[Samba] samba AD: using passwd on linux to change PW
Dr. Peer-Joachim Koch
pkoch at bgc-jena.mpg.de
Wed Jan 3 14:48:01 UTC 2018
Thanks a lot. I will check it.
We do not use kerberos - is it necessary ?
Bye, Peer
On 03.01.2018 15:15, L.P.H. van Belle via samba wrote:
> Hi Peer,
>
> This is my output, this account testaccount1 was created 2 minutes ago before the tests below.
>
> passwd testaccount1
> Current Kerberos password:
> Enter new Kerberos password:
> Retype new Kerberos password:
> Password change rejected: Password change rejected, password changes may not be permitted on this account, or the minimum password age may not have elapsed.
> Your password must be at least 5 characters; cannot repeat any of your previous 5 passwords; Please type a different password. Type a password which meets these requirements in both text boxes.
> passwd: Authentication token manipulation error
> passwd: password unchanged
>
> If you run : pam-auth-update
> You should see something like this.
>
>
> „ „
> „ PAM profiles to enable: „
> „ „
> „ [ ] Create home directory during login „
> „ [*] Kerberos authentication „
> „ [*] Unix authentication „
> „ [*] Winbind NT/Active Directory authentication „
> „ [*] Register user sessions in the systemd control group hierarchy „
> „ [*] Inheritable Capabilities Management „
> „ „
>
>
> Same server, but now with a user disabled.
> passwd someuser ( but disabled in AD )
> Current Kerberos password:
> Enter new Kerberos password:
> Retype new Kerberos password:
> Access denied: Not permitted to change password
> Access is denied
> passwd: Authentication token manipulation error
> passwd: password unchanged
>
> Same user but now enabled in AD.
> Current Kerberos password:
> passwd: Authentication token manipulation error
> passwd: password unchanged
> root at rtd-print1:~# passwd xreib
> Current Kerberos password:
> Enter new Kerberos password:
> Retype new Kerberos password:
> passwd: password updated successfully
>
> So this should work fine.
>
> Debian 9.3
> Samba 4.7.3 ( from my own apt )
>
>
>
> Best regards,
>
> Louis
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Dr.
>> Peer-Joachim Koch via samba
>> Verzonden: woensdag 3 januari 2018 14:50
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] samba AD: using passwd on linux to change PW
>>
>> Hi,
>>
>> a short question about changing passwords. Our linux login server is
>> using winbind
>> for authentication. Everything is working well, but changing the
>> password for a user
>> does not work. We see the following error:
>>
>> passwd
>> Changing password for USER
>> (current) NT password:
>> passwd: Authentication token manipulation error
>> passwd: password unchanged
>>
>> /var/log/auth.log
>>
>> pam_winbind(sshd:auth): getting password (0x00000388)
>> Jan 3 14:41:36 HOSTNAME sshd[4355]: pam_winbind(sshd:auth):
>> pam_get_item returned a password
>> Jan 3 14:41:36 HOSTNAME sshd[4355]: pam_winbind(sshd:auth): request
>> wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN
>> (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was:
>> The specified
>> account does not exist.
>>
>> Login is working fine, also the groups are all correct.
>>
>> Maybe something in the pam-config has to be changed ?
>>
>> Where can I find some description to setup the system that every user
>> can execute passwd ?
>>
>> System Debian 9.3 using winbind against Samba AD.
>>
>>
>> --
>> Bye,
>> Peer
>> ________________________________________________________
>>
>> Max-Planck-Institut für Biogeochemie
>> Dr. Peer-Joachim Koch
>> Hans-Knöll Str.10 Telefon: ++49 3641 57-6705
>> D-07745 Jena Telefax: ++49 3641 57-7705
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
--
Mit freundlichen Grüßen,
Peer-Joachim Koch
________________________________________________________
Max-Planck-Institut für Biogeochemie
Dr. Peer-Joachim Koch
Hans-Knöll Str.10 Telefon: ++49 3641 57-6705
D-07745 Jena Telefax: ++49 3641 57-7705
More information about the samba
mailing list