Well all I assumed wrong....... The problem wasn't with PAM after all. I made the following changes to my smb.conf file and the stangest thing happens. The passwords are actually changed, however, an error still appears on the windows client.
I added the following line under [global] smb passwd = /usr/local/private/smbpasswd I commented out the following lines under [global] pam password change = yes passwd chat debug = yes I changed the following line under [global] passwd program = /usr/local/bin/smbpasswd %u If there are any ideas out there you help would be greatly appreciated. Jeff Meyer "Jeffrey R. Meyer" <[EMAIL PROTECTED]> wrote in message aufr26$flr$[EMAIL PROTECTED]">news:aufr26$flr$[EMAIL PROTECTED]... > I having been trouble by this for a few days now and was wondering if anyone > else has had any luck with this? > > I am currently running Samba 2.2.6pre2 on FreeBSD 4.7-RELEASE > I have successfully set up samba to be the PDC > I am unsuccessfully trying to change the passwords on the W2k box and I am > recieving the error that the user name/password are incorrect make sure the > caps lock is not on. > When I check the logs on the BSD box the following appears: > > [2002/12/26 14:49:26, 0] passdb/pampass.c:smb_pam_chauthtok(697) > PAM: Permission denied. > [2002/12/26 14:49:26, 2] passdb/pampass.c:smb_pam_error_handler(71) > smb_pam_error_handler: PAM: Password Change Failed : Permission denied > [2002/12/26 14:49:26, 0] passdb/pampass.c:smb_pam_passchange(865) > smb_pam_passchange: PAM: Password Change Failed for user root! > > I am making the uneducated assumption that my problem is not with samba but > it is with PAM? > If anyone could help me with this problem it would be greatly appreciated!!! > > Thanks, > > Jeff Meyer > > The smb.conf and pam.conf files that I am using are below. > > pam.conf > login auth sufficient pam_skey.so > login auth sufficient pam_opie.so > no_fake_prompts > #login auth required pam_opieaccess.so > login auth requisite pam_cleartext_pass_ok.so > #login auth sufficient pam_kerberosIV.so > try_first_pass > #login auth sufficient pam_krb5.so > try_first_pass > login auth required pam_unix.so > try_first_pass > login account required pam_unix.so > login password required pam_permit.so > login session required pam_permit.so > > # Same requirement for ftpd as login > ftpd auth sufficient pam_skey.so > ftpd auth sufficient pam_opie.so > no_fake_prompts > #ftpd auth required pam_opieaccess.so > ftpd auth requisite pam_cleartext_pass_ok.so > #ftpd auth sufficient pam_kerberosIV.so > try_first_pass > #ftpd auth sufficient pam_krb5.so > try_first_pass > ftpd auth required pam_unix.so > try_first_pass > > # OpenSSH with PAM support requires similar modules. The session one is > # a bit strange, though... > sshd auth sufficient pam_skey.so > sshd auth sufficient pam_opie.so > no_fake_prompts > #sshd auth required pam_opieaccess.so > #sshd auth sufficient pam_kerberosIV.so > try_first_pass > #sshd auth sufficient pam_krb5.so > try_first_pass > sshd auth required pam_unix.so > try_first_pass > sshd account required pam_unix.so > sshd password required pam_permit.so > sshd session required pam_permit.so > > # "telnetd" is for SRA authenticated telnet only. Non-SRA uses 'login' > telnetd auth required pam_unix.so > try_first_pass > > # Don't break startx > xserver auth required pam_permit.so > > # XDM is difficult; it fails or moans unless there are modules for each > # of the four management groups; auth, account, session and password. > xdm auth required pam_unix.so > #xdm auth sufficient pam_kerberosIV.so > try_first_pass > #xdm auth sufficient pam_krb5.so > try_first_pass > xdm account required pam_unix.so > try_first_pass > xdm session required pam_deny.so > xdm password required pam_deny.so > > # GDM (GNOME Display Manager) > gdm auth required pam_unix.so > #gdm auth sufficient pam_kerberosIV.so > try_first_pass > #gdm auth sufficient pam_krb5.so > try_first_pass > gdm account required pam_unix.so > try_first_pass > gdm session required pam_permit.so > gdm password required pam_deny.so > > # Mail services > imap auth required pam_unix.so > try_first_pass > pop3 auth required pam_unix.so > try_first_pass > > # If we don't match anything else, default to using getpwnam(). > other auth sufficient pam_skey.so > other auth required pam_unix.so > try_first_pass > other account required pam_unix.so > try_first_pass > > samba auth required pam_unix.so > try_first_pass > samba account required pam_unix.so > try_first_pass > > > smb.conf > # /usr/local/etc/smb.conf > # samba configuration file > > [global] > # basic server settings > workgroup = labnet > netbios name = pdcsrv1 > server string = Samba PDC running %v > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 > SO_RCVBUF=819 > 2 > > # PDC and master browser settings > os level = 64 > preferred master = yes > local master = yes > domain master = yes > > # security and logging settings > security = user > encrypt passwords = yes > domain logons = yes > log file = /var/log/samba/log.%m > log level = 2 > max log size = 50 > # hosts allow = 127.0.0.1 192.168.0.0/255.255.255.0 > > # user profiles and home directory > # logon home = \\%L\home\%U\.profile > # logon drive = H: > # logon path = \\%L\profiles\%U > logon home = "" > logon path = "" > logon script = netlogon.bat > > #sync UNIX passwords > unix password sync = yes > pam password change = yes > passwd program = /usr/bin/passwd %u > passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password* > %n\n * > passwd: *all*authentication*tokens*updated*successfully* > passwd chat debug = yes > #===Shares=== > > [homes] > comment = Home Directories > browseable = no > writable = yes > > #[profiles] > # path = /home/samba/profiles > # writeable = yes > # browseable = no > # create mask = 0600 > # directory mask = 0700 > > [netlogon] > path = /home/netlogon > read only = yes > write list = jeffm > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
