Ubuntu Forums (Ubuntu Linux Support)

Ubuntu Desktop => Networking => Topic started by: mstjohn1974 on November 19, 2015, 08:18:35 PM

Title: issue with winbind & passwd
Post by: mstjohn1974 on November 19, 2015, 08:18:35 PM
I successfully configured a Ubuntu 15.10 Workstation to authenticate against Active Directory the only thing left so far is the ability to change the Active Directory password. When I enter the command passwd as logged in Active Directory User I see the following:

Case 1:
[email protected]:~$ passwd
Changing password for aduser
(current) NT password:
passwd: Permission denied
passwd: password unchanged

Case 2:
[email protected]:~$ passwd aduser
Changing password for aduser
(current) NT password:
passwd: Permission denied
passwd: password unchanged

Case 3:
[email protected]:~$ passwd DOMAIN\\aduser
Changing password for DOMAIN\aduser
(current) NT password:
passwd: Permission denied
passwd: password unchanged

In all three situations I receive the following logs (The user name changes but the errors are the same):

Nov 19 12:58:59 xenomorph passwd[5691]: pam_unix(passwd:chauthtok): user "aduser" does not exist in /etc/passwd
Nov 19 12:58:59 xenomorph passwd[5691]: pam_winbind(passwd:chauthtok): getting password (0x0000002a)
Nov 19 12:59:03 xenomorph passwd[5691]: pam_winbind(passwd:chauthtok): user 'aduser' granted access
Nov 19 12:59:03 xenomorph passwd[5691]: pam_unix(passwd:chauthtok): user "aduser" does not exist in /etc/passwd
Nov 19 12:59:03 xenomorph passwd[5691]: pam_winbind(passwd:chauthtok): getting password (0x00000012)

my pam.d file: common-password looks like this one (I removed all comments for better readability):

password   [success=2 default=ignore]   pam_unix.so obscure use_authtok try_first_pass sha512
password   [success=1 default=ignore]   pam_winbind.so use_authtok try_first_pass
password       requisite         pam_deny.so
password       required         pam_permit.so
password       optional                       pam_gnome_keyring.so

I don't have any clue how to solve the issue. Any ideas?