[Bug 556285] Re: cannot change password of AD user when using pam_winbind

2010-04-06 Thread Justin Jon L. Jereza 

** Patch added: diff patch for /usr/share/pam-configs/winbind
   http://launchpadlibrarian.net/43225229/winbind.diff

** Description changed:

  Binary package hint: samba
  
  I've been doing these tests on Karmic using the Lucid winbind pam-
  config.
  
  When trying to change the user's password using the Lucid winbind pam-
  config, I get the following:
  
  $ passwd
  passwd: Authentication token manipulation error
  passwd: password unchanged
  
  I've attached a patch for the winbind pam-config which at least
  recognizes the username, but I still get the following error:
  
  $ passwd
  Changing password for EXAMPLE\user
  (current) NT password:
  passwd: Authentication token manipulation error
  passwd: password unchanged
  
  Some more details about the diff patch:
  
  1. For the auth module, I've changed 'try_first_pass' to
  'use_first_pass' so that it insists that the credentials used for
  authentication are the ones initially entered by the user. Whether
  that's a good thing or not, I have no idea. 'try_first_pass' might be a
  better idea if there is a chance that the username exists in both
  /etc/passwd and active directory but have different passwords.
  
  2. I've changed the 'Password-Type' from 'Additional' to 'Primary'. With
  the 'Additional' setting, any failure in pam_unix.so (e.g. user does not
  exist in /etc/passwd) means that pam_deny.so is the next module so
  pam_winbind.so is never executed. For both 'Password' and 'Password-
  Initial', I've changed the control from 'requisite' to '[success=end
  default=ignore]' so that it stacks properly with any other module that
  may also be in use.
  
  3. I've added pam_mkhomedir.so as an optional module in the session type
  since it uses /etc/skel while the 'mkhomedir' argument for
  pam_winbind.so does not. Again, whether this is a good thing or not, I
  have no idea.
+ 
+ P.S. Apologies if the diff patch contains more than that which is
+ relevant with this issue.

-- 
cannot change password of AD user when using pam_winbind
https://bugs.launchpad.net/bugs/556285
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 556285] Re: cannot change password of AD user when using pam_winbind

2010-04-06 Thread Thierry Carrez 
*** This bug is a duplicate of bug 546874 ***
https://bugs.launchpad.net/bugs/546874

** This bug has been marked a duplicate of bug 546874
   passwd - can't login, change password (pam_winbind pam-auth-update profile)

-- 
cannot change password of AD user when using pam_winbind
https://bugs.launchpad.net/bugs/556285
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs