[Samba] Samba 3.5.6 Syncing passwords

Enrique Ayesta Perojo eayesta at portugalete.uned.es
Wed Nov 10 04:25:37 MST 2010

El Jueves, 4 de Noviembre de 2010 12:24, Gaiseric Vandal escribió:
> I used to run NIS.    I did not use the "pam password change" option-  the
> "unix password sync" "password program" and "password chat" options were
> sufficient.


That's the point, with "pam password change" option set, the 'password 
program' and the 'password chat' options get ignored (at least that's what i 
have understood from the documentation)

> If you run smbpasswd from command line as a regular user, what happens? 

It gaves me the next errors:

a) "pam password change" set to Yes
Could not connect to machine NT_STATUS_LOGON_FAILURE

b) "pam password change" not set
SAMR connection to machine NT_STATUS_ACCESS_DENIED failed. Error was, but LANMAN password changed are disabled

I have found the bug 2128 [1] related to the b) situation

> All I can guess is that samba things the unix script failed for some
> reason. Can you create a more complex pw change script to capture the user
> name and password to a log file?  Were the passwords already in sync?
> The passwd command should be running as root, so you should not need to
> have the old password.  Did you try "passwd -r nis" instead?
> How about if the user has a /etc/passwd unix acct and not nis?

In FreeBSD that problem does not exist because passwd command has implemented 
NIS support (no need to specify '-r nis'), so it changes the user password on 
both cases

Thanks a lot for your answer, i think it could work changing the way windows 
authenticates in the domain...

[1] https://bugzilla.samba.org/show_bug.cgi?id=2128

More information about the samba mailing list