Web lists-archives.com

Re: [Samba] samba AD: using passwd on linux to change PW




Thanks a lot. I will check it.
We do not use kerberos - is it necessary ?

Bye, Peer

On 03.01.2018 15:15, L.P.H. van Belle via samba wrote:
Hi Peer,

This is my output, this account testaccount1 was created 2 minutes ago before the tests below.

passwd testaccount1
Current Kerberos password:
Enter new Kerberos password:
Retype new Kerberos password:
Password change rejected: Password change rejected, password changes may not be permitted on this account, or the minimum password age may not have elapsed.
Your password must be at least 5 characters; cannot repeat any of your previous 5 passwords; Please type a different password. Type a password which meets these requirements in both text boxes.
passwd: Authentication token manipulation error
passwd: password unchanged

If you run : pam-auth-update
You should see something like this.


   „                                                                                                                                                                                                         „
   „  PAM profiles to enable:                                                                                                                                                                                „
   „                                                                                                                                                                                                         „
   „     [ ] Create home directory during login                                                                                                                                                              „
   „     [*] Kerberos authentication                                                                                                                                                                         „
   „     [*] Unix authentication                                                                                                                                                                             „
   „     [*] Winbind NT/Active Directory authentication                                                                                                                                                      „
   „     [*] Register user sessions in the systemd control group hierarchy                                                                                                                                   „
   „     [*] Inheritable Capabilities Management                                                                                                                                                             „
   „                                                                                                                                                                                                         „


Same server, but now with a user disabled.
passwd someuser ( but disabled in AD )
Current Kerberos password:
Enter new Kerberos password:
Retype new Kerberos password:
Access denied: Not permitted to change password
Access is denied
passwd: Authentication token manipulation error
passwd: password unchanged

Same user but now enabled in AD.
Current Kerberos password:
passwd: Authentication token manipulation error
passwd: password unchanged
root@rtd-print1:~# passwd xreib
Current Kerberos password:
Enter new Kerberos password:
Retype new Kerberos password:
passwd: password updated successfully

So this should work fine.

Debian 9.3
Samba 4.7.3 ( from my own apt )



Best regards,

Louis


-----Oorspronkelijk bericht-----
Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens Dr.
Peer-Joachim Koch via samba
Verzonden: woensdag 3 januari 2018 14:50
Aan: samba@xxxxxxxxxxxxxxx
Onderwerp: [Samba] samba AD: using passwd on linux to change PW

Hi,

a short question about changing passwords. Our linux login server is
using winbind
for authentication. Everything is working well, but changing the
password for a user
does not work. We see the following error:

passwd
Changing password for USER
(current) NT password:
passwd: Authentication token manipulation error
passwd: password unchanged

/var/log/auth.log

pam_winbind(sshd:auth): getting password (0x00000388)
Jan  3 14:41:36 HOSTNAME sshd[4355]: pam_winbind(sshd:auth):
pam_get_item returned a password
Jan  3 14:41:36 HOSTNAME sshd[4355]: pam_winbind(sshd:auth): request
wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN
(10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was:
The specified
account does not exist.

Login is working fine, also the groups are all correct.

Maybe something in the pam-config has to be changed ?

Where can I find some description to setup the system that every user
can execute passwd ?

System Debian 9.3 using winbind against Samba AD.


--
Bye,
      Peer
________________________________________________________

Max-Planck-Institut für Biogeochemie
Dr. Peer-Joachim Koch
Hans-Knöll Str.10            Telefon: ++49 3641 57-6705
D-07745 Jena                 Telefax: ++49 3641 57-7705


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba



--
Mit freundlichen Grüßen,
    Peer-Joachim Koch
________________________________________________________

Max-Planck-Institut für Biogeochemie
Dr. Peer-Joachim Koch
Hans-Knöll Str.10            Telefon: ++49 3641 57-6705
D-07745 Jena                 Telefax: ++49 3641 57-7705


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba