Hi John, Thanks for the help... will try out the "audit migrate" option and see what I get
Regards, Keith -------- "The linuX Files -- The Source is Out There." -------- ----- Original Message ----- From: "John H Terpstra" <[EMAIL PROTECTED]> To: "Keith Fernandez" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Sunday, February 02, 2003 5:30 AM Subject: Re: [Samba] passwd: Authentication token manipulation error > On Sun, 2 Feb 2003, Keith Fernandez wrote: > > Whoa Keith! Nowhere in your first email did you explain that you had > already changed your Linux PAM configuration _AND_ are trying to use > pam_smbpass.so. > > The smbpasswd utilitiy only changes the password in /etc/samba/smbpasswd. > It does NOT use PAM at all. > > The system tool 'passwd' (/bin/passwd or /usr/bin/passwd) will use PAM. > Whatever you configure PAM to do it will follow. > > Firstly, pam_smbpass.so does NOT do unix system password changing! It can > be added to your PAM configuration to update the /etc/samba/smbpasswd > file. If you want to update both /etc/passwd (/etc/shadow) entries as well > as /etc/samba/smbpasswd then the following recommendation is included in > the source code by the author: > > #%PAM-1.0 > # password-sync > # > # A sample PAM configuration that shows the use of pam_smbpass to make > # sure private/smbpasswd is kept in sync when /etc/passwd (/etc/shadow) > # is changed. Useful when an expired password might be changed by an > # application (such as ssh). > > auth requisite pam_nologin.so > auth required pam_unix.so > account required pam_unix.so > password requisite pam_cracklib.so retry=3 > password requisite pam_unix.so shadow md5 use_authtok > try_first_pass > password required pam_smbpass.so nullok use_authtok > try_first_pass > session required pam_unix.so > > And that is from the documentation in ~samba/source/pam_smbpass/samples. > > Your RH8 machine may use pam_pwdb.so, or pam_unix2.so, or similar for > system account password changing. > > > > I think it is a samba question, I did try to use more than 8 characters in > > the password and it still gave the same error. > > If you do not have the pam_pwdb.so or pam_unix.so module in your PAM > configuration then you have a hosed up PAM. > > > I got this error when I tried to add a new user to the unix system and > > change his password. This is ONLY when I used the pam_smbpass option to > > samba. > > Wait a moment. You added pam_smbpass.so to PAM - NOT to samba! > > > So I think it is a samba question..... > > Whatever! > > > the only workaround is what I had given below. > > If you have got the pam_smbpass option to sync unixpassword with smbpassword > > for NEW users, Please let me know. > > > You say smbpassword adds any user present in /etc/password, TRUE... But my > > question is why cant I add a unix password to the user which will sync it > > with smbpassword the 1st time I create a user.. > > Explained above. > > > Once I create my smbpassword and then I change my unix password then it > > sync's it with smbpassword and no error, why cant it do it the first time. > > Fix you PAM configuration. > > > > > Here is my error again using 8 characters in my password ..... > > --------------------------------------- > > [root@localhost named]# useradd -g users keith > > [root@localhost named]# passwd keith > > Changing password for user keith. > > New password: > > Retype new password: > > Failed to find entry for user keith. > > > > passwd: Authentication token manipulation error > > ----------------------------------------- > > Right. Did you add the 'debug' or 'audit' options to the pam_smbpass.so > line in your PAM configuration and then check /var/log/messages or > /var/log/security for error messages? > > > > NOW IF I HAD DONE THIS > > ---------------------------------------- > > [root@localhost named]# useradd -g users keith > > [root@localhost named]# smbpasswd -a keith > > New SMB password: > > Retype new SMB password: > > Added user keith. > > Password changed for user keith. > > Of course it worked! It just changes /etc/samba/smbpasswd entries. > You added the account (with the -a option), so now pam_smbpass.so can > change the password. The account entry in /etc/samba/smbpasswd has to > exist first. > > > [root@localhost named]# passwd keith > > Changing password for user keith. > > New password: > > Retype new password: > > passwd: all authentication tokens updated successfully > > ------------------------------------------ > > > > Added this line to my /etc/pam.d/system-auth to get it to work after the > > "pam_cracklib.so" line > > password required /lib/security/pam_smbpass.so nullok use_authtok > > try_first_pass > > Try: > password required /lib/security/pam_smbpass.so nullok use_authtok > try_first_pass audit migrate > > Cheers, > John T. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
