SAMBA PC and XP change password

carnaud

12
+0/-0

SAMBA PC and XP change password

« on: August 12, 2007, 01:28:26 PM »

Hi,

I've just finished to configure a SME 7.2 server in PDC mode.

Windows users are aidentified without any problem, but when one of them try to change his/her password (using Windows XP SP2) the operation fail with the following windows message:

"You are not authorized to change your password" (I'm not sure of the translation of the French message they get :"Vous ne disposez pas de l'autorisation de changer votre mot de passe")

Here is the smb.conf used.

Any help would be greatly appreciated.

#------------------------------------------------------------
# !!DO NOT MODIFY THIS FILE!!
#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at http://wiki.contribs.org/development/
#
# Copyright (C) 1999-2006 Mitel Networks Corporation
#------------------------------------------------------------

[global]

add machine script = /sbin/e-smith/signal-event machine-account-create '%u'
admin users = admin

bind interfaces only = no

case sensitive = no
deadtime = 10080

display charset = ISO8859-1

dns proxy = no

domain logons = yes
domain master = yes
dos charset = 850

encrypt passwords = yes

guest account = public

guest ok = no
hosts allow = 127.0.0.1 192.168.1.0/255.255.255.128

interfaces = 127.0.0.1 192.168.1.100/255.255.255.128

log file = /var/log/samba/log.%m
logon drive = Z:

logon path =
logon script = netlogon.bat

map to guest = never

max log size = 50

name resolve order = wins lmhosts bcast

netbios name = Server01
oplocks = true
kernel oplocks = true
level2 oplocks = true

os level = 65

passdb backend = smbpasswd:/etc/samba/smbpasswd

pid directory = /var/run

preserve case = yes

printer admin = admin

security = user
server string = SME Server
short preserve case = yes
smb passwd file = /etc/samba/smbpasswd
smb ports = 139

socket options = TCP_NODELAY

strict locking = no
unix charset = UTF8

unix password sync = Yes
pam password change = Yes

passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*
all*authentication*tokens*updated*successfully*
check password script = /sbin/e-smith/samba_check_password

wins support = yes

nt acl support = yes

workgroup = Maison
printcap name = /etc/printcap
load printers = yes
printing = lprng
print command = /usr/bin/lpr -b -h -r -P%p %s

[homes]
comment = Home directory
browseable = no
guest ok = no
read only = no
writable = yes
printable = no
create mode = 0660
force create mode = 0660
directory mode = 0770
force directory mode = 0770
path = /home/e-smith/files/users/%S/home

[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
use client driver = yes

[netlogon]
comment = Network Logon Service
path = /home/e-smith/files/samba/netlogon
guest ok = yes
writable = yes
browseable = no

[print$]
comment = Printer drivers
path = /home/e-smith/files/samba/printers
guest ok = yes
browseable = yes
use client driver = yes
writable = no

[Primary]
comment = Primary i-bay

path = /home/e-smith/files/ibays/Primary
read only = no
writable = yes
printable = no
inherit permissions = yes
create mode = 0640

[commun]
comment = Donnees communes

path = /home/e-smith/files/ibays/commun/files
read only = no
writable = yes
printable = no
inherit permissions = yes
create mode = 0660

[testacl]
comment = Test des acl

path = /home/e-smith/files/ibays/testacl/files
read only = no
writable = yes
printable = no
inherit permissions = yes
create mode = 0664

---

Logged

cactus

4,880
+3/-0

SAMBA PC and XP change password

« Reply #1 on: August 12, 2007, 02:15:42 PM »

This is normal behavior as SME Server under the hood keeps passwords for multiple authentication systems it is not implemented to change passwords using the windows dialog. Instead there is a special page on SME Server to do which you could have found by reading this section of the manual: http://server-ip-or-hostname/user-password

Logged

Be careful whose advice you buy, but be patient with those who supply it. Advice is a form of nostalgia, dispensing it is a way of fishing the past from the disposal, wiping it off, painting over the ugly parts and recycling it for more than its worth ~ Baz Luhrmann - Everybody's Free (To Wear Sunscreen)

carnaud

12
+0/-0

SAMBA PC and XP change password

« Reply #2 on: August 12, 2007, 02:19:14 PM »

Ok, thank you for your quick reply.

Logged

byte

2,183
+2/-0

SAMBA PC and XP change password

« Reply #3 on: August 12, 2007, 06:09:14 PM »

Quote from: "cactus"

This is normal behavior as SME Server [..]

Incorrect, if you are running as a Domain controller and you have your XP machines configured as Domain rather than workgroup then by pressing Ctrl+Alt+Del and changing password you are able to configure your SME Server user password. Note that windows XP error messages probably won't give you a good error message to make sure you check your logs. Also your password regardless of password strength set will need to be >7

Logged

--[byte]--

Have you filled in a Bug Report over @ http://bugs.contribs.org ? Please don't wait to be told this way you help us to help you/others - Thanks!

cactus

4,880
+3/-0

SAMBA PC and XP change password

« Reply #4 on: August 12, 2007, 06:16:01 PM »

Quote from: "byte"

Quote from: "cactus"
This is normal behavior as SME Server [..]

Incorrect

Thanks, I was indeed corrected in the bugtracker and was on my way to post the correction.

@carnaud: You should be able to change passwords using Windows. Please see your logfiles for errors, if the error is not in the characters used in the password or the rules verifying the password you should file a bug.

Logged

Be careful whose advice you buy, but be patient with those who supply it. Advice is a form of nostalgia, dispensing it is a way of fishing the past from the disposal, wiping it off, painting over the ugly parts and recycling it for more than its worth ~ Baz Luhrmann - Everybody's Free (To Wear Sunscreen)

byte

2,183
+2/-0

SAMBA PC and XP change password

« Reply #5 on: August 12, 2007, 06:17:18 PM »

Quote from: "cactus"

Thanks, I was indeed corrected in the bugtracker and was on my way to post the correction.

That was me too

Logged

--[byte]--

Have you filled in a Bug Report over @ http://bugs.contribs.org ? Please don't wait to be told this way you help us to help you/others - Thanks!

carnaud

12
+0/-0

SAMBA PC and XP change password

« Reply #6 on: August 12, 2007, 06:50:28 PM »

Quote from: "byte"

Incorrect, if you are running as a Domain controller and you have your XP machines configured as Domain rather than workgroup then by pressing Ctrl+Alt+Del and changing password you are able to configure your SME Server user password. Note that windows XP error messages probably won't give you a good error message to make sure you check your logs. Also your password regardless of password strength set will need to be >7

Here is an excerpt of the log :

[2007/08/12 11:20:57, 0] auth/pampass.c:smb_pam_chauthtok(692)
PAM: UNKNOWN PAM ERROR (19) for User: test
[2007/08/12 11:20:57, 0] auth/pampass.c:smb_pam_passchange(848)
smb_pam_passchange: PAM: Password Change Failed for user test!
[2007/08/12 11:20:57, 0] auth/pampass.c:smb_pam_chauthtok(692)
PAM: UNKNOWN PAM ERROR (19) for User: test
[2007/08/12 11:20:57, 0] auth/pampass.c:smb_pam_passchange(848)
smb_pam_passchange: PAM: Password Change Failed for user test!
[2007/08/12 11:20:59, 0] auth/pampass.c:smb_pam_chauthtok(692)
PAM: UNKNOWN PAM ERROR (19) for User: test
[2007/08/12 11:20:59, 0] auth/pampass.c:smb_pam_passchange(848)
smb_pam_passchange: PAM: Password Change Failed for user test!
[2007/08/12 11:21:01, 0] auth/pampass.c:smb_pam_chauthtok(692)
PAM: UNKNOWN PAM ERROR (19) for User: test
[2007/08/12 11:21:01, 0] auth/pampass.c:smb_pam_passchange(848)
smb_pam_passchange: PAM: Password Change Failed for user test!
[2007/08/12 11:24:10, 0] auth/pampass.c:smb_pam_chauthtok(692)
PAM: UNKNOWN PAM ERROR (19) for User: test
[2007/08/12 11:24:10, 0] auth/pampass.c:smb_pam_passchange(848)
smb_pam_passchange: PAM: Password Change Failed for user test!
[2007/08/12 11:24:12, 0] auth/pampass.c:smb_pam_chauthtok(692)
PAM: UNKNOWN PAM ERROR (19) for User: test
[2007/08/12 11:24:12, 0] auth/pampass.c:smb_pam_passchange(848)
smb_pam_passchange: PAM: Password Change Failed for user test!
[2007/08/12 11:24:12, 0] auth/pampass.c:smb_pam_chauthtok(692)
PAM: UNKNOWN PAM ERROR (19) for User: test
[2007/08/12 11:24:12, 0] auth/pampass.c:smb_pam_passchange(848)
smb_pam_passchange: PAM: Password Change Failed for user test!
[2007/08/12 11:24:13, 0] auth/pampass.c:smb_pam_chauthtok(692)
PAM: UNKNOWN PAM ERROR (19) for User: test
[2007/08/12 11:24:13, 0] auth/pampass.c:smb_pam_passchange(848)
smb_pam_passchange: PAM: Password Change Failed for user test!
[2007/08/12 11:30:17, 1] smbd/service.c:close_cnum(841)
pc001 (192.168.1.25) closed connection to service netlogon
[2007/08/12 14:23:11, 1] smbd/service.c:make_connection_snum(648)
pc001 (192.168.1.25) connect to service commun initially as user test (uid=5010, gid=5010) (pid 2738)
[2007/08/12 14:40:01, 1] smbd/service.c:close_cnum(841)
pc001 (192.168.1.25) closed connection to service commun
[2007/08/12 16:29:14, 0] lib/util_sock.c:read_socket_data(384)
read_socket_data: recv failure for 4. Error = Connection reset by peer
[2007/08/12 16:29:14, 1] smbd/service.c:close_cnum(841)
pc001 (192.168.1.25) closed connection to service test
[2007/08/12 18:39:25, 1] smbd/service.c:make_connection_snum(648)
pc001 (192.168.1.25) connect to service test initially as user test (uid=5010, gid=5010) (pid 31237)

I tried to use a password compliant with the policy (ie Test@@$01).

Logged