[Samba] Changing User password from ssh member server
Guilherme Boing
kolt+samba at frag.com.br
Thu Oct 8 18:16:00 UTC 2015
I have removed use_auhtok from /etc/pam.d/system-auth and now passwd is
"kind of" working...
I am still able to login with my old password and the new one also. But
only on the linux servers that are authenticating through LDAP.
On my workstation only the old password (the one I was trying to change
through passwd(ssh)) works.
I have noticed that my user now has a userPassword attribute set, where the
other users that have never tried to change the password from passwd (ssh)
do not have.
It seems that my windows workstation does not rely on userPassword, however
the linux servers that are authenticating through LDAP are considering both
userPassword and the AD password also... ?!
smb.conf is pretty much the one that comes with the tarball.
smb.conf and pam configurations: http://pastebin.ca/3185721
On Thu, Oct 8, 2015 at 3:03 PM, Rowland Penny <rowlandpenny241155 at gmail.com>
wrote:
> On 08/10/15 18:59, Guilherme Boing wrote:
>
>> Hi Rowland,
>>
>> This is a CentOS 6.7 server.
>> I was able to make some progress. I have edited /etc/pam.d/system-auth,
>> and now it looks like:
>>
>> auth required pam_env.so
>> auth sufficient pam_unix.so nullok try_first_pass
>> auth requisite pam_succeed_if.so uid >= 500 quiet
>> auth sufficient pam_ldap.so use_first_pass
>> auth required pam_deny.so
>>
>> account required pam_unix.so
>> account sufficient pam_localuser.so
>> account sufficient pam_succeed_if.so uid < 500 quiet
>> account [default=bad success=ok user_unknown=ignore] pam_ldap.so
>> account required pam_permit.so
>>
>> password requisite pam_cracklib.so try_first_pass retry=3 type=
>> password sufficient pam_unix.so sha512 shadow nullok try_first_pass
>> password sufficient pam_ldap.so use_authtok
>> password required pam_deny.so
>>
>> session optional pam_keyinit.so revoke
>> session required pam_limits.so
>> session [success=1 default=ignore] pam_succeed_if.so service in crond
>> quiet use_uid
>> session optional pam_ldap.so
>> session required pam_mkhomedir.so skel=/etc/skel umask=0022
>> session required pam_unix.so
>>
>> Now passwd works, but not really:
>> [Guilherme at server ~]$ passwd
>> Changing password for user Guilherme.
>> Enter login(LDAP) password:
>> New password:
>> Retype new password:
>> LDAP password information changed for Guilherme
>> passwd: all authentication tokens updated successfully.
>>
>> After that, I have logged out and logged in with the same old password.
>> The password didn't seem to update.
>>
>>
>> On Thu, Oct 8, 2015 at 2:47 PM, Rowland Penny <
>> rowlandpenny241155 at gmail.com <mailto:rowlandpenny241155 at gmail.com>>
>> wrote:
>>
>> On 08/10/15 18:38, Guilherme Boing wrote:
>>
>> Hi,
>>
>> I am authenticating users on our linux servers using
>> nslcd/pam_ldap.
>> Authentication is fine, however, it is not possible for the
>> user to change
>> the password from the server.
>>
>> Is there a way to make it work ?
>>
>> [Guilherme at server ~]$ passwd
>> Changing password for user Guilherme.
>> passwd: Authentication token manipulation error
>>
>> Oct 8 14:37:53 server passwd: pam_unix(passwd:chauthtok):
>> user "Guilherme"
>> does not exist in /etc/passwd
>>
>>
>> What sort of Linux server?
>>
>> Rowland
>>
>> -- To unsubscribe from this list go to the following URL and read
>> the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>>
> Not really getting anywhere here. I think you need to post your smb.conf.
>
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list