Results 1 to 2 of 2

Thread: SAMBA as PDC on SLES 10.2 - Error when Users on Windows Client try to change password

  1. #1

    Question SAMBA as PDC on SLES 10.2 - Error when Users on Windows Client try to change password

    Dear All,
    Two years ago, in our little company, I installed SLES 10.2 with SAMBA 3.5.5.43 to retire our old Microsoft Windows 2000 Server and save some money.

    All was fine until last week when our chief asked to me to set password expiration for all clients.
    This morning, all users cannot logon because, when they logon, windows asks to change password and then it gives error error "Access Denied".

    In SAMBA logs I can see:
    api_rpcTNP: rpc command: SAMR_CHANGEPASSWORDUSER2
    chgpasswd: Password change (as_root=Yes) for user: FederPal
    PAM: unable to obtain the new authentication token - is password to weak?
    smb_pam_error_handler: PAM: Password Change Failed : Authentication token manipulation error
    smb_pam_passchange: PAM: Password Change Failed for user FederPal!

    Here is my smb.conf:
    [global]
    security = user
    interfaces = 127.0.0.1 eth0
    ldap ssl = no
    passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
    admin users = @admin, root, administrator
    time server = Yes
    passwd program = /usr/bin/passwd %u
    cups options = raw
    netbios name = SAMBAPDC
    printing = cups
    logon script = netlogon.bat
    local master = Yes
    workgroup = SAMBAPDC
    os level = 99
    printcap name = cups
    add machine script = /usr/sbin/useradd -d /home/machines/%u -g machines -s /bin/false -M %u
    max log size = 1000
    log level = 3
    log file = /var/log/samba/log.%m
    load printers = yes
    socket options = SO_KEEPALIVE TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
    logon drive = H:
    map to guest = Bad User
    username map = /etc/samba/smbusers
    domain master = Yes
    encrypt passwords = yes
    smb passwd file = /etc/samba/smbpasswd
    passdb backend = tdbsam
    logon home = \\serverpdc\%U
    wins support = Yes
    printcap cache time = 750
    server string = Samba PDC - Version %v
    unix password sync = yes
    logon path = \\serverpdc\profiles\%U
    syslog = 0
    preferred master = Yes
    pam password change = yes
    domain logons = Yes
    name resolve order = wins lmhosts hosts bcast

    [profiles]
    comment = Users Home Directories
    path = /home/profiles
    read only = No
    create mask = 0600
    directory mask = 0700
    browseable = No
    writeable = yes

    Have you any idea?

    Thanks and Regards,

    Luca

  2. #2
    Join Date
    Nov 2009
    Location
    ND, USA
    Posts
    1,131

    Default Re: SAMBA as PDC on SLES 10.2 - Error when Users on Windows Client try to change password

    On Mon October 11 2010 04:36 am, photec wrote:

    >
    > Dear All,
    > Two years ago, in our little company, I installed SLES 10.2 with SAMBA
    > 3.5.5.43 to retire our old Microsoft Windows 2000 Server and save some
    > money.
    >
    > All was fine until last week when our chief asked to me to set password
    > expiration for all clients.
    > This morning, all users cannot logon because, when they logon, windows
    > asks to change password and then it gives error error "Access Denied".
    >
    > In SAMBA logs I can see:
    > api_rpcTNP: rpc command: SAMR_CHANGEPASSWORDUSER2
    > chgpasswd: Password change (as_root=Yes) for user: FederPal
    > PAM: unable to obtain the new authentication token - is password to
    > weak?
    > smb_pam_error_handler: PAM: Password Change Failed : Authentication
    > token manipulation error
    > smb_pam_passchange: PAM: Password Change Failed for user FederPal!

    <snip>
    >
    > Have you any idea?
    >
    > Thanks and Regards,
    >
    > Luca
    >
    >

    Luca;

    This is the OpenSuse Forum for the free version of Suse. This is generally
    not watched by the Novel support personal. I think you would have better
    luck posting to the SLES section of Novel's Forum here:

    http://forums.novell.com/

    Someone here might know the solution, my guess is that you need to alter
    your /etc/pam.d/samba file. But I'm not sure just how SLES had this
    configured in the first place. There is no harm posting here, but I
    recommend you also post in the Novel Forum.
    --
    P. V.
    "We're all in this together, I'm pulling for you." Red Green

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •