpassword.
"What*to*expect"
%n\n (send the password and a new line)
"What*to*expect*then"
%n\n (send the password again and a new line)
> Selected parts of the log shows:
>
> [2008/02/13 17:47:07, 100] smbd/chgpasswd.c:expect(279)
> expect: expected [*Changing*local*password*for*] received [Changing
> local password for testuser1
> New Password:] match yes
>
It matched the two first lines stopping at (New Password:) as you have a
* at the end.
And wait.
> [2008/02/13 17:47:07, 10] smbd/chgpasswd.c:expect(290)
> expect: returning True
> [2008/02/13 17:47:07, 100] smbd/chgpasswd.c:expect(242)
> expect: sending [testuser1
> ]
>
You sent an username to the New password: prompt???
> [2008/02/13 17:47:07, 10] lib/util_sock.c:read_socket_with_timeout(476)
> read_socket_with_timeout: timeout read. select timed out.
> [2008/02/13 17:47:07, 100] smbd/chgpasswd.c:expect(279)
> expect: expected [*New*Password*] received [
> Retype New Password:] match yes
>
It matched the second line stopping at (Retype New Password:)
And wait.
> [2008/02/13 17:47:07, 10] smbd/chgpasswd.c:expect(290)
> expect: returning True
> [2008/02/13 17:47:07, 100] smbd/chgpasswd.c:expect(242)
> expect: sending [VerySecret
> ]
>
You sent a "VerySecret" password (that obviously will not match the first)
> [2008/02/13 17:47:10, 10] lib/util_sock.c:read_socket_with_timeout(476)
> read_socket_with_timeout: timeout read. select timed out.
> [2008/02/13 17:47:10, 100] smbd/chgpasswd.c:expect(279)
> expect: expected [*Retype*New*Password*] received [
> Mismatch; try again, EOF to quit.
> New Password:] match no
>
Mismatch. Try again. (your chat doesn't expected that this will happens
and don't have more expressions to match.
> [2008/02/13 17:47:10, 2] smbd/chgpasswd.c:expect(285)
> expect: Unknown error: 0
>
Error.
> [2008/02/13 17:47:10, 3] smbd/chgpasswd.c:talktochild(316)
> Response 3 incorrect
> [2008/02/13 17:47:10, 3] smbd/chgpasswd.c:chat_with_program(372)
> chat_with_program: Child failed to change password: testuser1
> [2008/02/13 17:47:10, 3] smbd/sec_ctx.c:pop_sec_ctx(415)
> pop_sec_ctx (1035, 1036) - sec_ctx_stack_ndx = 1
> [2008/02/13 17:47:10, 5] rpc_parse/parse_samr.c:init_samr_r_chgpasswd_user(7576)
> init_samr_r_chgpasswd_user
> [2008/02/13 17:47:10, 5] rpc_server/srv_samr_nt.c:_samr_chgpasswd_user(1581)
> _samr_chgpasswd_user: 1581
> [2008/02/13 17:47:10, 5] rpc_parse/parse_prs.c:prs_debug(84)
> 000000 samr_io_r_chgpasswd_user
> [2008/02/13 17:47:10, 5] rpc_parse/parse_prs.c:prs_ntstatus(769)
> 0000 status: NT_STATUS_ACCESS_DENIED
>
>
And so on.
> As told, I'm not confident with the syntax. Have I made it wrong? Or
> can you see anything else from the log that can pinpoint the problem?
> I would believe that there must be several admins out there who use
> the combination of of Samba and FreeBSD without having these problems.
>
> Cheers,
> Jon Theil Nielsen
>
Regards.
Edmundo Valle Neto
More information about the samba
mailing list