subject:"\[Samba\] FreeBSD\: Changing UNIX passwords from Windows"

Re: [Samba] FreeBSD: Changing UNIX passwords from Windows

2008-02-11 Thread Jon Theil Nielsen

2008/2/11, Michael Heydon <[EMAIL PROTECTED]>:
>
> Ken Gunderson wrote:
> > On Mon, 11 Feb 2008 02:06:51 +0100
> > "Jon Theil Nielsen" <[EMAIL PROTECTED]> wrote:
> >
> >
> >> Hello
> >>
> >> We have a FreeBSD server (7.0 BETA3) running as PDC (Samba 3.0.28)
> passwords
> >> stored in tdbsam. Theres are no problems for users and machines to log
> on to
> >> the network as long as they use the passwords I have made by smbpasswd
> -a
> >> username. But I cannot make a working configuration which allows users
> to
> >> change their own passwords on the server. They are told something like
> "You
> >> do not have permission to change your password". I guess the problem is
> the
> >> communication between Samba and the server, the passwd chat, but I'm
> not
> >> sure. I have the following lines in smb.conf
> >>
> >> passwd program = /usr/bin/passwd %u
> >> unix password sync = Yes
> >> passwd chat = *New*password* %n\n *Retype*new*passwordn* %n\n
> >>
> >
> > Might want to try:
> >
> > passwd chat = *Old*Password* %n\n *New*Password* %n\n
> > *Retype*New*Password* %n\n
> >
> >
> The password command is called as root, I believe that one of the
> requirements is that it does not prompt for the old password since samba
> will have no idea what the old password was.
>
> If you enable passwd chat debugging (and maybe up the log level) you
> should be able to see exactly what is sent and recieved by samba/passwd.
>
> > --hth
> >
> >
>
> *Michael Heydon - IT Administrator *
> [EMAIL PROTECTED] 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

Okay, now I have made some exercises.
I now have the password chat debug active and I have loglevel 100.
I am not certain about the syntax in the password chat. But if I from a
console try to change the password of a given user (here testuser1), I see
these lines:

mflserver3# /usr/bin/passwd testuser1
Changing local password for testuser1
New Password: (entering the password)
Retype New Password: (entering it again)

>From that i guess the expression in the chat would be:
*Changing*local*password*for*%u\n *New*Password* %n\n *Retype*New*Password*
%n\n

Selected parts of the log shows:

[2008/02/11 23:10:33, 10] lib/util_pw.c:getpwnam_alloc(76)
  Got testuser1 from pwnam_cache
[2008/02/11 23:10:33, 5] lib/username.c:Get_Pwnam_internals(108)
  Get_Pwnam_internals did find user [testuser1]!
[2008/02/11 23:10:33, 3] smbd/chgpasswd.c:chgpasswd(462)
  chgpasswd: Password change (as_root=Yes) for user: testuser1
[2008/02/11 23:10:33, 100] smbd/chgpasswd.c:chgpasswd(465)
  chgpasswd: Passwords: old= new=Very Secret
[2008/02/11 23:10:33, 3] smbd/chgpasswd.c:findpty(105)
  pty: try to open ptyp0, line was /dev/ptyXX
[2008/02/11 23:10:33, 3] smbd/chgpasswd.c:findpty(105)
  pty: try to open ptyp1, line was /dev/ptyp0
[2008/02/11 23:10:33, 3] smbd/chgpasswd.c:findpty(105)
  pty: try to open ptyp2, line was /dev/ptyp1
[2008/02/11 23:10:33, 3] smbd/chgpasswd.c:findpty(110)
  pty: opened /dev/ptyp2
[2008/02/11 23:10:33, 3] smbd/sec_ctx.c:push_sec_ctx(207)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3
[2008/02/11 23:10:33, 3] smbd/uid.c:push_conn_ctx(358)
  push_conn_ctx(105) : conn_ctx_stack_ndx = 1
[2008/02/11 23:10:33, 3] smbd/sec_ctx.c:set_sec_ctx(307)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3
[2008/02/11 23:10:33, 5] auth/auth_util.c:debug_nt_user_token(448)
  NT user token: (NULL)
[2008/02/11 23:10:33, 5] auth/auth_util.c:debug_unix_user_token(474)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2008/02/11 23:10:33, 3] smbd/chgpasswd.c:chat_with_program(430)
  chat_with_program: Dochild for user testuser1 (uid=0,gid=0) (as_root =
Yes)
[2008/02/11 23:10:33, 10] smbd/chgpasswd.c:dochild(222)
  Invoking '/usr/bin/passwd testuser1' as password change program.
[2008/02/11 23:10:34, 10] lib/util_sock.c:read_socket_with_timeout(476)
  read_socket_with_timeout: timeout read. select timed out.
[2008/02/11 23:10:34, 100] smbd/chgpasswd.c:expect(279)
  expect: expected [*Changing*local*password*for*testuser1
  ] received [Changing local password for testuser1
  New Password:] match no
[2008/02/11 23:10:34, 2] smbd/chgpasswd.c:expect(285)
  expect: Unknown error: 0
[2008/02/11 23:10:34, 3] smbd/chgpasswd.c:talktochild(316)
  Response 1 incorrect
[2008/02/11 23:10:34, 3] smbd/chgpasswd.c:chat_with_program(372)
  chat_with_program: Child failed to change password: testuser1
[2008/02/11 23:10:34, 3] smbd/sec_ctx.c:pop_sec_ctx(415)
  pop_sec_ctx (1035, 1036) - sec_ctx_stack_ndx = 1
[2008/02/11 23:10:34, 5]
rpc_parse/parse_samr.c:init_samr_r_chgpasswd_user(7576)
  init_samr_r_chgpasswd_user
[2008/02/11 23:10:34, 5] rpc_server/srv_samr_nt.c:_samr_chgpasswd_user(1581)
  _samr_chgpasswd_user: 1581
[2008/02/11 23:10:34, 5] rpc_parse/parse_prs.c:prs_debug(84)
  00 samr_io_r_chgpasswd_user
[2008/02/11 23:10:34, 5] rpc_parse/parse_prs.c:prs_ntstatus(769)

Re: [Samba] FreeBSD: Changing UNIX passwords from Windows

2008-02-10 Thread Michael Heydon


Ken Gunderson wrote:

On Mon, 11 Feb 2008 02:06:51 +0100
"Jon Theil Nielsen" <[EMAIL PROTECTED]> wrote:

  

Hello
 
We have a FreeBSD server (7.0 BETA3) running as PDC (Samba 3.0.28) passwords

stored in tdbsam. Theres are no problems for users and machines to log on to
the network as long as they use the passwords I have made by smbpasswd -a
username. But I cannot make a working configuration which allows users to
change their own passwords on the server. They are told something like "You
do not have permission to change your password". I guess the problem is the
communication between Samba and the server, the passwd chat, but I'm not
sure. I have the following lines in smb.conf
 
passwd program = /usr/bin/passwd %u

unix password sync = Yes
passwd chat = *New*password* %n\n *Retype*new*passwordn* %n\n



Might want to try: 


passwd chat = *Old*Password* %n\n *New*Password* %n\n
*Retype*New*Password* %n\n

  
The password command is called as root, I believe that one of the 
requirements is that it does not prompt for the old password since samba 
will have no idea what the old password was.


If you enable passwd chat debugging (and maybe up the log level) you 
should be able to see exactly what is sent and recieved by samba/passwd.



--hth

  


*Michael Heydon - IT Administrator *
[EMAIL PROTECTED] 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] FreeBSD: Changing UNIX passwords from Windows

2008-02-10 Thread Ken Gunderson

On Mon, 11 Feb 2008 02:06:51 +0100
"Jon Theil Nielsen" <[EMAIL PROTECTED]> wrote:

> Hello
>  
> We have a FreeBSD server (7.0 BETA3) running as PDC (Samba 3.0.28) passwords
> stored in tdbsam. Theres are no problems for users and machines to log on to
> the network as long as they use the passwords I have made by smbpasswd -a
> username. But I cannot make a working configuration which allows users to
> change their own passwords on the server. They are told something like "You
> do not have permission to change your password". I guess the problem is the
> communication between Samba and the server, the passwd chat, but I'm not
> sure. I have the following lines in smb.conf
>  
> passwd program = /usr/bin/passwd %u
> unix password sync = Yes
> passwd chat = *New*password* %n\n *Retype*new*passwordn* %n\n

Might want to try: 

passwd chat = *Old*Password* %n\n *New*Password* %n\n
*Retype*New*Password* %n\n

--hth

-- 
Best regards,

Ken Gunderson

Q: Because it reverses the logical flow of conversation.
A: Why is putting a reply at the top of the message frowned upon?

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] FreeBSD: Changing UNIX passwords from Windows

2008-02-10 Thread Jon Theil Nielsen

Hello
 
We have a FreeBSD server (7.0 BETA3) running as PDC (Samba 3.0.28) passwords
stored in tdbsam. Theres are no problems for users and machines to log on to
the network as long as they use the passwords I have made by smbpasswd -a
username. But I cannot make a working configuration which allows users to
change their own passwords on the server. They are told something like "You
do not have permission to change your password". I guess the problem is the
communication between Samba and the server, the passwd chat, but I'm not
sure. I have the following lines in smb.conf
 
passwd program = /usr/bin/passwd %u
unix password sync = Yes
passwd chat = *New*password* %n\n *Retype*new*passwordn* %n\n
 
I'm not sure the chat is correct and would like to hear about what migth be
more correct for this version of FreeBSD. I have tried to set passwd chat
debug = Yes, but that did not provide any useful (to me, at least)
information on the nature of the problem.
I haven't tried with PAM, since that is not something I like to play with i
FreeBSD.
I haven't been able to find much information on this issue between FreeBSD
and Samba, bur I'm sure there must be a solution. I don't know if the
solution is to use another password database (e.g. LDAP), but this seems to
be a rather complicated issue too.
 
Regards,
Jon Theil Nielsen

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] FreeBSD: Changing UNIX passwords from Windows

Re: [Samba] FreeBSD: Changing UNIX passwords from Windows

Re: [Samba] FreeBSD: Changing UNIX passwords from Windows

[Samba] FreeBSD: Changing UNIX passwords from Windows

4 matches

Site Navigation

Mail list logo

Footer information