Ah, thank you, I missed that
On Wed, Jan 9, 2019, 18:34 Mathieu Parent <570...@bugs.launchpad.net
wrote:
> It is. Closed by me:
>
> samba (2:4.9.1+dfsg-2) unstable; urgency=medium
> [ Mathieu Parent ]
> * Allow one to change password via passwd in default config
> - third_party: Update pam_wra
I don't know why that samba upload closed this bug: #570944 is nowhere
in d/changelog.
** Changed in: samba (Ubuntu)
Status: Fix Released => Triaged
--
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to the bug report.
https://bugs.launchp
I forgot to say i'm on precise with latest updates
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/570944
Title:
passwd : gives "Authentication token manipulation error"
To manage not
As suggested by gmoore777 removing use_authtok allowed me to go on with
password changing
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/570944
Title:
passwd : gives "Authentication t
Oh, about offtopic - forget about it. Now I see - there is "Session-
Interactive-Only: yes" option.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/570944
Title:
passwd : gives "Authen
** Attachment added: "pam_winbind.conf"
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/570944/+attachment/2391122/+files/pam_winbind.conf
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.
** Attachment added: "unix-noauthtok"
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/570944/+attachment/2391121/+files/unix-noauthtok
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/
Here is my solution:
1) copy "winbind" "winbind-noauthtok" "unix-noauthtok" files from attachments
to /usr/share/pam-configs/ (with overwrite)
2) copy "pam_winbind.conf" from attachment to /etc/security/
3) run pam-auth-update and check "Unix authentication (no use_authtok)" &
"Winbind NT/Active
** Attachment added: "winbind-noauthtok"
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/570944/+attachment/2391120/+files/winbind-noauthtok
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in Ubuntu.
https://bugs.launchpa
Right. We clearly don't want to introduce new failures when we fix a specific
combination :)
In the mean time, users affected by this issue can workaround it by following
comment 10.
--
passwd : gives "Authentication token manipulation error"
https://bugs.launchpad.net/bugs/570944
You received
This is a tricky one. Dropping use_authtok does solve the problem of
pam_unix not prompting for the password, but it also changes the
behavior in the case that you have a password strength checking module
stacked first, such as pam_cracklib. If pam_cracklib is configured, we
don't want pam_winbin
I'd like a second pair of PAM eyes before making that change.
--
passwd : gives "Authentication token manipulation error"
https://bugs.launchpad.net/bugs/570944
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in ubuntu.
--
Ubuntu-s
OK, I misread use_authtok. It will *not* prompt for a new password if
none has been set by the previous module in stack. Since pam_unix
doesn't prompt for a new password (due to "user "DOMAIN\first.last" does
not exist in /etc/passwd"), pam_winbind has nothing to use and fails.
Looks like we shoul
I have interleaved the information, removed the timestamps and
substituted DOMAIN\first.last for the actual:
$ passwd
Changing password for DOMAIN\first.last
passwd[30381]: pam_unix(passwd:chauthtok): user "DOMAIN\first.last"
does not exist in /etc/passwd
passwd[30381]: pam_winbi
Interesting. Short explanation of the parameters: the pam passwd stack
asks for two passwords, one to authenticate and one as the new password.
try_first_pass makes pam_winbind try to use the authentication password
provided to the previous module (pam_unix). If it fails, it will prompt
for a new
FYI:
I can get `passwd` to work if I change one line in common-password
>From the winbind default-configured line of:
password [success=1 default=ignore] pam_winbind.so use_authtok
try_first_pass
To:
password [success=1 default=ignore] pam_winbind.so try_first_pass
So looks like just the
FYI:
I can get `passwd` to work if I change the line in common-password
From:
password [success=1 default=ignore] pam_winbind.so use_authtok
try_first_pass
To:
password sufficient pam_winbind.so
I'm not sure if I'm creating other problems with the above edit, since
I'm n
** Changed in: samba (Ubuntu)
Status: Incomplete => Confirmed
--
passwd : gives "Authentication token manipulation error"
https://bugs.launchpad.net/bugs/570944
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in ubuntu.
--
U
Is this what you need?
$ cd /etc/pam.d
$ cat common-auth common-session-noninteractive common-session common-password
common-account | grep -v "^#"
auth[success=2 default=ignore] pam_unix.so nullok_secure
auth[success=1 default=ignore] pam_winbind.so krb5_auth
krb5_ccache_type
Note that likewise 5.x doesn't add another layer on top of
samba/winbind, it's a complete reimplementation. It's also simpler to
set up, and since in your case something must be wrong with the winbind
setup, it might help you...
Could you attach your winbind configuration ?
--
passwd : gives "Au
i am not using likewise-open on Lucid cause likewise-open no longer supports
setting up Samba shares with ActiveDirectory integration.
Meaning from a Windows machine, I cannot access \\linuxmachinename\sharename
and this
is important to our Windows/Linux workplace.
(And I no longer see the advan
Probably an issue with the winbind configuration... Any reason why
you're not using likewise-open in lucid as well ?
--
passwd : gives "Authentication token manipulation error"
https://bugs.launchpad.net/bugs/570944
You received this bug notification because you are a member of Ubuntu
Server Team
Correct, `passwd` works with likewise-open on hardy, and fails with winbind on
lucid.
I do not know what the outcome of `passwd` is on hardy without likewise-open,
nor
the outcome of `passwd` on lucid with likewise-open.
I will ask this on the Lucid forum at
http://ubuntuforums.org/showthread.p
So it works with likewise-open on Hardy, and fails with winbind on lucid
? Or did you also successfully use winbind on hardy ?
--
passwd : gives "Authentication token manipulation error"
https://bugs.launchpad.net/bugs/570944
You received this bug notification because you are a member of Ubuntu
S
Yes it works on HardyHeron.
I used likewise-open to faciitate the ActiveDirectory integration on HardyHeron,
rather than just the native samba/winbind integration on LucidLynx.
But that may have nothing to do with it, but is worthy of mentioning.
--
passwd : gives "Authentication token manipulat
Thanks for your input. Did it ever work on previous releases ?
** Changed in: samba (Ubuntu)
Importance: Undecided => Medium
** Changed in: samba (Ubuntu)
Status: New => Incomplete
--
passwd : gives "Authentication token manipulation error"
https://bugs.launchpad.net/bugs/570944
You r
26 matches
Mail list logo
