2008/2/11, Michael Heydon <[EMAIL PROTECTED]>: > > Ken Gunderson wrote: > > On Mon, 11 Feb 2008 02:06:51 +0100 > > "Jon Theil Nielsen" <[EMAIL PROTECTED]> wrote: > > > > > >> Hello > >> > >> We have a FreeBSD server (7.0 BETA3) running as PDC (Samba 3.0.28) > passwords > >> stored in tdbsam. Theres are no problems for users and machines to log > on to > >> the network as long as they use the passwords I have made by smbpasswd > -a > >> username. But I cannot make a working configuration which allows users > to > >> change their own passwords on the server. They are told something like > "You > >> do not have permission to change your password". I guess the problem is > the > >> communication between Samba and the server, the passwd chat, but I'm > not > >> sure. I have the following lines in smb.conf > >> > >> passwd program = /usr/bin/passwd %u > >> unix password sync = Yes > >> passwd chat = *New*password* %n\n *Retype*new*passwordn* %n\n > >> > > > > Might want to try: > > > > passwd chat = *Old*Password* %n\n *New*Password* %n\n > > *Retype*New*Password* %n\n > > > > > The password command is called as root, I believe that one of the > requirements is that it does not prompt for the old password since samba > will have no idea what the old password was. > > If you enable passwd chat debugging (and maybe up the log level) you > should be able to see exactly what is sent and recieved by samba/passwd. > > > --hth > > > > > > *Michael Heydon - IT Administrator * > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba >
Okay, now I have made some exercises. I now have the password chat debug active and I have loglevel 100. I am not certain about the syntax in the password chat. But if I from a console try to change the password of a given user (here testuser1), I see these lines: mflserver3# /usr/bin/passwd testuser1 Changing local password for testuser1 New Password: (entering the password) Retype New Password: (entering it again) >From that i guess the expression in the chat would be: *Changing*local*password*for*%u\n *New*Password* %n\n *Retype*New*Password* %n\n Selected parts of the log shows: [2008/02/11 23:10:33, 10] lib/util_pw.c:getpwnam_alloc(76) Got testuser1 from pwnam_cache [2008/02/11 23:10:33, 5] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals did find user [testuser1]! [2008/02/11 23:10:33, 3] smbd/chgpasswd.c:chgpasswd(462) chgpasswd: Password change (as_root=Yes) for user: testuser1 [2008/02/11 23:10:33, 100] smbd/chgpasswd.c:chgpasswd(465) chgpasswd: Passwords: old= new=Very Secret [2008/02/11 23:10:33, 3] smbd/chgpasswd.c:findpty(105) pty: try to open ptyp0, line was /dev/ptyXX [2008/02/11 23:10:33, 3] smbd/chgpasswd.c:findpty(105) pty: try to open ptyp1, line was /dev/ptyp0 [2008/02/11 23:10:33, 3] smbd/chgpasswd.c:findpty(105) pty: try to open ptyp2, line was /dev/ptyp1 [2008/02/11 23:10:33, 3] smbd/chgpasswd.c:findpty(110) pty: opened /dev/ptyp2 [2008/02/11 23:10:33, 3] smbd/sec_ctx.c:push_sec_ctx(207) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2008/02/11 23:10:33, 3] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(105) : conn_ctx_stack_ndx = 1 [2008/02/11 23:10:33, 3] smbd/sec_ctx.c:set_sec_ctx(307) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2008/02/11 23:10:33, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2008/02/11 23:10:33, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/02/11 23:10:33, 3] smbd/chgpasswd.c:chat_with_program(430) chat_with_program: Dochild for user testuser1 (uid=0,gid=0) (as_root = Yes) [2008/02/11 23:10:33, 10] smbd/chgpasswd.c:dochild(222) Invoking '/usr/bin/passwd testuser1' as password change program. [2008/02/11 23:10:34, 10] lib/util_sock.c:read_socket_with_timeout(476) read_socket_with_timeout: timeout read. select timed out. [2008/02/11 23:10:34, 100] smbd/chgpasswd.c:expect(279) expect: expected [*Changing*local*password*for*testuser1 ] received [Changing local password for testuser1 New Password:] match no [2008/02/11 23:10:34, 2] smbd/chgpasswd.c:expect(285) expect: Unknown error: 0 [2008/02/11 23:10:34, 3] smbd/chgpasswd.c:talktochild(316) Response 1 incorrect [2008/02/11 23:10:34, 3] smbd/chgpasswd.c:chat_with_program(372) chat_with_program: Child failed to change password: testuser1 [2008/02/11 23:10:34, 3] smbd/sec_ctx.c:pop_sec_ctx(415) pop_sec_ctx (1035, 1036) - sec_ctx_stack_ndx = 1 [2008/02/11 23:10:34, 5] rpc_parse/parse_samr.c:init_samr_r_chgpasswd_user(7576) init_samr_r_chgpasswd_user [2008/02/11 23:10:34, 5] rpc_server/srv_samr_nt.c:_samr_chgpasswd_user(1581) _samr_chgpasswd_user: 1581 [2008/02/11 23:10:34, 5] rpc_parse/parse_prs.c:prs_debug(84) 000000 samr_io_r_chgpasswd_user [2008/02/11 23:10:34, 5] rpc_parse/parse_prs.c:prs_ntstatus(769) 0000 status: NT_STATUS_ACCESS_DENIED [2008/02/11 23:10:34, 0] rpc_parse/parse_prs.c:prs_dump_region(70) As told, I'm not confident with the syntax. Have I made it wrong? Or can you see anything else from the log that can pinpoint the problem? I would believe that there must be several admins out there who use the combination of of Samba and FreeBSD without having these problems. Cheers, Jon Theil Nielsen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba