[Samba] PASSWORD SYNC PAM_SMBPASS
Hi Guys, I heard that you need to compile samba with the pam_smbpass option to get password sync to happen between passwd and smbpassword. So I took the src.rpm and uncommeneted the lines pertaining to pam_smbpass. However when I do a rebuild I get an error during make --- collect2: ld returned 1 exit statusmake: *** [bin/pam_smbpass.so] Error 1error: Bad exit status from /var/tmp/rpm-tmp.66764 (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.66764 (%build)- Can someone tell me what I am doing wrong. Is an rpm for redhat 8.0 available with the pam_smbpass already present. Regards,KeithLinux: because I want to get there today. Without rebooting.
[Samba] password sync error.
Hi! I have a SUSE 7.3 (samba 2.2.1a) box set up as PDC on my network. I had the password chat command working, then it stopped working - I probaly did "something stupid" but WHAT!!! With loglevel 100 and debug passwd chat on, the log file says something like snip... [2002/04/20 12:09:04, 3] smbd/chgpasswd.c:chgpasswd(451) Password change for user: ltb [2002/04/20 12:09:04, 3] smbd/chgpasswd.c:findpty(98) pty: try to open ptya0, line was /dev/ptyXX [2002/04/20 12:09:04, 3] smbd/chgpasswd.c:findpty(98) pty: try to open ptya1, line was /dev/ptya0 [2002/04/20 12:09:04, 3] smbd/chgpasswd.c:findpty(98) pty: try to open ptya2, line was /dev/ptya1 ... [2002/04/20 12:09:04, 3] smbd/chgpasswd.c:findpty(98) pty: try to open ptyze, line was /dev/ptyzd [2002/04/20 12:09:04, 3] smbd/chgpasswd.c:findpty(98) pty: try to open ptyzf, line was /dev/ptyze [2002/04/20 12:09:04, 3] smbd/chgpasswd.c:chat_with_program(322) Cannot Allocate pty for password change: ltb ...snip It appears that the passwd chat don't even start before it fails. The error Winblows gives is "Old Password or username don't match... make sure caps lock is not... bla bla" Any body knows what causes this error message - or if what I posibly could do to fix it. /Lasse -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba password sync question
Dear All I would like to know if there is a simple way to disable the Change Password button available under XP. I have tried all the registry entries and they wont work. When a limited user account is created the relevant entry is not copied from HKEY_USERS\.DEFAULT into HKEY_CURRENT_USER. The system I am using is Samba 2.2.5 running as a PDC with XP clients. I don't want to have to give all my users admin rights as that's a bit nasty. The solution I have come up with at the moment is to set passwd program in smb.conf to a script which I have written that just returns a non zero exit status. This then tells the users that the password change failed due to an invalid username or password. If it is not possible to disable the change password button is it possible to edit the error message windows displays when the password change fails? Thanks Jethran Waugh -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba password sync question
Have you tried Group Policy editor (gpedit.msc) I am pretty sure there is a setting in there somewhere to disallow passoword changing. --- Jethran Waugh <[EMAIL PROTECTED]> wrote: > Dear All > > I would like to know if there is a simple way to > disable the Change > Password button available under XP. I have tried > all the registry > entries and they wont work. When a limited user > account is created the > relevant entry is not copied from > HKEY_USERS\.DEFAULT into > HKEY_CURRENT_USER. The system I am using is Samba > 2.2.5 running as a > PDC with XP clients. I don't want to have to give > all my users admin > rights as that's a bit nasty. > > The solution I have come up with at the moment is to > set passwd program > in smb.conf to a script which I have written that > just returns a non > zero exit status. This then tells the users that > the password change > failed due to an invalid username or password. If > it is not possible to > disable the change password button is it possible to > edit the error > message windows displays when the password change > fails? > > > Thanks > Jethran Waugh > > -- > To unsubscribe from this list go to the following > URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba __ Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! http://sbc.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba password sync question
I found it. In gpedit.msc Navigate to : User Configuration > Administrative Templates > System > Ctrl-Alt-Del Options In the right pane select Remove Change Password and then select enable. Prevents users from changing their Windows password on demand. This setting disables the "Change Password" button on the Windows Security dialog box (which appears when you press Ctrl+Alt+Del). However, users are still able to change their password when prompted by the system. The system prompts users for a new password when an administrator requires a new password or their password is expiring. --- Jethran Waugh <[EMAIL PROTECTED]> wrote: > Dear All > > I would like to know if there is a simple way to > disable the Change > Password button available under XP. I have tried > all the registry > entries and they wont work. When a limited user > account is created the > relevant entry is not copied from > HKEY_USERS\.DEFAULT into > HKEY_CURRENT_USER. The system I am using is Samba > 2.2.5 running as a > PDC with XP clients. I don't want to have to give > all my users admin > rights as that's a bit nasty. > > The solution I have come up with at the moment is to > set passwd program > in smb.conf to a script which I have written that > just returns a non > zero exit status. This then tells the users that > the password change > failed due to an invalid username or password. If > it is not possible to > disable the change password button is it possible to > edit the error > message windows displays when the password change > fails? > > > Thanks > Jethran Waugh > > -- > To unsubscribe from this list go to the following > URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba __ Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! http://sbc.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba password sync question
Sadly that doesn't work. All that does is set the registry entry in HKEY_Users\.DEFAULT and when a new user logs in that key is not copied for some reason -Original Message- From: Josh Friberg-Wyckoff [mailto:[EMAIL PROTECTED]] Sent: 19 September 2002 21:52 To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Samba] Samba password sync question I found it. In gpedit.msc Navigate to : User Configuration > Administrative Templates > System > Ctrl-Alt-Del Options In the right pane select Remove Change Password and then select enable. Prevents users from changing their Windows password on demand. This setting disables the "Change Password" button on the Windows Security dialog box (which appears when you press Ctrl+Alt+Del). However, users are still able to change their password when prompted by the system. The system prompts users for a new password when an administrator requires a new password or their password is expiring. --- Jethran Waugh <[EMAIL PROTECTED]> wrote: > Dear All > > I would like to know if there is a simple way to > disable the Change > Password button available under XP. I have tried > all the registry > entries and they wont work. When a limited user > account is created the > relevant entry is not copied from > HKEY_USERS\.DEFAULT into > HKEY_CURRENT_USER. The system I am using is Samba > 2.2.5 running as a > PDC with XP clients. I don't want to have to give > all my users admin > rights as that's a bit nasty. > > The solution I have come up with at the moment is to > set passwd program > in smb.conf to a script which I have written that > just returns a non > zero exit status. This then tells the users that > the password change > failed due to an invalid username or password. If > it is not possible to > disable the change password button is it possible to > edit the error > message windows displays when the password change > fails? > > > Thanks > Jethran Waugh > > -- > To unsubscribe from this list go to the following > URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba __ Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! http://sbc.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] password sync program NOT running as user root
Hello * in my samba installation the unix password sync program is not run as suer root. instead it runs as the user whw want's to change the password: this is a recompiled debian samba_2.999+3.0.alpha23-4 with ldapsam enabled (no other changes to the debian build script) # Global parameters [global] workgroup = SVFMG server string = %h server (Samba %v) obey pam restrictions = Yes passdb backend = smbpasswd, ldapsam, tdbsam, unixsam passwd program = /etc/samba/ldapsync.pl -o %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *modifying* passwd chat debug = Yes username map = /etc/samba/usermap svpdc:/etc/samba# cat /etc/samba/ldapsync.pl #!/usr/bin/perl -w $myid = $<; `echo $myid >> /tmp/ldapsync.debug`; svpdc:/etc/samba# cat /tmp/ldapsync.debug 1015 1015 1015 [2003/06/03 20:16:40, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(648) ldapsam_search_one_user: searching for:[(&(uid=lorenz)(objectclass=sambaAccount))] [2003/06/03 20:16:40, 2] passdb/pdb_ldap.c:init_sam_from_ldap(1059) Entry found for user: lorenz [2003/06/03 20:16:40, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(2187) ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(gidNumber=1005))] [2003/06/03 20:16:40, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2003/06/03 20:16:40, 3] smbd/chgpasswd.c:chgpasswd(486) Password change for user: lorenz [2003/06/03 20:16:40, 3] smbd/chgpasswd.c:chat_with_program(443) Dochild for user lorenz (uid=0,gid=0) [2003/06/03 20:16:40, 0] lib/util_sock.c:read_socket_with_timeout(275) read_socket_with_timeout: timeout read. read error = Input/output error. [2003/06/03 20:16:40, 2] smbd/chgpasswd.c:expect(277) expect: Input/output error as you can see it successfully does a ldap lookup for the user account. samba also states that it will change to uid=0,gid=0. unfortunately that never seems to happen. teh input /ouput errors are because the test script doesn't provide the expected output. but the main problem is, that the switch to uid=0 does not happen, which makes it really difficult to write a secur password change script. (now i'll have to make the script world executable to be able to change passwords). any suggestions ?!? i can provide further logs if you tell me what you need. greetings from muc Holger Brueckner net-labs Systemhaus gmbH -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] password sync program NOT running as user root
On Wed, 2003-06-04 at 04:58, Holger Brückner wrote: > Hello * > > in my samba installation the unix password sync program is not run as > suer root. instead it runs as the user whw want's to change the > password: > > this is a recompiled debian samba_2.999+3.0.alpha23-4 with ldapsam > enabled (no other changes to the debian build script) You might find 'ldap passwd sync' less painful, and easier to debug. Samba uses the 'password set' API to directly set the user's password. You may need to use the patch recently re-posted to samba-technical, if debian has moved to OpenLDAP 2.1 Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] password sync program NOT running as user root
On Wed, 2003-06-04 at 02:35, Andrew Bartlett wrote: > You might find 'ldap passwd sync' less painful, and easier to debug. > Samba uses the 'password set' API to directly set the user's password. actually that works ;) .. i wonder why i didn't find it by myself. but the original bug remains. the passwd programm should really be executed as user root. don't know whats going on ther. thx, cya Holger Brueckner net-labs Systemhaus gmbH -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] with ldap - samba - password sync - domain group map
> my solution (found in some ldap-samba-pdc-howto) was to set the > pwdMustChange to 2147483647 (which is far in the future: 2030 or > something) thank you very much! your solution solved this problem. >> 2. the unix password sync doesn't work. but i think there are two >> different problems, but let me describe: if i activated the password >> sync, i got on > you have to set the password chat to something that reflects your > systems password chat (no na) i knew it - (no na) ;-) my heavy situation is, that the chat expects [New password: ] and receives [New password: ] , but it says no match following row is from the log: expect: expected [New password: ] received [New password: ] match no this is my problem! is there a bug or is my config faulty: passwd chat = New\spassword:\s %n\n Re-enter\snew\spassword:\s %n\n Result:\sSuccess\s(0)\n passwd program = /etc/ldappwdsmb %u the programm ldappwdsmb is a script which calls ldappasswd as root! would it be possible to send me your configfiles to compare with mine? in my opinion, there's only one little mistake that let the sync crash! >> 3. the domain group map doesn't work! i found a lot of descriptions >> about > i have not tried this yet, but i think that 2.2.3a does not supprt > domain-group-mapping (but 2.2.4 should ???) i saw mails from lists where persons told about working group-map with earlier versions as 2.2.3 (!), but maybe i'm wrong! thanks lg thomas reisenbichler -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] with ldap - samba - password sync - domain group map
hello!
> so may passwd-chat line is as follows:
> passwd chat = *New\spassword:* %n\n *Re-enter\snew\spassword:* %n\n .
> note the asterisk and dot (i haven't really understood now what the dot
> means, but the asterisks match anything, and maybe the blank ("\s")
> between "passwd:" and " %n" is just no plain blank but something
> different.
ok, i moved the passwdchat to following line:
passwd chat = *New*\spassword:*\s* %n\n *Re-enter*\snew*\spassword:*\s %
n\n *Result:*\sSuccess*\s(0)\n .
and the log tells:
expect: expected [*New* password:* *] received [New password: ] match no
whats going wrong on my system? since last mail i made a new server with
samba 2.2.4, but compiled it myself (so i know whats going on ;-) ). the
situation doesn't change!
could it be that i need an additionally package or anything similar?
thanks and lg
thomas reisenbichler
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] with ldap - samba - password sync - domain group map
NSC - NetworkServiceCenter wrote:
>hello!
>
>>so may passwd-chat line is as follows:
>> passwd chat = *New\spassword:* %n\n *Re-enter\snew\spassword:* %n\n .
>>note the asterisk and dot (i haven't really understood now what the dot
>> means, but the asterisks match anything, and maybe the blank ("\s")
>>between "passwd:" and " %n" is just no plain blank but something
>>different.
>>
>
>ok, i moved the passwdchat to following line:
> passwd chat = *New*\spassword:*\s* %n\n *Re-enter*\snew*\spassword:*\s %
>n\n *Result:*\sSuccess*\s(0)\n .
>
I had almost the same problem. Don't know why, but I had to use ""
passwd chat = *New*"password:"*\s* %n\n *enter*new*"password:"* %
n\n *"Result:"*Success*
>
>
>and the log tells:
> expect: expected [*New* password:* *] received [New password: ] match no
>
>whats going wrong on my system? since last mail i made a new server with
>samba 2.2.4, but compiled it myself (so i know whats going on ;-) ). the
>situation doesn't change!
>
>could it be that i need an additionally package or anything similar?
>
>
>thanks and lg
>thomas reisenbichler
>
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] with ldap - samba - password sync - domain group map - login message
hello list! first: sorry for my english and the long mail, but i REALLY need help! i want to kick the nt4 pdc in our network and thought to realize single sign on with samba and ldap. i made two testserver: the first test was with suse linux 7.3 with latest openldap, pam_ldap, nss_ldap and samba 2.2.3a (i compiled all components myself!). the second was with suse linux 8.0 with openldap, pam_ldap, nss_ldap (this three components are the standard rpm's from suse 8.0) and samba 2.2.4 (latest rpm from the suse samba-developer). the basic systems worked and all problems i'm going to describe occurred in both testenvironments! 1. after login from w2k i get the message, that the password expires and asks me if i want to change. if i change or not, at next logon the situation is the same, but i can login over a few weeks without passwordchange. - the only information i found about in the web is, that i can set the users pwdLastSet to -1, but, on the one hand, i doesn't work and on the other hand, if anyone changes his password this field would be overwritten automatically and the old problem starts again. 2. the unix password sync doesn't work. but i think there are two different problems, but let me describe: if i activated the password sync, i got on the w2k client the error "username or password wrong ". if it's not activated, the passwordchange works!! so i checked the log and thougt i'm silly as i saw the wollowing rows (!!): [2002/06/13 15:33:23, 10] smbd/chgpasswd.c:dochild(211) Invoking '/etc/ldappwdsmb test' as password change program. [2002/06/13 15:33:26, 100] smbd/chgpasswd.c:expect(265) expect: expected [New password: ] received [New password: ] match no [2002/06/13 15:33:28, 100] smbd/chgpasswd.c:expect(265) expect: expected [New password: ] received [] match no [2002/06/13 15:33:28, 10] smbd/chgpasswd.c:expect(276) expect: returning False [2002/06/13 15:33:28, 3] smbd/chgpasswd.c:talktochild(302) Response 1 incorrect after this i made a test where the chat isn't activated and the passwd- program is a shell-script that only writes a text into a file. at the next try there where no logging like the lines above, the passwd- programm ended normally (because the text was in the file), but the w2k- client told again that username or password is wrong! so i think, that this are two different problems, but i can't understand! 3. the domain group map doesn't work! i found a lot of descriptions about and all where same. so, i thougt i'm on the right way and made it like these discriptions, but at samba 2.2.3a there was shown only one group named with hieroglyphs. at 2.2.4 no group is shown from my map-file, but there are shown the groups domain admins and domain users - could anyone tell me where these groups are configured in samba? i need the groupmapping because we have one w2k-database and fileserver and i can't cick it. please help me thank you very much lg thomas reisenbichler -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] with ldap - samba - password sync - domain group map- login message
NSC - NetworkServiceCenter wrote: > hello list! > the basic systems worked and all problems i'm going to describe occurred in > both testenvironments! > > 1. after login from w2k i get the message, that the password expires and > asks me if i want to change. if i change or not, at next logon the > situation is the same, but i can login over a few weeks without > passwordchange. >- the only information i found about in the web is, that i can set the > users pwdLastSet to -1, but, on the one hand, i doesn't work and on the > other hand, if anyone changes his password this field would be overwritten > automatically and the old problem starts again. some report that the account flags have to be [UX ] (with added X), which means that the password will not expire. however, i think this didn't work for men. my solution (found in some ldap-samba-pdc-howto) was to set the pwdMustChange to 2147483647 (which is far in the future: 2030 or something) > > > 2. the unix password sync doesn't work. but i think there are two different > problems, but let me describe: if i activated the password sync, i got on you have to set the password chat to something that reflects your systems password chat (no na) on my system, when i try to change my password (with correct pam.d/passwd pam_ldap.conf etc) with "passwd" i get following dialog: New password: Re-enter new password: so the password chat in [global] is as follows: passwd program = /usr/bin/passwd %u passwd chat = *New\spassword:* %n\n *Re-enter\snew\spassword:* %n\n . > 3. the domain group map doesn't work! i found a lot of descriptions about i have not tried this yet, but i think that 2.2.3a does not supprt domain-group-mapping (but 2.2.4 should ???) mfg.cd.sadf IOhannes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
