Hi and happy New Year. I test the integration of samba 3.0.10 on a fedora core 3 box in a Microsoft Active Directory (Windows 2003) environment. I already configure samba for the integration in the AD domain and it works fine but I have a problem with the pam_winbind. I can authenticate my AD domain users on the fedora box but I can’t change their password with the passwd command.
For example, I can log with the "VDP\kalaghan" domain user but when I try to change his password with the passwd command, I’ve got the next error messages in /var/log/messages: Jan 3 14:55:01 fedogat pam_winbind[2869]: user 'VDP\kalaghan' granted access Jan 3 14:55:20 fedogat pam_winbind[2869]: request failed: NT_STATUS_PASSWORD_RESTRICTION, PAM error was 4, NT error was NT_STATUS_PASSWORD_RESTRICTION Jan 3 14:55:20 fedogat pam_winbind[2869]: internal module error (retval = 4, user = `VDP\kalaghan' The password I’m using is more than eight characters and I’ve disabled the GPO in AD which concerns the complexity of password. My /etc/pam.d/system-auth file: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth sufficient /lib/security/$ISA/pam_winbind.so use_first_pass auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so account sufficient /lib/security/$ISA/pam_winbind.so account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet account required /lib/security/$ISA/pam_permit.so password requisite /lib/security/$ISA/pam_cracklib.so retry=3 password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow password sufficient /lib/security/$ISA/pam_winbind.so password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so If someone have an idea Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba