Hi, I guess you thought this had been resolved? However I was busy testing a new server with RH8.0 and Samba3.0.
I have compiled Samba 3.0 to use --with-pam, and now have the following funnies. When I setup the smb.conf to as below, the client recognises the need to change the password, and asks for the new one. Once I have entered the new passwords, I get an error message on the WinXP client: "The system cannot change your password now because the domain JBPN is not available". ( I hav not tested this on any other Windows platforms). Also, the following in the /var/log/messages log file: <----- snip -----> Aug 27 13:17:15 test smbd[1455]: [2003/08/27 13:17:15, 0] rpc_server/srv_pipe.c:api_pipe_netsec_process(1363) Aug 27 13:17:15 test smbd[1455]: failed to decode PDU Aug 27 13:17:15 test smbd[1455]: [2003/08/27 13:17:15, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(605) Aug 27 13:17:15 test smbd[1455]: process_request_pdu: failed to do schannel processing. Aug 27 13:17:15 test smbd[1455]: [2003/08/27 13:17:15, 0] auth/pampass.c:smb_pam_account(573) Aug 27 13:17:15 test smbd[1455]: smb_pam_account: PAM: UNKNOWN PAM ERROR (12) during Account Management for User: enricop Aug 27 13:17:15 test smbd[1455]: [2003/08/27 13:17:15, 0] auth/pampass.c:smb_pam_accountcheck(781) Aug 27 13:17:15 test smbd[1455]: smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User enricop! If I change the "encrypt password" to = no, then I get a message saying that either my domain, username or password are incorrect. I am not sure, but something makes me think that the problem lies with one of 3 files, viz. smb.conf, /etc/pam.d/samba or the smbpasswd file The smb.conf file looks like this: # Global parameters [global] workgroup = JBPN netbios name = JBPN7 server string = Samba Server 3.0beta1 obey pam restrictions = Yes password server = jbpn1 root directory = / pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* username map = /etc/samba/smb.username.map unix password sync = Yes log file = /var/log/samba/log.%m max log size = 50 name resolve order = host wins bcast time server = Yes change notify timeout = 10 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 show add printer wizard = No logon script = start.bat logon path = \\jbpn7\home\profiles\%u logon drive = h: domain logons = Yes os level = 60 preferred master = No dns proxy = No wins server = 172.16.128.29 ldap ssl = no [netlogon] comment = Logon Profiles path = /home/profiles/%u admin users = +it write list = +it locking = No [homes] comment = Home Directories path = /%H read only = No browseable = No The /etc/pam.d/samba file looks like this: #%PAM-1.0 auth required pam_nologin.so auth required pam_stack.so service=system-auth account required pam_stack.so service=system-auth session required pam_stack.so service=system-auth password required pam_stack.so service=system-auth The smbpasswd file is from our live server, and contains encrypted passwords. Any help would be greatly appreciated... Regards Enrico ----- Original Message ----- From: "Andreas" <[EMAIL PROTECTED]> To: "Andrew Bartlett" <[EMAIL PROTECTED]> Cc: "Enrico Payne" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, July 29, 2003 2:52 PM Subject: Re: [Samba] Forcing password changes using SAMBA as PDC > On Tue, Jul 29, 2003 at 09:19:01AM +1000, Andrew Bartlett wrote: > > > But using PAM would require one to disable encrypted passwords, right? > > > > No. You may still use PAM's account-control functionality even if you > > don't use it for passwords. Consider how SSH still asks PAM about > > disabled accounts, even when the login is with a key. > > Ah, I see. Thanks for the tip :) - ___________________________________________ This e-mail has been scanned for viruses. Pharma Natura will not be held responsible for the loss of data or any other loss caused by the use of the information contained in this e-mail. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba