2008/2/11, Michael Heydon <[EMAIL PROTECTED]>:
>
> Ken Gunderson wrote:
> > On Mon, 11 Feb 2008 02:06:51 +0100
> > "Jon Theil Nielsen" <[EMAIL PROTECTED]> wrote:
> >
> >
> >> Hello
> >>
> >> We have a FreeBSD server (7.0 BETA3) running as PDC (Samba 3.0.28)
> passwords
> >> stored in tdbsam. Theres are no problems for users and machines to log
> on to
> >> the network as long as they use the passwords I have made by smbpasswd
> -a
> >> username. But I cannot make a working configuration which allows users
> to
> >> change their own passwords on the server. They are told something like
> "You
> >> do not have permission to change your password". I guess the problem is
> the
> >> communication between Samba and the server, the passwd chat, but I'm
> not
> >> sure. I have the following lines in smb.conf
> >>
> >> passwd program = /usr/bin/passwd %u
> >> unix password sync = Yes
> >> passwd chat = *New*password* %n\n *Retype*new*passwordn* %n\n
> >>
> >
> > Might want to try:
> >
> > passwd chat = *Old*Password* %n\n *New*Password* %n\n
> > *Retype*New*Password* %n\n
> >
> >
> The password command is called as root, I believe that one of the
> requirements is that it does not prompt for the old password since samba
> will have no idea what the old password was.
>
> If you enable passwd chat debugging (and maybe up the log level) you
> should be able to see exactly what is sent and recieved by samba/passwd.
>
> > --hth
> >
> >
>
> *Michael Heydon - IT Administrator *
> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
Okay, now I have made some exercises.
I now have the password chat debug active and I have loglevel 100.
I am not certain about the syntax in the password chat. But if I from a
console try to change the password of a given user (here testuser1), I see
these lines:
mflserver3# /usr/bin/passwd testuser1
Changing local password for testuser1
New Password: (entering the password)
Retype New Password: (entering it again)
>From that i guess the expression in the chat would be:
*Changing*local*password*for*%u\n *New*Password* %n\n *Retype*New*Password*
%n\n
Selected parts of the log shows:
[2008/02/11 23:10:33, 10] lib/util_pw.c:getpwnam_alloc(76)
Got testuser1 from pwnam_cache
[2008/02/11 23:10:33, 5] lib/username.c:Get_Pwnam_internals(108)
Get_Pwnam_internals did find user [testuser1]!
[2008/02/11 23:10:33, 3] smbd/chgpasswd.c:chgpasswd(462)
chgpasswd: Password change (as_root=Yes) for user: testuser1
[2008/02/11 23:10:33, 100] smbd/chgpasswd.c:chgpasswd(465)
chgpasswd: Passwords: old= new=Very Secret
[2008/02/11 23:10:33, 3] smbd/chgpasswd.c:findpty(105)
pty: try to open ptyp0, line was /dev/ptyXX
[2008/02/11 23:10:33, 3] smbd/chgpasswd.c:findpty(105)
pty: try to open ptyp1, line was /dev/ptyp0
[2008/02/11 23:10:33, 3] smbd/chgpasswd.c:findpty(105)
pty: try to open ptyp2, line was /dev/ptyp1
[2008/02/11 23:10:33, 3] smbd/chgpasswd.c:findpty(110)
pty: opened /dev/ptyp2
[2008/02/11 23:10:33, 3] smbd/sec_ctx.c:push_sec_ctx(207)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3
[2008/02/11 23:10:33, 3] smbd/uid.c:push_conn_ctx(358)
push_conn_ctx(105) : conn_ctx_stack_ndx = 1
[2008/02/11 23:10:33, 3] smbd/sec_ctx.c:set_sec_ctx(307)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3
[2008/02/11 23:10:33, 5] auth/auth_util.c:debug_nt_user_token(448)
NT user token: (NULL)
[2008/02/11 23:10:33, 5] auth/auth_util.c:debug_unix_user_token(474)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2008/02/11 23:10:33, 3] smbd/chgpasswd.c:chat_with_program(430)
chat_with_program: Dochild for user testuser1 (uid=0,gid=0) (as_root =
Yes)
[2008/02/11 23:10:33, 10] smbd/chgpasswd.c:dochild(222)
Invoking '/usr/bin/passwd testuser1' as password change program.
[2008/02/11 23:10:34, 10] lib/util_sock.c:read_socket_with_timeout(476)
read_socket_with_timeout: timeout read. select timed out.
[2008/02/11 23:10:34, 100] smbd/chgpasswd.c:expect(279)
expect: expected [*Changing*local*password*for*testuser1
] received [Changing local password for testuser1
New Password:] match no
[2008/02/11 23:10:34, 2] smbd/chgpasswd.c:expect(285)
expect: Unknown error: 0
[2008/02/11 23:10:34, 3] smbd/chgpasswd.c:talktochild(316)
Response 1 incorrect
[2008/02/11 23:10:34, 3] smbd/chgpasswd.c:chat_with_program(372)
chat_with_program: Child failed to change password: testuser1
[2008/02/11 23:10:34, 3] smbd/sec_ctx.c:pop_sec_ctx(415)
pop_sec_ctx (1035, 1036) - sec_ctx_stack_ndx = 1
[2008/02/11 23:10:34, 5]
rpc_parse/parse_samr.c:init_samr_r_chgpasswd_user(7576)
init_samr_r_chgpasswd_user
[2008/02/11 23:10:34, 5] rpc_server/srv_samr_nt.c:_samr_chgpasswd_user(1581)
_samr_chgpasswd_user: 1581
[2008/02/11 23:10:34, 5] rpc_parse/parse_prs.c:prs_debug(84)
000000 samr_io_r_chgpasswd_user
[2008/02/11 23:10:34, 5] rpc_parse/parse_prs.c:prs_ntstatus(769)
0000 status: NT_STATUS_ACCESS_DENIED
[2008/02/11 23:10:34, 0] rpc_parse/parse_prs.c:prs_dump_region(70)
As told, I'm not confident with the syntax. Have I made it wrong? Or can you
see anything else from the log that can pinpoint the problem?
I would believe that there must be several admins out there who use the
combination of of Samba and FreeBSD without having these problems.
Cheers,
Jon Theil Nielsen
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
