Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: carnaud on August 12, 2007, 01:28:26 PM
-
Hi,
I've just finished to configure a SME 7.2 server in PDC mode.
Windows users are aidentified without any problem, but when one of them try to change his/her password (using Windows XP SP2) the operation fail with the following windows message:
"You are not authorized to change your password" (I'm not sure of the translation of the French message they get :"Vous ne disposez pas de l'autorisation de changer votre mot de passe")
Here is the smb.conf used.
Any help would be greatly appreciated.
#------------------------------------------------------------
# !!DO NOT MODIFY THIS FILE!!
#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at http://wiki.contribs.org/development/
#
# Copyright (C) 1999-2006 Mitel Networks Corporation
#------------------------------------------------------------
[global]
add machine script = /sbin/e-smith/signal-event machine-account-create '%u'
admin users = admin
bind interfaces only = no
case sensitive = no
deadtime = 10080
display charset = ISO8859-1
dns proxy = no
domain logons = yes
domain master = yes
dos charset = 850
encrypt passwords = yes
guest account = public
guest ok = no
hosts allow = 127.0.0.1 192.168.1.0/255.255.255.128
interfaces = 127.0.0.1 192.168.1.100/255.255.255.128
log file = /var/log/samba/log.%m
logon drive = Z:
logon path =
logon script = netlogon.bat
map to guest = never
max log size = 50
name resolve order = wins lmhosts bcast
netbios name = Server01
oplocks = true
kernel oplocks = true
level2 oplocks = true
os level = 65
passdb backend = smbpasswd:/etc/samba/smbpasswd
pid directory = /var/run
preserve case = yes
printer admin = admin
security = user
server string = SME Server
short preserve case = yes
smb passwd file = /etc/samba/smbpasswd
smb ports = 139
socket options = TCP_NODELAY
strict locking = no
unix charset = UTF8
unix password sync = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*
all*authentication*tokens*updated*successfully*
check password script = /sbin/e-smith/samba_check_password
wins support = yes
nt acl support = yes
workgroup = Maison
printcap name = /etc/printcap
load printers = yes
printing = lprng
print command = /usr/bin/lpr -b -h -r -P%p %s
[homes]
comment = Home directory
browseable = no
guest ok = no
read only = no
writable = yes
printable = no
create mode = 0660
force create mode = 0660
directory mode = 0770
force directory mode = 0770
path = /home/e-smith/files/users/%S/home
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
use client driver = yes
[netlogon]
comment = Network Logon Service
path = /home/e-smith/files/samba/netlogon
guest ok = yes
writable = yes
browseable = no
[print$]
comment = Printer drivers
path = /home/e-smith/files/samba/printers
guest ok = yes
browseable = yes
use client driver = yes
writable = no
[Primary]
comment = Primary i-bay
path = /home/e-smith/files/ibays/Primary
read only = no
writable = yes
printable = no
inherit permissions = yes
create mode = 0640
[commun]
comment = Donnees communes
path = /home/e-smith/files/ibays/commun/files
read only = no
writable = yes
printable = no
inherit permissions = yes
create mode = 0660
[testacl]
comment = Test des acl
path = /home/e-smith/files/ibays/testacl/files
read only = no
writable = yes
printable = no
inherit permissions = yes
create mode = 0664
---
-
This is normal behavior as SME Server under the hood keeps passwords for multiple authentication systems it is not implemented to change passwords using the windows dialog. Instead there is a special page on SME Server to do which you could have found by reading this section of the manual (http://wiki.contribs.org/SME_Server:Documentation:User_Manual:Chapter1#Passwords): http://server-ip-or-hostname/user-password
-
Ok, thank you for your quick reply.
-
This is normal behavior as SME Server [..]
Incorrect, if you are running as a Domain controller and you have your XP machines configured as Domain rather than workgroup then by pressing Ctrl+Alt+Del and changing password you are able to configure your SME Server user password. Note that windows XP error messages probably won't give you a good error message to make sure you check your logs. Also your password regardless of password strength set will need to be >7
-
This is normal behavior as SME Server [..]
Incorrect
Thanks, I was indeed corrected in the bugtracker and was on my way to post the correction.
@carnaud: You should be able to change passwords using Windows. Please see your logfiles for errors, if the error is not in the characters used in the password or the rules verifying the password you should file a bug.
-
Thanks, I was indeed corrected in the bugtracker and was on my way to post the correction.
That was me too :wink: :lol:
-
Incorrect, if you are running as a Domain controller and you have your XP machines configured as Domain rather than workgroup then by pressing Ctrl+Alt+Del and changing password you are able to configure your SME Server user password. Note that windows XP error messages probably won't give you a good error message to make sure you check your logs. Also your password regardless of password strength set will need to be >7
Here is an excerpt of the log :
[2007/08/12 11:20:57, 0] auth/pampass.c:smb_pam_chauthtok(692)
PAM: UNKNOWN PAM ERROR (19) for User: test
[2007/08/12 11:20:57, 0] auth/pampass.c:smb_pam_passchange(848)
smb_pam_passchange: PAM: Password Change Failed for user test!
[2007/08/12 11:20:57, 0] auth/pampass.c:smb_pam_chauthtok(692)
PAM: UNKNOWN PAM ERROR (19) for User: test
[2007/08/12 11:20:57, 0] auth/pampass.c:smb_pam_passchange(848)
smb_pam_passchange: PAM: Password Change Failed for user test!
[2007/08/12 11:20:59, 0] auth/pampass.c:smb_pam_chauthtok(692)
PAM: UNKNOWN PAM ERROR (19) for User: test
[2007/08/12 11:20:59, 0] auth/pampass.c:smb_pam_passchange(848)
smb_pam_passchange: PAM: Password Change Failed for user test!
[2007/08/12 11:21:01, 0] auth/pampass.c:smb_pam_chauthtok(692)
PAM: UNKNOWN PAM ERROR (19) for User: test
[2007/08/12 11:21:01, 0] auth/pampass.c:smb_pam_passchange(848)
smb_pam_passchange: PAM: Password Change Failed for user test!
[2007/08/12 11:24:10, 0] auth/pampass.c:smb_pam_chauthtok(692)
PAM: UNKNOWN PAM ERROR (19) for User: test
[2007/08/12 11:24:10, 0] auth/pampass.c:smb_pam_passchange(848)
smb_pam_passchange: PAM: Password Change Failed for user test!
[2007/08/12 11:24:12, 0] auth/pampass.c:smb_pam_chauthtok(692)
PAM: UNKNOWN PAM ERROR (19) for User: test
[2007/08/12 11:24:12, 0] auth/pampass.c:smb_pam_passchange(848)
smb_pam_passchange: PAM: Password Change Failed for user test!
[2007/08/12 11:24:12, 0] auth/pampass.c:smb_pam_chauthtok(692)
PAM: UNKNOWN PAM ERROR (19) for User: test
[2007/08/12 11:24:12, 0] auth/pampass.c:smb_pam_passchange(848)
smb_pam_passchange: PAM: Password Change Failed for user test!
[2007/08/12 11:24:13, 0] auth/pampass.c:smb_pam_chauthtok(692)
PAM: UNKNOWN PAM ERROR (19) for User: test
[2007/08/12 11:24:13, 0] auth/pampass.c:smb_pam_passchange(848)
smb_pam_passchange: PAM: Password Change Failed for user test!
[2007/08/12 11:30:17, 1] smbd/service.c:close_cnum(841)
pc001 (192.168.1.25) closed connection to service netlogon
[2007/08/12 14:23:11, 1] smbd/service.c:make_connection_snum(648)
pc001 (192.168.1.25) connect to service commun initially as user test (uid=5010, gid=5010) (pid 2738)
[2007/08/12 14:40:01, 1] smbd/service.c:close_cnum(841)
pc001 (192.168.1.25) closed connection to service commun
[2007/08/12 16:29:14, 0] lib/util_sock.c:read_socket_data(384)
read_socket_data: recv failure for 4. Error = Connection reset by peer
[2007/08/12 16:29:14, 1] smbd/service.c:close_cnum(841)
pc001 (192.168.1.25) closed connection to service test
[2007/08/12 18:39:25, 1] smbd/service.c:make_connection_snum(648)
pc001 (192.168.1.25) connect to service test initially as user test (uid=5010, gid=5010) (pid 31237)
I tried to use a password compliant with the policy (ie Test@@$01).