I hope this isn't too horrible of me to mail this to this list. I'm ready to give up on this problem, but I thought I should at least report it somewhere in case its a real bug. I have tried the regular samba list and #samba repeatedly, with no response. I have also scoured all docs I could find.
The problem is with changing passwords by Ctrl-Alt-Del from a Windows XP Pro machine. Samba 2.2.7a (haven't been able to get the Debian packaging for 2.2.8 to work yet and I'm a purist) using --with-ldapsam --with-pam_smbpass. The LDAP server is OpenLDAP. Password change using pam_smbpass from the UNIX side works just fine. I verified that the change works using a WinXP Pro client. smb.conf has: security = user encrypt passwords = true unix password sync = true pam passwd change = yes obey pam restrictions = yes Logging onto the samba server from a WinXP machine works just fine. If I try to Ctrl-Alt-Del Change Password... from a WinXP machine where the username or password of the currently logged in (WinXP) user is different from the username or password being used on the samba server, then the password change fails with "1727: the remote procedure call failed and did not execute". If I try it when the username and password of the currently logged in user is the same as the current username and password being used on the samba server, then the password change succeeds. And it really succeeds. I close the connection and log back in and only the *new* password works. >From an strace, I verififed what I suspected which is that its only when samba falls back on the lanman password that authentication succeeds and the password change can go forward, which, of course, explains this behavior. An odd thing is that an strace of the samba daemons while simply connecting to a share shows pam.d files being consulted, while an strace of the daemons during a failed Ctrl-Alt-Del Change Password... session shows no pam.d files consulted. I would love to hear that someone has indeed used samba with LDAP and gotten Ctrl-Alt-Del password change working with the pam stuff enabled. Then at least I know its possbile. Again, sorry to post to this list. Just in case this is useful. Thanks. Ross Patterson Programmer/Analyst 831-459-2792 [EMAIL PROTECTED] 1156 High St, Barn G, PP&C Santa Cruz, CA 95064 On Wed, 19 Feb 2003, [EMAIL PROTECTED] wrote: > On a Debian 3.0 system with user accounts stored in openldap, I have > unix and windows auth working just fine through ldap. smbpasswd can > change the samba passwd attributes, and passwd can change the unix > password attributes. > > I'm trying to get pam_smbpass to work to keep everything in sync, but > it only says "Failed to find entry for user test0." which indicates to > me that its looking in the smbpasswd file which has, of course, > nothing. "ldd /lib/security/pam_smbpass.so" gives libpam and libldap > among other things. > > Can someone tell me if pam_smbpass is using the SAM DB API? If > pam_smbpass is hardwired for the smbpasswd file, that would explain my > troubles. > > If it is using the SAM DB API, can anyone give me any direction? > > Ross Patterson > Programmer/Analyst > 831-459-2792 > [EMAIL PROTECTED] > 1156 High St, Barn G, PP&C > Santa Cruz, CA 95064 > >