Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Unable to change domain user passwords
Top Forums UNIX for Dummies Questions & Answers Unable to change domain user passwords Post 302608525 by kerona on Saturday 17th of March 2012 06:13:45 PM
Old 03-17-2012
Unable to change domain user passwords
Hi,

I'm new to this site, so my apologies if this is posted to the wrong board.

I'm the student administrator of a small computer science lab (20 Win 7 PCs) at a university. The logins to the PCs are handled by samba (v. 3.5.8) on a CentOS server (kernel v. 2.6.9-100.ELsmp). Recently I noticed a problem where I could successfully create domain users on the server, but they would not be able to log in. Looking into this further, I discovered I was also unable to change domain passwords for users: the password changing script I've been told to use does not return any errors, but I'm still only able to log in with the old password (new password is "incorrrect").

Domain account creation & resetting is done with passwd and smbpasswd. I can post the full scripts if needed, but I don't think that's the issue.

A couple weeks ago, I transferred the /home directory over to a new hard drive. One of my friends mentioned the problem could be related to corrupted data (which I doubt) or incorrect permissions transferring. Here is exactly what I did:
Code:
 mkdir /newhome
 mount /dev/sde1 /newhome #sde1 is the new hard drive
 cd /home #old hard drive (sdb1)
 tar cf - * | (cd /newhome; tar xvf -)
 umount /newhome
 umount /home
 mount /dev/sde1 /home
 # then I updated /etc/fstab to point to the new /home (sde1)

My usual course of action in situations like these is to make sure all the software on the server is up to date, then proceed from there. However, the faculty lab administrator expressly prohibited me from doing this (sigh...), so I'm stuck with the current version of samba and an ancient kernel.

I looked through the samba log as well when I tried to log in with a newly-created domain account (testuser). Here is the output from less <samba log>.log | grep testuser. Server name and workstation names have been replaced by <mydomain> and <client pc> because I don't want to get in trouble:
Code:
  SAM Logon (Interactive). Domain:[<mydomain>].  User:[testuser@<client pc>] Requested Domain:[<mydomain>]
  Attempting validation level 3 for unmapped username testuser.
  Mapping user [<mydomain>]\[testuser] from workstation [<client pc>]
  attempting to make a user_info for testuser (testuser)
  making strings for testuser's user_info struct
  making blobs for testuser's user_info struct
  check_ntlm_password:  Checking password for unmapped user  [<mydomain>]\[testuser]@[<client pc>] with the new password  interface
  check_ntlm_password:  mapped user is: [<mydomain>]\[testuser]@[<client pc>]
   Key: USER_testuser
  check_sam_security: Couldn't find user 'testuser' in passdb.
  check_ntlm_password: sam authentication for user [testuser] FAILED with error NT_STATUS_NO_SUCH_USER
  check_ntlm_password:  Authentication for user [testuser] -> [testuser] FAILED with error NT_STATUS_NO_SUCH_USER

I humbly admit I don't have extensive experience in *nix networking, so any advice would be appreciated.
 

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

unable to change user password from nis client

I trying to change the user1 passwd from NIS client i.e #passwd -r nis user1 Enter user1's password; Can I change the password without having to enter user password? Mnay Thanks (1 Reply)
Discussion started by: sam786
1 Replies

2. Shell Programming and Scripting

script to change passwords for the same user on multiple servers

I am trying to write a script to change passwords for the same user on multiple servers. My environment runs purely ssh / scp not rsh / rcp and therefore coping using rcp is not an option. I have been playing with expect to perform tasks but think there must be a better way. Has anyone got... (7 Replies)
Discussion started by: stolz
7 Replies

3. UNIX for Dummies Questions & Answers

Unable To Change a User's Password

I am trying to change a user's Password, but I get the error "Password Cannot be changed; see account Administrator". Yet I am logged in as root. I also cannot access the Accounts Manager facility when SCO when using System Administration screen Error "Unable to get initial list of users" (2 Replies)
Discussion started by: Waitstejo
2 Replies

4. Solaris

Unable to change password for a user.

I am getting the following error message "passwd: User unknown: username" Permission denied error message when trying to change the password for that given user account. The user account is within the /etc/passwd file and I can also su to the account without any problems. This is sever is not... (11 Replies)
Discussion started by: eckmanb
11 Replies

5. UNIX for Dummies Questions & Answers

Change user passwords using shell script

Hi, I want to change the password of unix users on a number of servers.My plan was to ssh to all the servers in a shell script and use the passwd command. I tried to do so but everytime i run it i get this error. ssh -x -n -l user1 host passwd Changing password for "user1" 3004-709 Error... (3 Replies)
Discussion started by: poojabhat
3 Replies

6. HP-UX

[Solved] Unable to change/create home dir for particular user

Hi all I wanted to change the home dir for a user, but when using smh : SMH->Accounts for Users and Groups->Local Users->Modify User ---------------------------------------------------------------------------------------------------------------------------------------------- * Required... (8 Replies)
Discussion started by: fretagi
8 Replies

7. Shell Programming and Scripting

How to change passwords for User accounts on multiple UNIX/Linux machines remotely?

Hello Experts, Need some direction on creating shell script for following environment: We have about 20 people in the team working as Oracle DBA's (sysdba's and appdba's). Total Servers which is a mix of Unix and Linux are 200. We do not have Root user access on any of the servers and... (3 Replies)
Discussion started by: sha2402
3 Replies

8. Red Hat

Unable to change user role using SELinux

Initial SELinux context for user hitendra $ id -Z unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 I changed the role # semanage login -a -s user_u hitendra # Then I logged in again # su - hitendra $ id -Z unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 $ But I don't... (1 Reply)
Discussion started by: hiten.r.chauhan
1 Replies

9. UNIX for Dummies Questions & Answers

Unable to change password using root user

Hi, I tired changing password for mqm user in linux server with root user. But still I couldn't able to login mqm user with changed password. Can anyone please help on this. # passwd mqm Thanks, Anusha (4 Replies)
Discussion started by: Anusha M
4 Replies

LEARN ABOUT POSIX

logins

logins(1M)                                                System Administration Commands                                                logins(1M)

NAME

       logins - list user and system login information

SYNOPSIS

       /usr/bin/logins [-admopstux] [-g group...] [-l login_name...]

DESCRIPTION

       This  command  displays  information  on  user  and  system logins known to the system. Contents of the output is controlled by the command
       options and can include the following: user or system login, user id number, passwd account field value (user name or  other  information),
       primary group name, primary group id, multiple group names, multiple group ids, home directory, login shell, and four password aging param-
       eters. The default information is the following: login id, user id, primary group name, primary group id and the account field value.  Out-
       put is sorted by user id, system logins, followed by user logins.

OPTIONS

       Options may be used together. If so, any login that matches any criteria are displayed.

       The following options are supported:

       -a              Add  two  password  expiration  fields to the display. The fields show how many days a password can remain unused before it
                       automatically becomes inactive, and the date that the password expires.

       -d              Selects logins with duplicate uids.

       -g group        Selects all users belonging to group, sorted by login. Multiple groups can be specified as  a  comma-separated  list.  When
                       the  -l  and -g options are combined, a user is only listed once, even if the user belongs to more than one of the selected
                       groups.

       -l login_name...Selects the requested login. Multiple logins can be specified as a  comma-separated  list.  Depending  on  the  nameservice
                       lookup  types  set  in  /etc/nsswitch.conf,  the information can come from the /etc/passwd and  /etc/shadow files and other
                       nameservices. When  the -l and -g options are combined, a user is only listed once, even if the user belongs to  more  than
                       one of the selected groups.

       -m              Displays multiple group membership information.

       -o              Formats output into one line of colon-separated fields.

       -p              Selects logins with no passwords.

       -s              Selects all system logins.

       -t              Sorts output by login instead of by uid.

       -u              Selects all user logins.

       -x              Prints  an  extended  set  of information about each selected user. The extended information includes home directory, login
                       shell and password aging information, each displayed on a separate line. The  password  information  consists  of  password
                       status  (PS for password, NP for no password or LK for locked). If the login is passworded, status is followed by the  date
                       the password was last changed, the number of days required between changes, and the number of days allowed before a  change
                       is  required.   The password aging information shows the time interval that the user receives a password expiration warning
                       message (when logging on) before the password expires.

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE         |      ATTRIBUTE VALUE        |
       +-----------------------------+-----------------------------+
       |Availability                 |SUNWcsu                      |
       +-----------------------------+-----------------------------+

SEE ALSO

       attributes(5)

SunOS 5.10                                                          5 Jul 1990                                                          logins(1M)
All times are GMT -4. The time now is 11:18 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy