[Samba] samba AD: using passwd on linux to change PW
L.P.H. van Belle
belle at bazuin.nl
Wed Jan 3 14:51:51 UTC 2018
Your welkom.
For the password change i believe it is.
But give me a few min, i'll disable it and test again.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Dr.
> Peer-Joachim Koch via samba
> Verzonden: woensdag 3 januari 2018 15:48
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] samba AD: using passwd on linux to change PW
>
> Thanks a lot. I will check it.
> We do not use kerberos - is it necessary ?
>
> Bye, Peer
>
> On 03.01.2018 15:15, L.P.H. van Belle via samba wrote:
> > Hi Peer,
> >
> > This is my output, this account testaccount1 was created 2
> minutes ago before the tests below.
> >
> > passwd testaccount1
> > Current Kerberos password:
> > Enter new Kerberos password:
> > Retype new Kerberos password:
> > Password change rejected: Password change rejected,
> password changes may not be permitted on this account, or the
> minimum password age may not have elapsed.
> > Your password must be at least 5 characters; cannot repeat
> any of your previous 5 passwords; Please type a different
> password. Type a password which meets these requirements in
> both text boxes.
> > passwd: Authentication token manipulation error
> > passwd: password unchanged
> >
> > If you run : pam-auth-update
> > You should see something like this.
> >
> >
> > ?
>
>
> ?
> > ? PAM profiles to enable:
>
>
> ?
> > ?
>
>
> ?
> > ? [ ] Create home directory during login
>
>
> ?
> > ? [*] Kerberos authentication
>
>
> ?
> > ? [*] Unix authentication
>
>
> ?
> > ? [*] Winbind NT/Active Directory authentication
>
>
> ?
> > ? [*] Register user sessions in the systemd control
> group hierarchy
>
> ?
> > ? [*] Inheritable Capabilities Management
>
>
> ?
> > ?
>
>
> ?
> >
> >
> > Same server, but now with a user disabled.
> > passwd someuser ( but disabled in AD )
> > Current Kerberos password:
> > Enter new Kerberos password:
> > Retype new Kerberos password:
> > Access denied: Not permitted to change password
> > Access is denied
> > passwd: Authentication token manipulation error
> > passwd: password unchanged
> >
> > Same user but now enabled in AD.
> > Current Kerberos password:
> > passwd: Authentication token manipulation error
> > passwd: password unchanged
> > root at rtd-print1:~# passwd xreib
> > Current Kerberos password:
> > Enter new Kerberos password:
> > Retype new Kerberos password:
> > passwd: password updated successfully
> >
> > So this should work fine.
> >
> > Debian 9.3
> > Samba 4.7.3 ( from my own apt )
> >
> >
> >
> > Best regards,
> >
> > Louis
> >
> >
> >> -----Oorspronkelijk bericht-----
> >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Dr.
> >> Peer-Joachim Koch via samba
> >> Verzonden: woensdag 3 januari 2018 14:50
> >> Aan: samba at lists.samba.org
> >> Onderwerp: [Samba] samba AD: using passwd on linux to change PW
> >>
> >> Hi,
> >>
> >> a short question about changing passwords. Our linux login
> server is
> >> using winbind
> >> for authentication. Everything is working well, but changing the
> >> password for a user
> >> does not work. We see the following error:
> >>
> >> passwd
> >> Changing password for USER
> >> (current) NT password:
> >> passwd: Authentication token manipulation error
> >> passwd: password unchanged
> >>
> >> /var/log/auth.log
> >>
> >> pam_winbind(sshd:auth): getting password (0x00000388)
> >> Jan 3 14:41:36 HOSTNAME sshd[4355]: pam_winbind(sshd:auth):
> >> pam_get_item returned a password
> >> Jan 3 14:41:36 HOSTNAME sshd[4355]:
> pam_winbind(sshd:auth): request
> >> wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error:
> PAM_USER_UNKNOWN
> >> (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was:
> >> The specified
> >> account does not exist.
> >>
> >> Login is working fine, also the groups are all correct.
> >>
> >> Maybe something in the pam-config has to be changed ?
> >>
> >> Where can I find some description to setup the system that
> every user
> >> can execute passwd ?
> >>
> >> System Debian 9.3 using winbind against Samba AD.
> >>
> >>
> >> --
> >> Bye,
> >> Peer
> >> ________________________________________________________
> >>
> >> Max-Planck-Institut für Biogeochemie
> >> Dr. Peer-Joachim Koch
> >> Hans-Knöll Str.10 Telefon: ++49 3641 57-6705
> >> D-07745 Jena Telefax: ++49 3641 57-7705
> >>
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions: https://lists.samba.org/mailman/options/samba
> >>
> >
>
> --
> Mit freundlichen Grüßen,
> Peer-Joachim Koch
> ________________________________________________________
>
> Max-Planck-Institut für Biogeochemie
> Dr. Peer-Joachim Koch
> Hans-Knöll Str.10 Telefon: ++49 3641 57-6705
> D-07745 Jena Telefax: ++49 3641 57-7705
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list