摩托學園討論區

由 **Cheung** » 週日 10月 23, 2005 9:29 pm

附上error log
當我登入主機時：
[cheung@sarge cheung]$ smbpasswd
Old SMB password:
New SMB password:
Retype new SMB password:
cli_pipe: return critical error. Error was Call timed out: server did not respond after 20000 milliseconds
cli_oem_change_password: Failed to send password change for user cheung
machine 127.0.0.1 rejected the password change: Error was : Call timed out: server did not respond after 20000 milliseconds.
Failed to change password for cheung :mygod:

會是要改變指令嗎? 改看看
[cheung@sarge cheung]$ smbpasswd -r 10.1.1.1 -U cheung
Old SMB password:
New SMB password:
Retype new SMB password:
cli_pipe: return critical error. Error was Call timed out: server did not respond after 20000 milliseconds
cli_oem_change_password: Failed to send password change for user cheung
machine 10.1.1.1 rejected the password change: Error was : Call timed out: server did not respond after 20000 milliseconds.
Failed to change password for cheung
:crying:

現在小弟在主機上用 passwd 可以做到系統密碼跟 samba 密碼同步更新可是要用smbpasswd更新試試看時才出現這問題

debian 將 smbpasswd 檔放在 /var/lib/samba/secrets.tdb
不知道這會不會造成影響?

由 **Cheung** » 週一 10月 24, 2005 12:45 am

剛剛再試了一下發現只要我加入 unix password sync = yes 我就沒辦法用 smbpasswd 去改 samba 的密碼

拿掉 unix password sync = yes 是可以改但是卻不能使samba 改密碼後也能同步更新系統的密碼

由 **Cheung** » 週一 10月 24, 2005 10:41 am

自問自達問題解決了
<---嚴禁未經授權轉做商業用途文章--->
<--- 可自由轉載來信告知即可 --->

之前看到 samba 可以讓 user 在 windows 端改密碼同時改系統密碼

想說玩看看花了兩天終於做出來了 :-)

先前測試 samba pdc 功能時發現要嘛就是 samba 不能用 smbpasswd

改密碼等一堆拉哩拉雜的怪問題不然就是 windows client 可以登入

但是改密碼卻不行不然就是整台主機一改密碼 hang 在那邊不知道怎麼辦

只能重開機，又好死不死的 smaba 重跑後 windows 改的密碼又生效了

造成一堆幹聲連連的狀況

(因為 smbpasswd 跟 passwd 同步的關係造成系統密碼也改了)

後來找到原因其實 samba 已附上最好的解法了作法如下

要改 /etc/pam.d/passwd

加入 password sufficient pam_smbpass.so audit use_first_pass

使用 samba 附的 registry ,

winxp 要用:
WinXP_PlainPassword.reg <-- 這2個一定要有不然不能通過 PDC 認證
WinXP_SignOrSeal.reg <-- 也不能改密碼

[global]
workgroup = STARWAR
netbios name = C3PO
server string = I am STARWAR C3PO
security = user
encrypt passwords = true <----- 這四行一定要有
unix password sync = yes <----- 否則不能改 samba 密碼
obey pam restrictions = yes <----- 也不能使系統密碼同步
pam password change = yes <-----

#############################################
##
## NT 4 PDC Server Setting
##
os level = 33
domain master = yes
preferred master = yes
domain logons = yes
logon path = \\%L\Profiles\%U
logon drive = H:
logon home = \\C3PO\%u
##
#############################################

dos charset = CP950
unix charset = UTF-8
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d

passdb backend = tdbsam guest
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n . <---這裡要併為一行
passwd chat debug = true
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192

<--------------- 以下省略 ---------------->

成功的話 auth.log 會有如下記錄

Oct 24 10:39:50 slapd smbd[9926]: (pam_unix) session opened for user cheung by (uid=0)
Oct 24 10:39:50 slapd smbd[9926]: (pam_unix) session closed for user cheung
Oct 24 10:39:56 slapd smbd[9927]: (pam_unix) session opened for user cheung by (uid=0)
Oct 24 10:39:56 slapd smbd[9927]: (pam_unix) password changed for cheung
Oct 24 10:39:56 slapd smbd[9927]: (pam_unix) Password for cheung was changed
Oct 24 10:39:57 slapd smbd[9927]: (pam_unix) session closed for user cheung

由 **VoodooMark** » 週四 3月 02, 2006 12:03 pm

Cheung 寫:winxp 要用:
WinXP_PlainPassword.reg <-- 這2個一定要有不然不能通過 PDC 認證
WinXP_SignOrSeal.reg <-- 也不能改密碼

請問以上這兩個東東，要在哪裡找？如何用？直接執行嗎？

由 **Cheung** » 週五 3月 03, 2006 1:02 am

請找google大神或至 http://www.samba.org 膜拜

相信你會有答案的

由 **jimlinsung** » 週四 7月 12, 2007 5:59 pm

Cheung 寫:自問自達問題解決了
<---嚴禁未經授權轉做商業用途文章--->
<--- 可自由轉載來信告知即可 --->

之前看到 samba 可以讓 user 在 windows 端改密碼同時改系統密碼

想說玩看看花了兩天終於做出來了

先前測試 samba pdc 功能時發現要嘛就是 samba 不能用 smbpasswd

改密碼等一堆拉哩拉雜的怪問題不然就是 windows client 可以登入

但是改密碼卻不行不然就是整台主機一改密碼 hang 在那邊不知道怎麼辦

只能重開機，又好死不死的 smaba 重跑後 windows 改的密碼又生效了

造成一堆幹聲連連的狀況

(因為 smbpasswd 跟 passwd 同步的關係造成系統密碼也改了)

後來找到原因其實 samba 已附上最好的解法了作法如下

要改 /etc/pam.d/passwd

加入 password sufficient pam_smbpass.so audit use_first_pass

使用 samba 附的 registry ,

winxp 要用:
WinXP_PlainPassword.reg <-- 這2個一定要有不然不能通過 PDC 認證
WinXP_SignOrSeal.reg <-- 也不能改密碼

[global]
workgroup = STARWAR
netbios name = C3PO
server string = I am STARWAR C3PO
security = user
encrypt passwords = true <----- 這四行一定要有
unix password sync = yes <----- 否則不能改 samba 密碼
obey pam restrictions = yes <----- 也不能使系統密碼同步
pam password change = yes <-----

#############################################
##
## NT 4 PDC Server Setting
##
os level = 33
domain master = yes
preferred master = yes
domain logons = yes
logon path = \\%L\Profiles\%U
logon drive = H:
logon home = \\C3PO\%u
##
#############################################

dos charset = CP950
unix charset = UTF-8
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d

passdb backend = tdbsam guest
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n . <---這裡要併為一行
passwd chat debug = true
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192

<--------------- 以下省略 ---------------->

成功的話 auth.log 會有如下記錄

Oct 24 10:39:50 slapd smbd[9926]: (pam_unix) session opened for user cheung by (uid=0)
Oct 24 10:39:50 slapd smbd[9926]: (pam_unix) session closed for user cheung
Oct 24 10:39:56 slapd smbd[9927]: (pam_unix) session opened for user cheung by (uid=0)
Oct 24 10:39:56 slapd smbd[9927]: (pam_unix) password changed for cheung
Oct 24 10:39:56 slapd smbd[9927]: (pam_unix) Password for cheung was changed
Oct 24 10:39:57 slapd smbd[9927]: (pam_unix) session closed for user cheung

報告大大,我用了您的方法...不行耶....我用的是centos 5.0然後用yum去下載最新的samba(三個主要套件),然後PDC架設正常完畢,
於是開始試驗您的方法:
1.把samba附的二個.reg登錄檔用aministrator 的身份滙入xp中(其中一個下載回來副檔名是obj,我看一下內容後把它改成.reg...這樣應該沒差吧)
2.在smb.conf中加入您說的五條指令
encrypt passwords = true
unix password sync = yes
obey pam restrictions = yes
pam password change = yes
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n(有變成一行)
於是我的smb.conf如下:
[global]
workgroup=MYWORK
server string=SAMBA SERVER
display charset = UTF8
dos charset = CP950
unix charset = UTF8
security = user
encrypt passwords= yes
smb passwd file = /etc/samba/smbpasswd
log file = /var/log/samba/%m.log
max log size = 100
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
hosts allow = 192.168.2. 127.

os level = 200
preferred master = yes
domain master = yes
local master = yes
domain logons = yes
logon script = startup.bat
logon path = \\%L\profiles\%U
logon drive = z:
wins support = yes
dns proxy = no
time server = yes
admin users = root

"encrypt passwords = true"
"unix password sync = yes"
panic action = /usr/share/samba/panic-action %d
passwd program = changepass %u
"obey pam restrictions = yes"
"pam password change = yes"
"passwd chat = *Enter\snew\sUNIX\spassword:* %n\n*Retype\snew\sUNIX\spassword:* %n\n"
passwd chat debug = true
然後我也看一下auth.log但看不懂不過似乎沒有大大您說的那幾行訊息耶....iptables 137~139 tcp udp都有開放,而selinux有開沒開似乎沒差,請大大指點一下小弟是那裡不對吧..... :crying:

由阿信 » 週四 7月 12, 2007 11:56 pm

samba的密碼同步部份可參閱

Samba 使用 PAM 做認證？
[奇怪] Samba 的密碼無法和 Linux 同步...

摩托學園討論區

samba 的 smbpasswd 更新密碼問題

samba 的 smbpasswd 更新密碼問題

做不出來....

誰在線上