RHEL4 ES as a PDC and changing passwords.
I've set up a small isolated node of systems (4 Windows 2000 and 4
RHEL-WS and 1 RHEL ES, V4 update 2). I've set up the Samba on the RHEL4
ES as a PDC and NIS master and is working great except for one thing,
changing passwords on the Windows systems doesn't seem to abide by the
cracklib rules I specified. Here is the system-auth entries for
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
dcredit=-1 ucredit=-1 ocredit=-1 lcredit=0 minlen=8
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok
md5 shadow nis remember=8
password required /lib/security/$ISA/pam_deny.so
for smb.conf I use:
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n
In the syslog when changing the password (using a invalid password of
12345678) on the windows system is gives:
Aug26 18:55:18 mslserver rpc.yppasswdd : update steveb (uid=1010)
from host 127.0.0.1 rejected
Aug16 18:55:18 mslserver rpc.yppasswdd : invalid password
Aug26 18:55:18 mslserver passwd (pam_unix) : password not changed
for steveb on mslserver.
Aug26 18:55:18 mslserver passwd (pam_unix) : password changed for
Windows comes back with 'Your password has been changed'. And the
password has been changed for both the Windows systems and the Linux
systems. If I change the password on a Linux system (using passwd), the
use of '123456789' will fail (too simplistic). So it appears that the
pam rules work as it should if changing the password on a linux system,
but not from a Windows system. Since Samba is using the Linux passwd to
change passwords, then I was thinking that it would fail on simplistic
passwords. Why is this not doing what I was expecting?
Smb.conf man page states that the unix password is changed first before
smbpasword, therefore if the unix password fails, then smbd will fail to
change the SMB password file.
>From the syslog, it appears that it does fail, but for some reason, it
How can I get this to work?
Note: These systems are not on the internet, and the above was typed in
redhat-list mailing list
|All times are GMT. The time now is 01:02 AM.|
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.