passwd doesn't work with pam_winbind
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
samba (Ubuntu) |
Confirmed
|
Medium
|
Unassigned |
Bug Description
Binary package hint: samba
At all! This seems to be related to https:/
Since this is the PAM configuration for winbind straight out of the box I think it should work! Removing the use_authtok does seem to get things unstuck.
Ultimately means all users get locked out of their accounts because the password expires and it cannot be reset. So, it is pretty serious.
$ passwd
Changing password for utest
(current) NT password:
passwd: Authentication token manipulation error
passwd: password unchanged
Nov 25 14:28:51 jggl passwd[7456]: pam_unix(
Nov 25 14:28:51 jggl passwd[7456]: pam_winbind(
Nov 25 14:28:51 jggl passwd[7456]: pam_winbind(
Nov 25 14:28:51 jggl passwd[7456]: pam_winbind(
Nov 25 14:28:53 jggl passwd[7456]: pam_winbind(
Nov 25 14:28:53 jggl passwd[7456]: pam_winbind(
Nov 25 14:28:53 jggl passwd[7456]: pam_winbind(
Nov 25 14:28:53 jggl passwd[7456]: pam_unix(
Nov 25 14:28:53 jggl passwd[7456]: pam_winbind(
Nov 25 14:28:53 jggl passwd[7456]: pam_winbind(
Nov 25 14:28:53 jggl passwd[7456]: pam_winbind(
Nov 25 14:28:53 jggl passwd[7456]: pam_winbind(
Nov 25 14:28:53 jggl passwd[7456]: pam_winbind(
/etc/pam.
# here are the per-package modules (the "Primary" block)
password [success=2 default=ignore] pam_unix.so obscure sha512
password [success=1 default=ignore] pam_winbind.so use_authtok try_first_pass
# here's the fallback if no module succeeds
password requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
password required pam_permit.so
# and here are more per-package modules (the "Additional" block)
password optional pam_gnome_
# end of pam-auth-update config
ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: winbind 2:3.5.4~
ProcVersionSign
Uname: Linux 2.6.35-22-generic x86_64
Architecture: amd64
Date: Thu Nov 25 14:19:48 2010
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release amd64 (20101007)
ProcEnviron:
PATH=(custom, no user)
LANG=C
SHELL=/bin/bash
SambaClientRegr
SourcePackage: samba
security vulnerability: | yes → no |
I think given the conversation in 570944 we can call this confirmed. Thierry/Steve,
has any agreement been reached as to what should be done?