[Fedora-directory-users] samba password change error

Agnaldo Freitas afreitas at sei.ba.gov.br
Thu Oct 11 20:11:27 UTC 2007 

Hi everybody!

After several tips in relation to the correct way of configuring samba with Fedora-DS, everything was going well. But a few days a go, i was trying to configure the CUPS, and as it did not initiate then i tried to remove it, reinstall it, and to update it with the commands "yum remove cups*", "yum install cups" and "yum update cups*". Since then,  i observed that the "password change"(syncronism) stopped to function with an old error message (you don't have permission to change the password).

Here, the  passwords synchronization between samba and Fedora-DS only worked with "pam password":

It will be that someone can help me?


This is the configuration that functioned normally until i reinstalled the CUPS. (because, it is the only different thing that "i remember" i can have done).

/etc/samba/smb.conf
    ## Sincronizacao de senhas samba com Linux via windows
    # ldap passwd sync = yes  # here fails, i think it was because FDS doesn't have plugin for "pam_password exop" option.
    pam password change = yes
    unix password sync = Yes
    passwd chat = *New*password* %n *Retype*new*password* %n *passwd:*all*authentication*tokens*updated*successfully*
    passwd program = /usr/sbin/smbldap-passwd -u %u
    obey pam restrictions = no


/etc/ldap.conf
    base dc=sei,dc=intranet
    host 192.168.2.3
    rootbinddn cn=Directory Manager  # It was my only problem in the past, i forgot this line!
    timelimit 120
    pam_lookup_policy yes
    ssl no
    pam_password crypt

/etc/nsswitch.conf
    passwd:   files ldap
    shadow:   files ldap
    group:      files ldap

    hosts:      files dns

    bootparams: nisplus [NOTFOUND=return] files

    ethers:     files
    netmasks:   files
    networks:   files
    protocols:  files ldap
    rpc:        files
    services:   files ldap
    
    netgroup:   files ldap

    publickey:  nisplus

    automount:  files ldap
    aliases:    files nisplus

/etc/openladap/ldap.conf
    URI ldap://127.0.0.1/
    BASE dc=sei,dc=intranet


/etc/pam.d/system-auth

    #%PAM-1.0
    # This file is auto-generated.
    # User changes will be destroyed the next time authconfig is run.

    auth        required      pam_env.so
    auth        sufficient    pam_unix.so likeauth nullok
    auth        sufficient    pam_ldap.so use_first_pass
    auth        required      pam_deny.so

    account     required      pam_unix.so broken_shadow
    account     sufficient    pam_succeed_if.so uid < 100 quiet
    account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
    account     required      pam_permit.so

    password    requisite     pam_cracklib.so retry=3
    password    sufficient    pam_unix.so md5 shadow nullok use_authtok
    password    sufficient    pam_ldap.so use_authtok
    password    required      pam_deny.so


    session     required      pam_limits.so
    session     required      pam_unix.so
    session     optional      pam_ldap.so

Grateful for your attention,
Agnaldo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20071011/a2d45987/attachment.html>

More information about the 389-users mailing list