I've tried to setup my brand new Samba 3 server on an x86 Linux machine but it turns out that "%o" (for old password) doesn't work anymore for "passwd chat" (while it did work for Solaris with Samba 2.2). I used "passwd chat debug" and expect just shows an empty password when the old password is filled in (instead of the one specified to smbpasswd). I've used these settings for smb.conf: passwd chat = *old*password* %o\n *new*password* %n\n *new*password* %n\n *The*NIS*password*has*been*changed* passwd chat debug = yes smbd.log shows: expect: expected [*old*password*] received [Changing NIS account information for proto on einstein. Please enter old password:] match yes [2005/04/28 11:41:14, 10] smbd/chgpasswd.c:expect(286) expect: returning True [2005/04/28 11:41:14, 100] smbd/chgpasswd.c:expect(238) expect: sending [ ] [2005/04/28 11:41:14, 10] lib/util_sock.c:read_socket_with_timeout(305) read_socket_with_timeout: timeout read. select timed out. [2005/04/28 11:41:14, 100] smbd/chgpasswd.c:expect(275) expect: expected [*new*password*] received [ Changing NIS password for proto on einstein. Please enter new password:] match yes
when using encrypted passwords, we never have the old passord so we cannot fix this. The password command has to be able to reset the user password as root without the old password (i.e. run on the NIS master).