Hello, I've set up a small isolated node of systems (4 Windows 2000 and 4 RHEL-WS and 1 RHEL ES, V4 update 2). I've set up the Samba on the RHEL4 ES as a PDC and NIS master and is working great except for one thing, changing passwords on the Windows systems doesn't seem to abide by the cracklib rules I specified. Here is the system-auth entries for password: password requisite /lib/security/$ISA/pam_cracklib.so retry=3 \ dcredit=-1 ucredit=-1 ocredit=-1 lcredit=0 minlen=8 password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok \ md5 shadow nis remember=8 password required /lib/security/$ISA/pam_deny.so for smb.conf I use: unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* &n\n passwd:*all*authentication*tokens*updated*successfully* In the syslog when changing the password (using a invalid password of 12345678) on the windows system is gives: Aug26 18:55:18 mslserver rpc.yppasswdd [3205]: update steveb (uid=1010) from host 127.0.0.1 rejected Aug16 18:55:18 mslserver rpc.yppasswdd [3205]: invalid password Aug26 18:55:18 mslserver passwd (pam_unix) [15011]: password not changed for steveb on mslserver. Aug26 18:55:18 mslserver passwd (pam_unix) [15011]: password changed for steveb. Windows comes back with 'Your password has been changed'. And the password has been changed for both the Windows systems and the Linux systems. If I change the password on a Linux system (using passwd), the use of '123456789' will fail (too simplistic). So it appears that the pam rules work as it should if changing the password on a linux system, but not from a Windows system. Since Samba is using the Linux passwd to change passwords, then I was thinking that it would fail on simplistic passwords. Why is this not doing what I was expecting? Smb.conf man page states that the unix password is changed first before smbpasword, therefore if the unix password fails, then smbd will fail to change the SMB password file. >From the syslog, it appears that it does fail, but for some reason, it gets changed. How can I get this to work? Note: These systems are not on the internet, and the above was typed in by hand. Thanks. Steve -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
