[Samba] Issue with "change password" on windows dialog

Amit More amore at xetus.com
Wed Mar 23 13:17:15 MDT 2011 

Have you installed 'libpam-smbpass" ? Here is the link for your
reference
https://help.ubuntu.com/10.04/serverguide/C/samba-fileprint-security.html

Thanks,
Amit More

On Thu, 2011-03-24 at 03:36 +0900, TAKAHASHI Motonobu wrote:
> Your error is probably caused by the PAM setting. Set "debug"
> option to PAM modules and look at syslog files.
> 
> Anyway, if you enable "pam password change = yes", both "passwd
> program" and "passwd chat" parameters will be ignored.
> 
> ---
> TAKAHASHI Motonobu <monyo at samba.gr.jp>
> 
> From: Markus Scharitzer <markus.scharitzer at gmail.com>
> Date: Wed, 23 Mar 2011 13:53:16 +0100
> 
> Hi everybody!
> 
> I am having an issue regarding my samba/pam configuration. I am trying to
> sync my unix/samba passwords, but everything i found online doesn't help.
> 
> My System runs Gentoo/Samba 3.5.8 as PDC(roaming profiles host and so on) ,
> and WinXP Clients. Domainjoin and Login work fine. But I want to change the
> Passwords from the Windows interface. When I try to change the password
> using the Windows "change password" dialog. I get an error saying that i
> don't have permissions to do so. It works fine from the Unixshell.
> 
> Samba log looks like:
> 
> [2011/03/23 12:06:05.149471, 2] auth/auth.c:304(check_ntlm_password)
> check_ntlm_password: authentication for user [xx] -> [xx] -> [xx] succeeded
> [2011/03/23 12:06:05.152839, 0] auth/pampass.c:699(smb_pam_chauthtok)
> PAM: User not known to PAM
> [2011/03/23 12:06:05.152863, 2] auth/pampass.c:77(smb_pam_error_handler)
> smb_pam_error_handler: PAM: Password Change Failed : User not known to the
> underlying authentication module
> [2011/03/23 12:06:05.152873, 0] auth/pampass.c:861(smb_pam_passchange)
> smb_pam_passchange: PAM: Password Change Failed for user xx!
> [2011/03/23 12:06:05.156622, 0] auth/pampass.c:699(smb_pam_chauthtok)
> PAM: User not known to PAM
> [2011/03/23 12:06:05.156637, 2] auth/pampass.c:77(smb_pam_error_handler)
> smb_pam_error_handler: PAM: Password Change Failed : User not known to the
> underlying authentication module
> [2011/03/23 12:06:05.156650, 0] auth/pampass.c:861(smb_pam_passchange)
> smb_pam_passchange: PAM: Password Change Failed for user xx!
> [2011/03/23 12:06:05.162118, 0] auth/pampass.c:699(smb_pam_chauthtok)
> PAM: User not known to PAM
> [2011/03/23 12:06:05.162133, 2] auth/pampass.c:77(smb_pam_error_handler)
> smb_pam_error_handler: PAM: Password Change Failed : User not known to the
> underlying authentication module
> [2011/03/23 12:06:05.162143, 0] auth/pampass.c:861(smb_pam_passchange)
> smb_pam_passchange: PAM: Password Change Failed for xx!
> [2011/03/23 12:06:05.165908, 0] auth/pampass.c:699(smb_pam_chauthtok)
> PAM: User not known to PAM
> [2011/03/23 12:06:05.165923, 2] auth/pampass.c:77(smb_pam_error_handler)
> smb_pam_error_handler: PAM: Password Change Failed : User not known to the
> underlying authentication module
> [2011/03/23 12:06:05.165932, 0] auth/pampass.c:861(smb_pam_passchange)
> smb_pam_passchange: PAM: Password Change Failed for user xx!
> 
> my smb.conf looks like:
> 
> unix password sync = yes
> pam password change = yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *New*password* %n\n *Re*ype*new*password* %n\n \
> *passwd:*all*authentication*tokens*updated*successfully*
> 
> my pam-files look like:
> 
> samba:
> 
> @include system-auth
> @include system-password
> 
> auth required pam_smbpass.so nodelay
> account include system-auth
> session include system-auth
> password required pam_smbpass.so nodelay smbconf=/etc/samba/smb.conf
> 
> system-auth
> 
> 
> auth required pam_env.so
> auth required pam_unix.so try_first_pass likeauth nullok
> auth optional pam_permit.so
> auth optional pam_smbpass.so migrate
> 
> account required pam_unix.so
> account optional pam_permit.so
> 
> password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2
> retry=3
> password required pam_unix.so try_first_pass use_authtok nullok sha512
> shadow
> password optional pam_permit.so
> password required pam_smbpass.so nullok use_authok try_first_pass
> 
> session required pam_limits.so
> session required pam_env.so
> session required pam_unix.so
> session optional pam_permit.so
> 
> system-password:
> 
> password requisite pam_unix.so nullok obscure min=4 max=8 md5
> password required pam_smbpass.so nullok try_first_pass
> 
> Thanks kindly!
> 
> Best regards,

More information about the samba mailing list