Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[Samba] Unix password sync

864 views
Skip to first unread message

Alessandro Grandi

unread,
May 14, 2010, 3:46:30 PM5/14/10
to
Hi!
I'm new in this list and i'm quite new to samba.

I'm trying to configure samba as a PDC for a Windows XP network.
Samba version: 3.2.5 on Debian Lenny 5.0.4

The domain works, as well profiles. The problem is the "unix password
sync" options.

My values are:

|unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n
*Enter* new*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *passwd:
*all* authentication*tokens*updated*successfully*|

When i try to change the password from the windows client using an
account of the domain
(Ctrl+Alt+Canc and then Change password) I get the following message:
You do not have permission to change your password.

I noticed that when I try to change a password on the server (as root)
#smbpasswd <account-name>
It changes the samba password only, but not the linux one.

If I login the server as a user of the domain and I try:
$smbpasswd
I put the old password, then the new and I get the following:
"SAMR connection to machine NT_STATUS_ACCESS_DENIED failed. Error was
127.0.0.1, but LANMAN password changed are disabled.
Failed to change password for <user-name>"

I googled a lot and I found lot of people asking about problems like
this but no solutions.
Anyway I hope someone can help me with this :-)


What I tryied:

1) I'm Italian, so I tried to change the passwd chat, but didn't work.

2) I've set
lanman auth = yes
client lanman auth = yes
and then when I try (as a domain user)
$smbpasswd
I get a different error: "machine 127.0.0.1 rejected the password
change: Error was : RAP86: The specified password is invalid.
Password changed for user <user-name>"
But the password don't change!


I hope someone can give me some hint to solve the problem :-)

Thank you!

Alessandro Grandi


--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Chris Smith

unread,
May 14, 2010, 4:33:13 PM5/14/10
to
On Fri, May 14, 2010 at 3:46 PM, Alessandro Grandi
<alle_...@libero.it> wrote:
> If I login the server as a user of the domain and I try:
> $smbpasswd
> I put the old password, then the new and I get the following:
> "SAMR connection to machine NT_STATUS_ACCESS_DENIED failed. Error was
> 127.0.0.1, but LANMAN password changed are disabled.
> Failed to change password for <user-name>"

This is bug #2128 - https://bugzilla.samba.org/show_bug.cgi?id=2128

Originally reported for version 3.0.8 and still broken in 3.5.2. Makes
it impossible to test unix password sync without a Windows box.

You probably have to edit your password chat. Visually examine what
happens when you change the unix password and edit the chat to match.

Chris

--

alle_...@libero.it

unread,
May 15, 2010, 10:29:13 AM5/15/10
to
>On Fri, May 14, 2010 at 3:46 PM, Alessandro Grandi wrote:
> > If I login the server as a user of the domain and I try:
> > $smbpasswd
> > I put the old password, then the new and I get the following:
> > "SAMR connection to machine NT_STATUS_ACCESS_DENIED failed. Error was
> > 127.0.0.1, but LANMAN password changed are disabled.
> > Failed to change password for <user-name>"

> This is bug #2128 - https://bugzilla.samba.org/show_bug.cgi?id=2128

> Originally reported for version 3.0.8 and still broken in 3.5.2. Makes
> it impossible to test unix password sync without a Windows box.
>
> You probably have to edit your password chat. Visually examine what
> happens when you change the unix password and edit the chat to match.

I tryied to edit my "passwd chat" but it still don't work.

This is my output when I change the user password (as root):
#passwd silvia
Immettere nuova password UNIX:
Reimmettere la nuova password UNIX:
passwd: password aggiornata correttamente

So my passwd chat is:
passwd chat = *Immettere*nuova*password*UNIX:*%n*\n* *Reimmettere*la*nuova*password*UNIX:*%n*\n* *passwd:*password*aggiornata*correttamente*

but it still don't work.

I tried also some different values for passwd chat (even something like: passwd chat = *nuova*password*%n*\n* *nuova*password*%n*\n* *password*) but no way...

Maybe there is something I've not understood in the passwd chat sintax? I don't know...

I'd like to setup this feature but it's not a critical one (I don't think I'll setup LDAP just for this).

Thank you everyone is spending time to answer me!
(I appreciate it so much :-)

Alessandro

0 new messages