Bug 4658 - Changing AD Password from GDM
Summary: Changing AD Password from GDM
Status: RESOLVED INVALID
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: winbind (show other bugs)
Version: 3.0.24
Hardware: x86 Linux
: P3 normal
Target Milestone: none
Assignee: Guenther Deschner
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-05-24 17:02 UTC by Jeffery
Modified: 2007-05-24 18:25 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jeffery 2007-05-24 17:02:34 UTC
I'm trying to get users to be able to change their Active Directory Password from Linux when they login. When a user forgets his/her password, I reset and set it so that they have to change it next time they login. They are able to do it in Windows, but not under Linux. A window pops up telling them that they have to change their password now, but they don't get a little window where they can change it...

/etc/pam.d/gdm
#%PAM-1.0
auth       required     pam_env.so
auth       required     pam_nologin.so
auth       include      system-auth
account    include      system-auth
password   include      system-auth
session    optional     pam_console.so
session    include      system-auth

/etc/pam.d/system-auth
#%PAM-1.0

auth        required      pam_env.so
auth        sufficient    pam_unix.so likeauth nullok
auth        sufficient    pam_winbind.so use_first_pass
auth        required      pam_deny.so

account     sufficient    pam_unix.so
account     sufficient    pam_winbind.so use_first_pass
account     required      pam_deny.so

password    sufficient    pam_winbind.so
password    required      pam_cracklib.so retry=3 minlen=4  dcredit=0  ucredit=0 
password    sufficient    pam_unix.so nullok use_authtok md5 shadow
password    required      pam_deny.so

session     optional      pam_mkhomedir.so skel=/etc/skel/ umask=0022
session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     required      pam_unix.so

/etc/pam.d/system-auth-winbind
#%PAM-1.0

auth        required      pam_env.so
auth        sufficient    pam_winbind.so
auth        sufficient    pam_unix.so likeauth nullok use_first_pass
auth        required      pam_deny.so

account     sufficient    pam_winbind.so
account     required      pam_unix.so

password    sufficient    pam_winbind.so
password    required      pam_cracklib.so retry=3
password    sufficient    pam_unix.so nullok use_authtok md5 shadow
password    required      pam_deny.so

session     required      pam_mkhomedir.so skel=/etc/skel/ umask=0022 
session     required      pam_limits.so
session     required      pam_unix.so


/etc/pam.d/common-account
account sufficient      pam_winbind.so
account required        pam_unix.so


/etc/pam.d/common-auth
auth sufficient pam_winbind.so
auth sufficient pam_unix.so nullok_secure use_first_pass
auth required   pam_deny.so


/etc/pam.d/common-session
session required pam_unix.so
session required pam_mkhomedir.so umask=0022 skel=/etc/skel


/etc/pam.d/passwd
#%PAM-1.0
auth       include      system-auth
account    include      system-auth
password   include      system-auth


/etc/pam.d/samba
#%PAM-1.0
auth       include      system-auth
account    required     pam_nologin.so
account    include      system-auth
session    include      system-auth
Comment 1 Guenther Deschner 2007-05-24 18:25:36 UTC
Turned out to be a local pam.d configuration issue (as communicated on IRC) and not a samba bug.

Thanks for the report anyway.