Has anyone gotten Active Directory user passwords changed from a Linux (Ubuntu 8.04) client? I used https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto as a guide, so I'm using Kerberos and Winbind (all apt-get). Samba version is 3.0.28a with a Windows Sever 2008 R2 DC, but running AD 2003 native. The client box is an LTSP box, and I'm able to ssh in with AD accounts. However, when I type passwd I get the error message "passwd: Authentication token manipulation error". In the auth.log file I get "pam_unix(passwd:chauthtok): user "kmasters" does not exist in /etc/passwd". Is it possible my Samba version is too old?
common-auth: auth sufficient pam_krb5.so auth required pam_unix.so nullok_secure use_first_pass common-account: account sufficient pam_winbind.so account required pam_unix.so common-session: session required pam_mkhomedir.so umask=0022 skel=/etc/skel common-password: password sufficient pam_unix.so nullok md5 shadow password sufficient pam_ldap.so use_first_pass password required pam_deny.so smb.conf: [global] workgroup = MYDOMAIN realm = MYDOMAIN.COM server string = %h server (Samba, Ubuntu) security = ADS map to guest = Bad User obey pam restrictions = Yes password server = dc1.mydomain.com passdb backend = tdbsam pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 domain master = No dns proxy = No usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d idmap uid = 10000-20000 idmap gid = 10000-20000 template homedir = /home/%U template shell = /bin/bash winbind separator = + winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes invalid users = root -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba