Enrico, Please test this with release candidate 2 when it is made available. If there is still a problem then file a bug report on bugzilla.samba.org.
Thanks. - John T. On Wed, 27 Aug 2003, Enrico Payne wrote: > Hi, I guess you thought this had been resolved? However I was busy testing a > new server with RH8.0 and Samba3.0. > > I have compiled Samba 3.0 to use --with-pam, and now have the following > funnies. > > When I setup the smb.conf to as below, the client recognises the need to > change the password, and asks for the new one. Once I have entered the new > passwords, I get an error message on the WinXP client: "The system cannot > change your password now because the domain JBPN is not available". ( I hav > not tested this on any other Windows platforms). Also, the following in the > /var/log/messages log file: > > <----- snip -----> > Aug 27 13:17:15 test smbd[1455]: [2003/08/27 13:17:15, 0] > rpc_server/srv_pipe.c:api_pipe_netsec_process(1363) > Aug 27 13:17:15 test smbd[1455]: failed to decode PDU > Aug 27 13:17:15 test smbd[1455]: [2003/08/27 13:17:15, 0] > rpc_server/srv_pipe_hnd.c:process_request_pdu(605) > Aug 27 13:17:15 test smbd[1455]: process_request_pdu: failed to do > schannel processing. > Aug 27 13:17:15 test smbd[1455]: [2003/08/27 13:17:15, 0] > auth/pampass.c:smb_pam_account(573) > Aug 27 13:17:15 test smbd[1455]: smb_pam_account: PAM: UNKNOWN PAM ERROR > (12) during Account Management for User: enricop > Aug 27 13:17:15 test smbd[1455]: [2003/08/27 13:17:15, 0] > auth/pampass.c:smb_pam_accountcheck(781) > Aug 27 13:17:15 test smbd[1455]: smb_pam_accountcheck: PAM: Account > Validation Failed - Rejecting User enricop! > > > If I change the "encrypt password" to = no, then I get a message saying that > either my domain, username or password are incorrect. > > I am not sure, but something makes me think that the problem lies with one > of 3 files, viz. smb.conf, /etc/pam.d/samba or the smbpasswd file > > The smb.conf file looks like this: > > # Global parameters > [global] > workgroup = JBPN > netbios name = JBPN7 > server string = Samba Server 3.0beta1 > obey pam restrictions = Yes > password server = jbpn1 > root directory = / > pam password change = Yes > passwd program = /usr/bin/passwd %u > passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* > %n\n *passwd:*all*authentication*tokens*updated*successfully* > username map = /etc/samba/smb.username.map > unix password sync = Yes > log file = /var/log/samba/log.%m > max log size = 50 > name resolve order = host wins bcast > time server = Yes > change notify timeout = 10 > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > show add printer wizard = No > logon script = start.bat > logon path = \\jbpn7\home\profiles\%u > logon drive = h: > domain logons = Yes > os level = 60 > preferred master = No > dns proxy = No > wins server = 172.16.128.29 > ldap ssl = no > > [netlogon] > comment = Logon Profiles > path = /home/profiles/%u > admin users = +it > write list = +it > locking = No > > [homes] > comment = Home Directories > path = /%H > read only = No > browseable = No > > > The /etc/pam.d/samba file looks like this: > > #%PAM-1.0 > auth required pam_nologin.so > auth required pam_stack.so service=system-auth > account required pam_stack.so service=system-auth > session required pam_stack.so service=system-auth > password required pam_stack.so service=system-auth > > > The smbpasswd file is from our live server, and contains encrypted > passwords. > > Any help would be greatly appreciated... > > Regards > Enrico > > > ----- Original Message ----- > From: "Andreas" <[EMAIL PROTECTED]> > To: "Andrew Bartlett" <[EMAIL PROTECTED]> > Cc: "Enrico Payne" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Tuesday, July 29, 2003 2:52 PM > Subject: Re: [Samba] Forcing password changes using SAMBA as PDC > > > > On Tue, Jul 29, 2003 at 09:19:01AM +1000, Andrew Bartlett wrote: > > > > But using PAM would require one to disable encrypted passwords, right? > > > > > > No. You may still use PAM's account-control functionality even if you > > > don't use it for passwords. Consider how SSH still asks PAM about > > > disabled accounts, even when the login is with a key. > > > > Ah, I see. Thanks for the tip :) > > > - > ___________________________________________ > This e-mail has been scanned for viruses. > Pharma Natura will not be held responsible > for the loss of data or any other loss > caused by the use of the information > contained in this e-mail. > -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
