[Samba] FreeBSD: Changing UNIX password - Password Chat?
Jon Theil Nielsen
jontheil at gmail.com
Thu Feb 14 11:19:56 GMT 2008
2008/2/14, Bardo Wolf <b.wolf at uib.de>:
> Under solaris we had a similar situation (wrong password chat) where the
> Jon Theil Nielsen schrieb:
>
> > I can't get my Samba PDC (FreeBSD 7,0-BETA3) changing UNIX passwords
> > from Windows clients (Ctrl-Alt-Del).
> > I now have the password chat debug active and I have loglevel 100.
> > I am not certain about the syntax in the password chat. But if I from
> > a console try to change the password of a given user (here testuser1),
> > I see these lines:
> >
> > mflserver3# /usr/bin/passwd testuser1
> > Changing local password for testuser1
> > New Password: (entering the password)
> > Retype New Password: (entering it again)
> >
> >>From that i guess the expression in the chat would be:
> > *Changing*local*password*for* %u\n *New*Password* %n\n
> > *Retype*New*Password* %n\n
> >
> > Selected parts of the log shows:
> >
> > [2008/02/13 17:47:07, 100] smbd/chgpasswd.c:expect(279)
> > expect: expected [*Changing*local*password*for*] received [Changing
> > local password for testuser1
> > New Password:] match yes
> > [2008/02/13 17:47:07, 10] smbd/chgpasswd.c:expect(290)
> > expect: returning True
> > [2008/02/13 17:47:07, 100] smbd/chgpasswd.c:expect(242)
> > expect: sending [testuser1
> > ]
> > [2008/02/13 17:47:07, 10] lib/util_sock.c:read_socket_with_timeout(476)
> > read_socket_with_timeout: timeout read. select timed out.
> > [2008/02/13 17:47:07, 100] smbd/chgpasswd.c:expect(279)
> > expect: expected [*New*Password*] received [
> > Retype New Password:] match yes
> > [2008/02/13 17:47:07, 10] smbd/chgpasswd.c:expect(290)
> > expect: returning True
> > [2008/02/13 17:47:07, 100] smbd/chgpasswd.c:expect(242)
> > expect: sending [VerySecret
> > ]
> > [2008/02/13 17:47:10, 10] lib/util_sock.c:read_socket_with_timeout(476)
> > read_socket_with_timeout: timeout read. select timed out.
> > [2008/02/13 17:47:10, 100] smbd/chgpasswd.c:expect(279)
> > expect: expected [*Retype*New*Password*] received [
> > Mismatch; try again, EOF to quit.
> > New Password:] match no
> > [2008/02/13 17:47:10, 2] smbd/chgpasswd.c:expect(285)
> > expect: Unknown error: 0
> > [2008/02/13 17:47:10, 3] smbd/chgpasswd.c:talktochild(316)
> > Response 3 incorrect
> > [2008/02/13 17:47:10, 3] smbd/chgpasswd.c:chat_with_program(372)
> > chat_with_program: Child failed to change password: testuser1
> > [2008/02/13 17:47:10, 3] smbd/sec_ctx.c:pop_sec_ctx(415)
> > pop_sec_ctx (1035, 1036) - sec_ctx_stack_ndx = 1
> > [2008/02/13 17:47:10, 5] rpc_parse/parse_samr.c:init_samr_r_chgpasswd_user(7576)
> > init_samr_r_chgpasswd_user
> > [2008/02/13 17:47:10, 5] rpc_server/srv_samr_nt.c:_samr_chgpasswd_user(1581)
> > _samr_chgpasswd_user: 1581
> > [2008/02/13 17:47:10, 5] rpc_parse/parse_prs.c:prs_debug(84)
> > 000000 samr_io_r_chgpasswd_user
> > [2008/02/13 17:47:10, 5] rpc_parse/parse_prs.c:prs_ntstatus(769)
> > 0000 status: NT_STATUS_ACCESS_DENIED
> >
> > As told, I'm not confident with the syntax. Have I made it wrong? Or
> > can you see anything else from the log that can pinpoint the problem?
> > I would believe that there must be several admins out there who use
> > the combination of of Samba and FreeBSD without having these problems.
> >
> > Cheers,
> > Jon Theil Nielsen
>
> hint from
>
> http://lists-archives.org/samba/34236-passwd-change-with-3-0-27a.html
>
> 'Adding "pam password change = yes" worked around the problem for me.'
>
> solved the problem for us also
>
> Bardo
I guess you are rigth regarding Solaris (which I don't now much about).
PAM may also be an option in FreeBSD, but it is not very integrated.
Therefore I'm glad I found the solution as deskribed.
Regards,
Jon Theil Nielsen
More information about the samba
mailing list