On Sun, 2 Feb 2003, Keith Fernandez wrote: Whoa Keith! Nowhere in your first email did you explain that you had already changed your Linux PAM configuration _AND_ are trying to use pam_smbpass.so.
The smbpasswd utilitiy only changes the password in /etc/samba/smbpasswd. It does NOT use PAM at all. The system tool 'passwd' (/bin/passwd or /usr/bin/passwd) will use PAM. Whatever you configure PAM to do it will follow. Firstly, pam_smbpass.so does NOT do unix system password changing! It can be added to your PAM configuration to update the /etc/samba/smbpasswd file. If you want to update both /etc/passwd (/etc/shadow) entries as well as /etc/samba/smbpasswd then the following recommendation is included in the source code by the author: #%PAM-1.0 # password-sync # # A sample PAM configuration that shows the use of pam_smbpass to make # sure private/smbpasswd is kept in sync when /etc/passwd (/etc/shadow) # is changed. Useful when an expired password might be changed by an # application (such as ssh). auth requisite pam_nologin.so auth required pam_unix.so account required pam_unix.so password requisite pam_cracklib.so retry=3 password requisite pam_unix.so shadow md5 use_authtok try_first_pass password required pam_smbpass.so nullok use_authtok try_first_pass session required pam_unix.so And that is from the documentation in ~samba/source/pam_smbpass/samples. Your RH8 machine may use pam_pwdb.so, or pam_unix2.so, or similar for system account password changing. > I think it is a samba question, I did try to use more than 8 characters in > the password and it still gave the same error. If you do not have the pam_pwdb.so or pam_unix.so module in your PAM configuration then you have a hosed up PAM. > I got this error when I tried to add a new user to the unix system and > change his password. This is ONLY when I used the pam_smbpass option to > samba. Wait a moment. You added pam_smbpass.so to PAM - NOT to samba! > So I think it is a samba question..... Whatever! > the only workaround is what I had given below. > If you have got the pam_smbpass option to sync unixpassword with smbpassword > for NEW users, Please let me know. > You say smbpassword adds any user present in /etc/password, TRUE... But my > question is why cant I add a unix password to the user which will sync it > with smbpassword the 1st time I create a user.. Explained above. > Once I create my smbpassword and then I change my unix password then it > sync's it with smbpassword and no error, why cant it do it the first time. Fix you PAM configuration. > > Here is my error again using 8 characters in my password ..... > --------------------------------------- > [root@localhost named]# useradd -g users keith > [root@localhost named]# passwd keith > Changing password for user keith. > New password: > Retype new password: > Failed to find entry for user keith. > > passwd: Authentication token manipulation error > ----------------------------------------- Right. Did you add the 'debug' or 'audit' options to the pam_smbpass.so line in your PAM configuration and then check /var/log/messages or /var/log/security for error messages? > NOW IF I HAD DONE THIS > ---------------------------------------- > [root@localhost named]# useradd -g users keith > [root@localhost named]# smbpasswd -a keith > New SMB password: > Retype new SMB password: > Added user keith. > Password changed for user keith. Of course it worked! It just changes /etc/samba/smbpasswd entries. You added the account (with the -a option), so now pam_smbpass.so can change the password. The account entry in /etc/samba/smbpasswd has to exist first. > [root@localhost named]# passwd keith > Changing password for user keith. > New password: > Retype new password: > passwd: all authentication tokens updated successfully > ------------------------------------------ > > Added this line to my /etc/pam.d/system-auth to get it to work after the > "pam_cracklib.so" line > password required /lib/security/pam_smbpass.so nullok use_authtok > try_first_pass Try: password required /lib/security/pam_smbpass.so nullok use_authtok try_first_pass audit migrate Cheers, John T. > > > > Regards, > Keith > -------- > "The linuX Files -- The Source is Out There." > -------- > ----- Original Message ----- > From: "John H Terpstra" <[EMAIL PROTECTED]> > To: "Keith Fernandez" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Saturday, February 01, 2003 11:46 PM > Subject: Re: [Samba] passwd: Authentication token manipulation error > > > > On Sat, 1 Feb 2003, Keith Fernandez wrote: > > > > > Hi Can anyone tell me what this error is. > > > > Firstly, it's NOT a samba question. > > > > Secondly, it means the password you tried to use is too short. Your RH8 > > system has a PAM configuration that insists on a password being longer > > than a certain number of characters. > > > > I think that if you do: > > grep /etc/passwd mandy > > you will find that the account was added, but it now has NO password. > > You really DO want to enter a system password, or use Red Hat's method for > > locking the Linux system account for mandy. > > > > smbpasswd will add any user who has an entry in the /etc/passwd file. > > > > SMB passwords are independant of the system password. > > > > - John T. > > > > > > > > Thanks. > > > Regards, > > > Keith > > > -------- > > > "The linuX Files -- The Source is Out There." > > > -------- > > > ----- Original Message ----- > > > From: "Keith Fernandez" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Friday, January 31, 2003 8:34 PM > > > Subject: [Samba] passwd: Authentication token manipulation error > > > > > > > > > > Hi, > > > > > > > > I am trying to add a new user to my RedHat 8.0 System running samba > > > 2.2.7-1a > > > > This is the error I get. > > > > > > > > --------------------------------------- > > > > [root@localhost named]# useradd -g users mandy > > > > [root@localhost named]# passwd mandy > > > > Changing password for user mandy. > > > > New password: > > > > BAD PASSWORD: it is too short > > > > Retype new password: > > > > Failed to find entry for user mandy. > > > > > > > > passwd: Authentication token manipulation error > > > > ----------------------------------------- > > > > > > > > This error is only when I am creating a new user. Password sync > happens if > > > there is an existing user. > > > > if after using useradd -g users mandy > > > > I do a smbpassword -a mandy > > > > then everything is fine.... > > > > What could be the problem... > > > > > > > > > > > > Regards, > > > > Keith > > > > -------- > > > > "The linuX Files -- The Source is Out There." > > > > -------- > > > > -- > > > > To unsubscribe from this list go to the following URL and read the > > > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > > > > > > > > > > > > -- > > John H Terpstra > > Email: [EMAIL PROTECTED] > > > > -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
