Sorry I can't help with why it doesn't appear in the updates list. The Users module also is not on mine...

The latest version is app-users-5.2.21. I'd recommend you upgrade using

yum clean all && yum upgrade

Tim,

I have same issue trying to get passwords updated so checked the updates:

When I use webconfig panel all my updates appear to be working and enabled. Many are at 5.2.20 and app-samba-api is 5.2.21 however I can not locate app-users at all in this list.

Command line provides this:

[root@gw1 ~]# rpm -q app-users
app-users-5.2-10
[root@gw1 ~]#

I do not want to update from command line until I understand why it did not update automatically and why it is not listed in the Software Updates panel.

Many thanks,

Andy


EDIT

Attached output of the Modules and Software listing [file name=webconfig_dump.txt size=9633]http://www.clearfoundation.com/media/kunena/attachments/legacy/files/webconfig_dump.txt[/file]

Hello-

I am experiencing the password change issue with a new install of 5.2 service pack 1 (just freshly downloaded 2 days ago)and windows xp clients. It looks like smb.conf was changed since the beginning of the thread and matches the password chat time suggested earlier in this thread. Also the version app-samba-api-5.2-21 is correct. The ClearOS install is standalone without firewall.

I have the password policy set to minimum 5 chars (yes all attempts are more than that), modify any time, no expire, and no history for now.

I am not having any luck finding a solution that isn't already 'in place' as this is a brand new install.

Any thoughts would be very welcome.

Hi all,

This problem keeps returning and I tried several Windoze 7 related solutions without result, so for now I am giving up on this.
The only solution that works for me is to create shortcuts with the static ip address instead of using the host name.
It's quick and dirty, but I don't see another solution ...

Please advice,

John

Hi all,

Without making any changes, the Windoze 7 login problem suddenly disappeared ... :blink:
Can anyone shed some light on what could have happened, because otherwise it's just a matter of time before it returns again ... ?!?

Please advice,

John

Hi all,

I am sorry to report that the problem has returned again ... with a vengeance ...
This time it's no longer a firewall issue, because when switching to "standalone without firewall", the problem persists.

The problem only occurs on Win7 clients while no changes have been made to the setup and according to my knowledge, all required services are up and running.
Occasionally I got an error message with something like, that there where too many connections to the server ... or something, but I didn't write it down ... :blush: ... yet
The usual response is that I get another chance of typing the write password ... :blink: ... dohhh ...

Can someone please advice me about this, because this reoccurring issue is starting to get the most out of me ... :angry:
Please advice,

John

Thank you Nick,

I added the following deviating Incoming Allow rules (not required for Windoze XP):
137 TCP
138 TCP
139 UDP
445 UDP

Not sure why Windoze 7 suddenly requires these additional rules, but for now it solved the problem.

Greetings,

John

Ps. IP tables is something I'd rather not screw around with, since one little mistake can break the whole firewall.

John, I'd suggest opening both UDP and TCP for 135, 137-9 and 445 for starters and see if that fixes your problem. Alternatively add 2 firewall rules:

iptables -A INPUT -p udp -s {your_LAN_subnet} -j LOG

iptables -A INPUT -p tcp -s {your_LAN_subnet} -j LOG

Then monitor /var/log/messages for all blocked packets. You can set up a separate log if you want as well by adding

kern.5                          /var/log/firewall

to /etc/syslog.conf then restart syslog with a "service syslog restart". You should stop logging like this when you can or set logrotate to rotate /var/log/firewall. Otherwise the log will just keep getting bigger. Firewall messages will go to both logs and /var/log/firewall will get a few other messages as well.

Thanks Manu,

My problem is of a different kind.
I have a standalone COS box with FW and discovered that, when I change it to a standalone without FW, the Win7 clients are able to login again.
The strange thing is that I did not make any changes and that previously they where able to login ... :blink:
Restarting the FW did not solve the problem.

Anyway ... I use the following custom firewall rules by entering the 'Protocol', 'Source Address' 192.168.1.0/24 and the using the 'Destination Port (Range)':

(non relevant ports have been blanked out)

Am I missing a port or did I make a mistake somewhere ... ?!?
I thought that I did some extensive research on properly opening the correct ports ... :blush:

Please advice,

John

Hi.

I have the same Problem: Domain user can not change his password, client system: Windows 7. The Error-Message which i get is: The password on this account cannot be changed at this time.

I issued the yum commands Tim Burgess provided, rebooted server and client (to be sure) but the problem persists.

My server installation is brand new and yum update did install many updates
So what's wrong? How to solve the problem?


Regards,
Manu


EDIT - Solved:

I did solve the Problem... In my case the problem was, that my initial password (set in the webinterface) was only 4 characters long (testpurposes...). But the minimal length should be 5 chars. After changing the Password in the web-interface to a longer one, the user was able to change his pw

Thanks anyway, I hope my posts helps someone else.

Hi all,

The problem has returned with a vengeance ... :angry:
At the moment only the root can login and all other accounts give the following Windoze error:
"The specified network password is not correct."

# service ldap status

slapd (pid  6299) is running...

When I check the ClearOS web interface, System - Resources - Services, all core & relevant standard services are up and running.

Also when attempting to access the MySQL database in Opera (http://<ip cos>:81/mysql), I get the following re-occurring error, before ultimately showing the proper web interface (after a lot of ok clicking ... :S ):


Restarting the LDAP service and rebooting the server did not solve the problem.

Please assist and if you need any log info, please tell me so I can add it to this post.

John

EDIT:
Unlike earlier, after pressing the ok button a lot of times MySQL still keeps giving the same error message.
If necessary, I will start a new thread, if any of you can confirm that this is a new / non related issue.

EDIT II:
Ok ... I confirmed that only the Windoze 7 clients have the problem of not being able to login anymore.
The Windoze XP clients do not have this problem.
No changes have been made on the server side, but the problem started after a few Windoze 7 client updates.
Not that it matters, but if this is the cause I think it would be good thing to confirm.

EDIT III:
A colleague confirmed that after removing the latest Windoze 7 updates, that he is still unable to login so now I am completely at a loss about the cause of this problem ... :silly:

Please advice.

Hi all,

The problem seems to be solved now that a few were able to change their password.
I suspect that the problem was, that I thought that the 'username' was not case sensitive, but it probably is ... what makes no sense to me, but could be quiet normal in the Linux world ... :blink:
Anyway ... the error message suggested that there was a problem with the username / account.
If it happens again i will let you know.

Greetings,

John

Thanks Tim,

# rpm -q app-users

app-users-5.2-21

So I suppose I can start collecting some courage to ask them to try again ...
I am still not in the clear, why they still were unable to change their passwords after I implemented these changes.
Or maybe it was a user error ... but than, there should have been another error message ... :blink:

Cross my fingers,

John

John, it's moved location on the server so your download failed. It now lives in the updates folder HERE so

yum clean all

yum upgrade

is all you need to do...if it reports there is nothing to update, then you should already have the latest version (5.2-21). You can find out with

rpm -q app-users

Thanks for your responses Alex & Len,

There must be a good reason why the file is no longer on the servers, so I leave it at that ... but ...
Since I was able to successfully change their passwords (when logged in with their accounts), I almost suspected this to be a user error.
Until I let them change their password on the box itself, without any problems ... :blink:
For now it works, because the box is not fully in production yet, but I don't want to make this a standard procedure ... and neither do they ... :blush:
Btw ... it didn't matter if I switched off the (standalone) firewall and AFAIK all the correct ports are opened.

Please advice,

John

The app-users-5.2-20.i386.rpm is no longer in the /clearos/enterprise/5.2/other directory.

I see the download in the above post. Downloaded, installed it, made the smb.conf change Peter suggested.

http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,10/do,quote/func,post/id,17599/

It worked on my Win 7 64-bin laptop.

Hi

If you look at the previous lines of your log, you will see that it is reporting:-
Saving to: `missing.html'
and indeed if you try to load the file in a browser, it comes up with an error page. It looks like the file is no longer on the server. I'm not sure why they have taken it off, but it could perhaps be that it conflicts with a subsequent update. However, i've put the copy from my server up on my web space for you:-

http://www.computer-sos.org.uk/clearos/app-users-5.2-20.i386.rpm

Hope this helps. Be aware that I am only a user like yourself, so any help or advice i may give may have flaws in it.

Alex

Ok ... this time, I'll keep it short ... :lol:

What is the cause of this error message (read the post above for more detail):

# rpm -Uvh app-users-5.2-20.i386.rpm

 error: open of app-users-5.2-20.i386.rpm failed: No such file or directory

Greetings,

John

Hi all,

Since the reported problem has been solved a while ago, I wonder why I still encounter it ... :blink:
When clients attempt to change their password they get the infamous error message:
Paramater is invalid - Username.
When I login with their account I am able to successfully change their password ... :blink:
Maybe it's my M$ minded brain that is falling of a cliff, but this is really freaking me out ... :angry:

These are the steps I took before deciding to write this post:

# yum clean all



# yum update



# service samba restart



# wget http://download.clearfoundation.com/clearos/enterprise/5.2/other/app-users-5.2-20.i386.rpm

--2011-04-13 14:49:24--  http://download.clearfoundation.com/clearos/enterprise/5.2/other/app-users-5.2-20.i386.rpm

Resolving download.clearfoundation.com... 67.18.3.121, 64.34.186.224, 64.34.185.197, ...

Connecting to download.clearfoundation.com|67.18.3.121|:80... connected.

HTTP request sent, awaiting response... 302 Found

Location: http://mirror1-dallas.clearsdn.com/missing.html [following]

--2011-04-13 14:49:25--  http://mirror1-dallas.clearsdn.com/missing.html

Resolving mirror1-dallas.clearsdn.com... 67.18.3.121

Connecting to mirror1-dallas.clearsdn.com|67.18.3.121|:80... connected.

HTTP request sent, awaiting response... 200 OK

Length: 452 [text/html]

Saving to: `missing.html'



100%[======================================>] 452         --.-K/s   in 0s



2011-04-13 14:49:26 (9.66 MB/s) - `missing.html' saved [452/452]



# rpm -Uvh app-users-5.2-20.i386.rpm

error: open of app-users-5.2-20.i386.rpm failed: No such file or directory

changing "unix password sync = Yes" to "unix password sync = No" in /etc/samba/smb.conf and a smb restart also did not solve the problem.

Please help ...

Greetings,

John

Thanks Nik, It worked for me...

Hi I don't know if this will help but we had the same problem and it turned out that all we had to do on our 5.2 sp 1 pdc was change the following line in the smb.com (/etc/samba/smb.conf):


unix password sync = Yes

to

unix password sync = No

once samba was restarted (/etcinit.d/smb restart) we were able to change passwords from windows.

I am having this issue of trying to change the password from the Windows XP client. It's important to note that I did a fresh install of ClearOS (5.2 SP1) this month. I checked the smb.conf file and "password chat timeout" is equal to "10" and I have the package "app-samba-api 5.2-21" installed by default. The only item that differs from what was discussed in this thread is the "app-users" rpm. I did a package list and ClearOS 5.2 SP1 installs app-users-5.2-10.

I suppose the updated ClearOS software (app-samba-api) that was fixed in the bug report got put into SP1 but perhaps the app-users-5.2-20.i386.rpm didn't get added to the iso. I am not a developer so I have no idea if there is a reason it didn't get included in the iso but just wanted to make someone aware that this issue still has to be fixed manually when installing ClearOS 5.2 SP1

I am a first time user of ClearOS and I really like it. Thanks for the hard work!

-Eric

Thanks Peter,

This version appears in the "other" folder which does not appear in my repo list.

I had to manually install per your instructions.

Kevin

Yup! http://clearsdn.clearcenter.com/software/detail.php?aid=95

Hello everyone,

Peter, thanks for the fix.

Did this fix get put into the normal upgrades yet?

Kevin

Peter,

My thanks also. Only partially tested and have to turn aging back on but it seems to be fixed for me also.

Thank you again.

John

Hi all,

it works for me now.

thanks everybody.

thanks peter

I applied the fixes supplied by Peter for my client today and I am pleased to report that it worked perfectly. Thanks very much!

Have you applied the "passwd chat timeout = 10" change and installed the new RPM?

hi Alex,

I've tested short and long password !!! but the problem does not resolved .

thanks,

chilonnb

According to the first error message, the password is the wrong length. Have you tried with a longer password?

Alex

Hi all,

i have also the problem.


when i want to change password user form pc (win7) in the domain, in my log i have this:

[2010/09/22 21:52:23.039871, 0] ../libcli/auth/smbencrypt.c:589(decode_pw_buffer)
decode_pw_buffer: incorrect password length (-1480333090).
[2010/09/22 21:52:23.039939, 0] ../libcli/auth/smbencrypt.c:590(decode_pw_buffer)
decode_pw_buffer: check that 'encrypt passwords = yes'

i've aded to smb.conf : encrypt passwords = yes

but it not resolved .

thanks,

Peter

OK, ignore my last 2 messages please. I am feeling very dumb right now.

I set up my server with roaming profiles for 1 good reason. I couldn't trust the people in my office to make sensible use of the U: drive so that they would have access to their files from any computer. I should have taken my own advice. The reason my computer was taking so long to log on and off is that it was synchronizing my user profile, which had become rather large due to my use of the documents and downloads folders. A quick bit of housekeeping onto the U: drive and suddenly my computer logs on and off in a fraction of the time.

I can understand why Roaming Profiles are not entirely recommended, though in our office, unfortunately necessary.


Alex

The Windows Event for the logon and logoff is Winlogon 6005 "The winlogon notification subscriber <Profiles> is taking long time to handle the notification event (Logon)."

Peter

I am very pleased to announce that mine is also working fine now thank you.

Not sure if this is worth mentioning, but since most people will have a password policy of "No Expire" or a long time, due to this problem having existed, it might. I changed the password policy while my desktop was logged on and on logging off, it came up with an error message about being unable to save my roaming profile. Starting again, I shutdown all computers and had no issues with the rest. In other words, it might be best to log off all computers before changing the "password policy" settings.

One possible issue I have come across in connection with this is that logging on or changing password on my Windows Vista Business Edition Desktop takes an absolute age, despite the fact that it is by far the fastest computer on our network (all the rest run XP Pro).

The first time I tried to change my password, it hung for 5 minutes saying it was changing the password. It is not unusual for it to take that long to log on as well. All of the xp machines log on in seconds as you would expect.

It's not a major issue to me as I really hate Vista and wanted an excuse to get rid of it.

Alex

Confirmed!!! :woohoo:

I already changed a password using Ctrl + Alt + Del method!

Again Peter, thank you so much for the solution, and my humble congratulation to all the team to make ClearOS what it is right now.


PD.
Amazing that something as a few seconds can make.

Ah yes. You should also add the following line to the /etc/samba/smb.conf file:

passwd chat timeout = 10

By default, the password change request will only wait 2 seconds. That's not enough time for some systems (notably, our old file server). You may need to reload the Samba server after making this change:

service smb restart

Maybe if Peter explain us what the rmp does, we can contribute some help too.

Sure! The password request from a Windows desktop is handled by the /usr/sbin/userpasswd script. The first bug was just a typo... that was fixed. The second issue involves some magic that happens when Samba runs this script. If the passwords in LDAP are changed when Samba is running the script, you will get the warning message. By adding a workaround specifically for Samba, the password changes succeed.

In case you are wondering, the bug crept into 5.2 because of the changes required by the password policy system. Unfortunately, running a test using the /usr/sbin/userpasswd script directly doesn't catch the problem.

Hi everyone!

Maybe if Peter explain us what the rmp does, we can contribute some help too.

Anyway I sill waiting anxious and thank you so much Peter for the support.

Hi All,

Any news please ??

Thanks,

Hi all,

I'll be able to test this myself today. I'll report back here.