I've had this problem changing passwords and the only solution I've found is setting: "unix password sync = No"
Password changing right up to rc1 doesn't work unless this is turned off. On Wed, 2003-08-27 at 07:46, John H Terpstra wrote: > Enrico, > > Please test this with release candidate 2 when it is made available. > If there is still a problem then file a bug report on bugzilla.samba.org. > > Thanks. > - John T. > > On Wed, 27 Aug 2003, Enrico Payne wrote: > > > Hi, I guess you thought this had been resolved? However I was busy testing a > > new server with RH8.0 and Samba3.0. > > > > I have compiled Samba 3.0 to use --with-pam, and now have the following > > funnies. > > > > When I setup the smb.conf to as below, the client recognises the need to > > change the password, and asks for the new one. Once I have entered the new > > passwords, I get an error message on the WinXP client: "The system cannot > > change your password now because the domain JBPN is not available". ( I hav > > not tested this on any other Windows platforms). Also, the following in the > > /var/log/messages log file: > > > > <----- snip -----> > > Aug 27 13:17:15 test smbd[1455]: [2003/08/27 13:17:15, 0] > > rpc_server/srv_pipe.c:api_pipe_netsec_process(1363) > > Aug 27 13:17:15 test smbd[1455]: failed to decode PDU > > Aug 27 13:17:15 test smbd[1455]: [2003/08/27 13:17:15, 0] > > rpc_server/srv_pipe_hnd.c:process_request_pdu(605) > > Aug 27 13:17:15 test smbd[1455]: process_request_pdu: failed to do > > schannel processing. > > Aug 27 13:17:15 test smbd[1455]: [2003/08/27 13:17:15, 0] > > auth/pampass.c:smb_pam_account(573) > > Aug 27 13:17:15 test smbd[1455]: smb_pam_account: PAM: UNKNOWN PAM ERROR > > (12) during Account Management for User: enricop > > Aug 27 13:17:15 test smbd[1455]: [2003/08/27 13:17:15, 0] > > auth/pampass.c:smb_pam_accountcheck(781) > > Aug 27 13:17:15 test smbd[1455]: smb_pam_accountcheck: PAM: Account > > Validation Failed - Rejecting User enricop! > > > > > > If I change the "encrypt password" to = no, then I get a message saying that > > either my domain, username or password are incorrect. > > > > I am not sure, but something makes me think that the problem lies with one > > of 3 files, viz. smb.conf, /etc/pam.d/samba or the smbpasswd file > > > > The smb.conf file looks like this: > > > > # Global parameters > > [global] > > workgroup = JBPN > > netbios name = JBPN7 > > server string = Samba Server 3.0beta1 > > obey pam restrictions = Yes > > password server = jbpn1 > > root directory = / > > pam password change = Yes > > passwd program = /usr/bin/passwd %u > > passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* > > %n\n *passwd:*all*authentication*tokens*updated*successfully* > > username map = /etc/samba/smb.username.map > > unix password sync = Yes > > log file = /var/log/samba/log.%m > > max log size = 50 > > name resolve order = host wins bcast > > time server = Yes > > change notify timeout = 10 > > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > > show add printer wizard = No > > logon script = start.bat > > logon path = \\jbpn7\home\profiles\%u > > logon drive = h: > > domain logons = Yes > > os level = 60 > > preferred master = No > > dns proxy = No > > wins server = 172.16.128.29 > > ldap ssl = no > > > > [netlogon] > > comment = Logon Profiles > > path = /home/profiles/%u > > admin users = +it > > write list = +it > > locking = No > > > > [homes] > > comment = Home Directories > > path = /%H > > read only = No > > browseable = No > > > > > > The /etc/pam.d/samba file looks like this: > > > > #%PAM-1.0 > > auth required pam_nologin.so > > auth required pam_stack.so service=system-auth > > account required pam_stack.so service=system-auth > > session required pam_stack.so service=system-auth > > password required pam_stack.so service=system-auth > > > > > > The smbpasswd file is from our live server, and contains encrypted > > passwords. > > > > Any help would be greatly appreciated... > > > > Regards > > Enrico > > > > > > ----- Original Message ----- > > From: "Andreas" <[EMAIL PROTECTED]> > > To: "Andrew Bartlett" <[EMAIL PROTECTED]> > > Cc: "Enrico Payne" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > > Sent: Tuesday, July 29, 2003 2:52 PM > > Subject: Re: [Samba] Forcing password changes using SAMBA as PDC > > > > > > > On Tue, Jul 29, 2003 at 09:19:01AM +1000, Andrew Bartlett wrote: > > > > > But using PAM would require one to disable encrypted passwords, right? > > > > > > > > No. You may still use PAM's account-control functionality even if you > > > > don't use it for passwords. Consider how SSH still asks PAM about > > > > disabled accounts, even when the login is with a key. > > > > > > Ah, I see. Thanks for the tip :) > > > > > > - > > ___________________________________________ > > This e-mail has been scanned for viruses. > > Pharma Natura will not be held responsible > > for the loss of data or any other loss > > caused by the use of the information > > contained in this e-mail. > > > > -- > John H Terpstra > Email: [EMAIL PROTECTED] -- George Farris [EMAIL PROTECTED] Computer Support Cowichan. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
