[Samba] samba AD: using passwd on linux to change PW
L.P.H. van Belle
belle at bazuin.nl
Wed Jan 3 14:15:38 UTC 2018
Hi Peer,
This is my output, this account testaccount1 was created 2 minutes ago before the tests below.
passwd testaccount1
Current Kerberos password:
Enter new Kerberos password:
Retype new Kerberos password:
Password change rejected: Password change rejected, password changes may not be permitted on this account, or the minimum password age may not have elapsed.
Your password must be at least 5 characters; cannot repeat any of your previous 5 passwords; Please type a different password. Type a password which meets these requirements in both text boxes.
passwd: Authentication token manipulation error
passwd: password unchanged
If you run : pam-auth-update
You should see something like this.
„ „
„ PAM profiles to enable: „
„ „
„ [ ] Create home directory during login „
„ [*] Kerberos authentication „
„ [*] Unix authentication „
„ [*] Winbind NT/Active Directory authentication „
„ [*] Register user sessions in the systemd control group hierarchy „
„ [*] Inheritable Capabilities Management „
„ „
Same server, but now with a user disabled.
passwd someuser ( but disabled in AD )
Current Kerberos password:
Enter new Kerberos password:
Retype new Kerberos password:
Access denied: Not permitted to change password
Access is denied
passwd: Authentication token manipulation error
passwd: password unchanged
Same user but now enabled in AD.
Current Kerberos password:
passwd: Authentication token manipulation error
passwd: password unchanged
root at rtd-print1:~# passwd xreib
Current Kerberos password:
Enter new Kerberos password:
Retype new Kerberos password:
passwd: password updated successfully
So this should work fine.
Debian 9.3
Samba 4.7.3 ( from my own apt )
Best regards,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Dr.
> Peer-Joachim Koch via samba
> Verzonden: woensdag 3 januari 2018 14:50
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] samba AD: using passwd on linux to change PW
>
> Hi,
>
> a short question about changing passwords. Our linux login server is
> using winbind
> for authentication. Everything is working well, but changing the
> password for a user
> does not work. We see the following error:
>
> passwd
> Changing password for USER
> (current) NT password:
> passwd: Authentication token manipulation error
> passwd: password unchanged
>
> /var/log/auth.log
>
> pam_winbind(sshd:auth): getting password (0x00000388)
> Jan 3 14:41:36 HOSTNAME sshd[4355]: pam_winbind(sshd:auth):
> pam_get_item returned a password
> Jan 3 14:41:36 HOSTNAME sshd[4355]: pam_winbind(sshd:auth): request
> wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN
> (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was:
> The specified
> account does not exist.
>
> Login is working fine, also the groups are all correct.
>
> Maybe something in the pam-config has to be changed ?
>
> Where can I find some description to setup the system that every user
> can execute passwd ?
>
> System Debian 9.3 using winbind against Samba AD.
>
>
> --
> Bye,
> Peer
> ________________________________________________________
>
> Max-Planck-Institut für Biogeochemie
> Dr. Peer-Joachim Koch
> Hans-Knöll Str.10 Telefon: ++49 3641 57-6705
> D-07745 Jena Telefax: ++49 3641 57-7705
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list