[NTLUG:Discuss] Samba 3 upgrade woes - can't change passwords - *PARTLY SOLVED*

[Richard Geoffrion]

After much heartache.. I finally got Samba 2.2.8a upgraded to Samba 3 in
such a manor that I have no longer lost my domain admin group.

The upgrade issue: uninstall samba 2.2.8a totally THEN install Samba 3.
Reason: the paths to the binaries are different in Samba 3. When I
installed on top of 2.2.8a, I was mix and matching my executables.

Problem:So...now I'm stuck with this stupid password change problem.  The
webmin utility, which runs as root, can update a users samba and unix
passwords with no problem.  Windows(tm) users, however are encountering
the error message, "You do not have permission to change your password."

When an smbpasswd is attempted by a regular user at the command line, the
process is failing during the UNIX SYNC portion of the password change. 
(With  the 'sync unix...' option set to 'NO', users can change their
domain password.

I've looked at the password chat that has worked for YEARS and that is not
the problem.

What *IS* the problem is that non root users must use complexity in their
passwords.  When the Samba password is not complex enough, the passwd
portion of the password chat fails thus returning the "machine 127.0.0.1
rejected the password change: Error was : RAP86: The specified password is
invalid." error message, but the Windows{tm} machine only gets the "You do
not havepermission..." error.

Why am I having this problem?  I suspect that it is related to the Samba 3
upgrade only because I didn't have this issue with 2.2.8a.  What changed
in Samba 3?  Does smbpasswd no longer execute the passwd program as a
privelidged user?

Solutions that I've thought of but am having a hard time googling
instructions to help with the tasks....

1) How does one NOT require complex UNIX passwords on a NON-PAM enabled
box such as Slackware 8.1.
--AND/OR--
2)How does one force Samba to require complex passwords so that
Windows{tm} can return a valid and useful error message to the user? (my
eventual goal)

I found the password level = X option..but that doesn't sound correct, AND
it didn't do anything for my problem. (password level doesn't CHECK
complexity..it helps WITH complex passwords..duh! {slaps forehead})

I've been through my /etc/login.defs....wait..I just reviewed one final
time before posting and I've found the option!!   OBSCURE_CHECKS_ENAB !
ok.. I set that to no and now I have a less secure system!  YAY!!! (<---
that is sarcasm, btw)

So, now that my immediate crisis is over, what search terms do I use to
find information about having samba require and perform complexity
checking?


-- 
Richard