[Samba] Re: FreeBSD: Changing UNIX password - Password Chat?
Jon Theil Nielsen
jontheil at gmail.com
Mon Feb 25 23:51:49 GMT 2008
2008/2/21, Rob Mason <rob at cissp.org.uk>:
>
> Hi,
>
> I've had this problem on FreeBSD. Basically the behaviour of 'passwd'
> changed somewhere between releases 5 and 7. I solved this by writing a
> shell wrapper for the passwd tool. As simple as:
>
> #!/bin/sh
> /usr/bin/passwd -l $1
> echo "Password Changed"
>
> Call the file "smbpass.sh" and alter smb.conf accordingly:
>
> passwd program = /root/smbpass.sh %u
> passwd chat = *Password* %n\n *Password* %n\n *Changed*
> unix password sync = Yes
>
> Using wrappers makes a great deal of sense...
>
> For a mission critical production system you may want to put more error
> checking into the shell script, but hey, you get the idea ;-)
>
> Hope this helps.
>
>
> R
>
>
>
> Jon Theil Nielsen wrote:
> > I can't get my Samba PDC (FreeBSD 7,0-BETA3) changing UNIX passwords
> > from Windows clients (Ctrl-Alt-Del).
> > I now have the password chat debug active and I have loglevel 100.
> > I am not certain about the syntax in the password chat. But if I from
> > a console try to change the password of a given user (here testuser1),
> > I see these lines:
> >
> > mflserver3# /usr/bin/passwd testuser1
> > Changing local password for testuser1
> > New Password: (entering the password)
> > Retype New Password: (entering it again)
> >
> >>From that i guess the expression in the chat would be:
> > *Changing*local*password*for* %u\n *New*Password* %n\n
> > *Retype*New*Password* %n\n
> >
> > Selected parts of the log shows:
> >
> > [2008/02/13 17:47:07, 100] smbd/chgpasswd.c:expect(279)
> > expect: expected [*Changing*local*password*for*] received [Changing
> > local password for testuser1
> > New Password:] match yes
> > [2008/02/13 17:47:07, 10] smbd/chgpasswd.c:expect(290)
> > expect: returning True
> > [2008/02/13 17:47:07, 100] smbd/chgpasswd.c:expect(242)
> > expect: sending [testuser1
> > ]
> > [2008/02/13 17:47:07, 10] lib/util_sock.c:read_socket_with_timeout(476)
> > read_socket_with_timeout: timeout read. select timed out.
> > [2008/02/13 17:47:07, 100] smbd/chgpasswd.c:expect(279)
> > expect: expected [*New*Password*] received [
> > Retype New Password:] match yes
> > [2008/02/13 17:47:07, 10] smbd/chgpasswd.c:expect(290)
> > expect: returning True
> > [2008/02/13 17:47:07, 100] smbd/chgpasswd.c:expect(242)
> > expect: sending [VerySecret
> > ]
> > [2008/02/13 17:47:10, 10] lib/util_sock.c:read_socket_with_timeout(476)
> > read_socket_with_timeout: timeout read. select timed out.
> > [2008/02/13 17:47:10, 100] smbd/chgpasswd.c:expect(279)
> > expect: expected [*Retype*New*Password*] received [
> > Mismatch; try again, EOF to quit.
> > New Password:] match no
> > [2008/02/13 17:47:10, 2] smbd/chgpasswd.c:expect(285)
> > expect: Unknown error: 0
> > [2008/02/13 17:47:10, 3] smbd/chgpasswd.c:talktochild(316)
> > Response 3 incorrect
> > [2008/02/13 17:47:10, 3] smbd/chgpasswd.c:chat_with_program(372)
> > chat_with_program: Child failed to change password: testuser1
> > [2008/02/13 17:47:10, 3] smbd/sec_ctx.c:pop_sec_ctx(415)
> > pop_sec_ctx (1035, 1036) - sec_ctx_stack_ndx = 1
> > [2008/02/13 17:47:10, 5]
> rpc_parse/parse_samr.c:init_samr_r_chgpasswd_user(7576)
> > init_samr_r_chgpasswd_user
> > [2008/02/13 17:47:10, 5]
> rpc_server/srv_samr_nt.c:_samr_chgpasswd_user(1581)
> > _samr_chgpasswd_user: 1581
> > [2008/02/13 17:47:10, 5] rpc_parse/parse_prs.c:prs_debug(84)
> > 000000 samr_io_r_chgpasswd_user
> > [2008/02/13 17:47:10, 5] rpc_parse/parse_prs.c:prs_ntstatus(769)
> > 0000 status: NT_STATUS_ACCESS_DENIED
> >
> > As told, I'm not confident with the syntax. Have I made it wrong? Or
> > can you see anything else from the log that can pinpoint the problem?
> > I would believe that there must be several admins out there who use
> > the combination of of Samba and FreeBSD without having these problems.
> >
> > Cheers,
> > Jon Theil Nielsen
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
Hi,
Thanks for this idea. I did't see it until now, but I will try it out for
sure.
Regards,
Jon
More information about the samba
mailing list