Community Forum

alexondi
alexondi
Offline
Resolved
0 votes
Hello!
I install latest ClearOS 5.2 and set domain for my network. And now I can change passwords for user only from webconfig. When user try change password from windows XP (or windows 7) interface they get 'you don't have rights for change password'
and in log I see error

system userpasswd: password change failed for avp: Parameter is invalid - Username

I try from console
/usr/sbin/userpasswd avp
...
and get same error

Can anybody help my with this problem?

Thank you!
Alexander
Thursday, July 29 2010, 06:02 AM
Share this post:
Responses (57)
  • Accepted Answer

    Thursday, January 26 2012, 10:49 AM - #Permalink
    Resolved
    0 votes
    Sorry I can't help with why it doesn't appear in the updates list. The Users module also is not on mine...

    The latest version is app-users-5.2.21. I'd recommend you upgrade using
    yum clean all && yum upgrade
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, January 26 2012, 02:50 AM - #Permalink
    Resolved
    0 votes
    Tim,

    I have same issue trying to get passwords updated so checked the updates:

    When I use webconfig panel all my updates appear to be working and enabled. Many are at 5.2.20 and app-samba-api is 5.2.21 however I can not locate app-users at all in this list.

    Command line provides this:

    [root@gw1 ~]# rpm -q app-users
    app-users-5.2-10
    [root@gw1 ~]#

    I do not want to update from command line until I understand why it did not update automatically and why it is not listed in the Software Updates panel.

    Many thanks,

    Andy


    EDIT

    Attached output of the Modules and Software listing [file name=webconfig_dump.txt size=9633]http://www.clearfoundation.com/media/kunena/attachments/legacy/files/webconfig_dump.txt[/file]
    The reply is currently minimized Show
  • Accepted Answer

    Pat Osborn
    Pat Osborn
    Offline
    Thursday, September 15 2011, 06:14 PM - #Permalink
    Resolved
    0 votes
    Hello-

    I am experiencing the password change issue with a new install of 5.2 service pack 1 (just freshly downloaded 2 days ago)and windows xp clients. It looks like smb.conf was changed since the beginning of the thread and matches the password chat time suggested earlier in this thread. Also the version app-samba-api-5.2-21 is correct. The ClearOS install is standalone without firewall.

    I have the password policy set to minimum 5 chars (yes all attempts are more than that), modify any time, no expire, and no history for now.

    I am not having any luck finding a solution that isn't already 'in place' as this is a brand new install.

    Any thoughts would be very welcome.
    The reply is currently minimized Show
  • Accepted Answer

    John
    John
    Offline
    Friday, September 02 2011, 12:39 PM - #Permalink
    Resolved
    0 votes
    Hi all,

    This problem keeps returning and I tried several Windoze 7 related solutions without result, so for now I am giving up on this.
    The only solution that works for me is to create shortcuts with the static ip address instead of using the host name.
    It's quick and dirty, but I don't see another solution ...

    Please advice,

    John
    The reply is currently minimized Show
  • Accepted Answer

    John
    John
    Offline
    Sunday, June 26 2011, 11:25 PM - #Permalink
    Resolved
    0 votes
    Hi all,

    Without making any changes, the Windoze 7 login problem suddenly disappeared ... :blink:
    Can anyone shed some light on what could have happened, because otherwise it's just a matter of time before it returns again ... ?!?

    Please advice,

    John
    The reply is currently minimized Show
  • Accepted Answer

    John
    John
    Offline
    Monday, June 20 2011, 04:31 PM - #Permalink
    Resolved
    0 votes
    Hi all,

    I am sorry to report that the problem has returned again ... with a vengeance ... :(
    This time it's no longer a firewall issue, because when switching to "standalone without firewall", the problem persists.

    The problem only occurs on Win7 clients while no changes have been made to the setup and according to my knowledge, all required services are up and running.
    Occasionally I got an error message with something like, that there where too many connections to the server ... or something, but I didn't write it down ... :blush: ... yet
    The usual response is that I get another chance of typing the write password ... :blink: ... dohhh ...

    Can someone please advice me about this, because this reoccurring issue is starting to get the most out of me ... :angry:
    Please advice,

    John
    The reply is currently minimized Show
  • Accepted Answer

    John
    John
    Offline
    Tuesday, June 07 2011, 01:47 PM - #Permalink
    Resolved
    0 votes
    Thank you Nick,

    I added the following deviating Incoming Allow rules (not required for Windoze XP):
    137 TCP
    138 TCP
    139 UDP
    445 UDP

    Not sure why Windoze 7 suddenly requires these additional rules, but for now it solved the problem.

    Greetings,

    John

    Ps. IP tables is something I'd rather not screw around with, since one little mistake can break the whole firewall.
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, June 04 2011, 03:32 PM - #Permalink
    Resolved
    0 votes
    John, I'd suggest opening both UDP and TCP for 135, 137-9 and 445 for starters and see if that fixes your problem. Alternatively add 2 firewall rules:
    iptables -A INPUT -p udp -s {your_LAN_subnet} -j LOG
    iptables -A INPUT -p tcp -s {your_LAN_subnet} -j LOG

    Then monitor /var/log/messages for all blocked packets. You can set up a separate log if you want as well by adding
    kern.5                          /var/log/firewall
    to /etc/syslog.conf then restart syslog with a "service syslog restart". You should stop logging like this when you can or set logrotate to rotate /var/log/firewall. Otherwise the log will just keep getting bigger. Firewall messages will go to both logs and /var/log/firewall will get a few other messages as well.
    The reply is currently minimized Show
  • Accepted Answer

    John
    John
    Offline
    Saturday, June 04 2011, 02:21 PM - #Permalink
    Resolved
    0 votes
    Thanks Manu,

    My problem is of a different kind.
    I have a standalone COS box with FW and discovered that, when I change it to a standalone without FW, the Win7 clients are able to login again.
    The strange thing is that I did not make any changes and that previously they where able to login ... :blink:
    Restarting the FW did not solve the problem.

    Anyway ... I use the following custom firewall rules by entering the 'Protocol', 'Source Address' 192.168.1.0/24 and the using the 'Destination Port (Range)':
    http://www.clearfoundation.com/media/kunena/attachments/legacy/images/adv_fw.jpg
    (non relevant ports have been blanked out)

    Am I missing a port or did I make a mistake somewhere ... ?!?
    I thought that I did some extensive research on properly opening the correct ports ... :blush:

    Please advice,

    John
    The reply is currently minimized Show
  • Accepted Answer

    Manu
    Manu
    Offline
    Sunday, May 29 2011, 05:36 PM - #Permalink
    Resolved
    0 votes
    Hi.

    I have the same Problem: Domain user can not change his password, client system: Windows 7. The Error-Message which i get is: The password on this account cannot be changed at this time.

    I issued the yum commands Tim Burgess provided, rebooted server and client (to be sure) but the problem persists.

    My server installation is brand new and yum update did install many updates :)
    So what's wrong? How to solve the problem?


    Regards,
    Manu


    EDIT - Solved:

    I did solve the Problem... In my case the problem was, that my initial password (set in the webinterface) was only 4 characters long (testpurposes...). But the minimal length should be 5 chars. After changing the Password in the web-interface to a longer one, the user was able to change his pw :)

    Thanks anyway, I hope my posts helps someone else.
    The reply is currently minimized Show
  • Accepted Answer

    John
    John
    Offline
    Wednesday, May 25 2011, 08:53 AM - #Permalink
    Resolved
    0 votes
    Hi all,

    The problem has returned with a vengeance ... :angry:
    At the moment only the root can login and all other accounts give the following Windoze error:
    "The specified network password is not correct."
    # service ldap status
    slapd (pid 6299) is running...

    When I check the ClearOS web interface, System - Resources - Services, all core & relevant standard services are up and running.

    Also when attempting to access the MySQL database in Opera (http://<ip cos>:81/mysql), I get the following re-occurring error, before ultimately showing the proper web interface (after a lot of ok clicking ... :S ):
    http://www.clearfoundation.com/media/kunena/attachments/legacy/images/sql_error.jpg

    Restarting the LDAP service and rebooting the server did not solve the problem.

    Please assist and if you need any log info, please tell me so I can add it to this post.

    John

    EDIT:
    Unlike earlier, after pressing the ok button a lot of times MySQL still keeps giving the same error message.
    If necessary, I will start a new thread, if any of you can confirm that this is a new / non related issue.

    EDIT II:
    Ok ... I confirmed that only the Windoze 7 clients have the problem of not being able to login anymore.
    The Windoze XP clients do not have this problem.
    No changes have been made on the server side, but the problem started after a few Windoze 7 client updates.
    Not that it matters, but if this is the cause I think it would be good thing to confirm.

    EDIT III:
    A colleague confirmed that after removing the latest Windoze 7 updates, that he is still unable to login so now I am completely at a loss about the cause of this problem ... :silly:

    Please advice.
    The reply is currently minimized Show
  • Accepted Answer

    John
    John
    Offline
    Tuesday, April 26 2011, 01:53 PM - #Permalink
    Resolved
    0 votes
    Hi all,

    The problem seems to be solved now that a few were able to change their password.
    I suspect that the problem was, that I thought that the 'username' was not case sensitive, but it probably is ... what makes no sense to me, but could be quiet normal in the Linux world ... :blink:
    Anyway ... the error message suggested that there was a problem with the username / account.
    If it happens again i will let you know.

    Greetings,

    John
    The reply is currently minimized Show
  • Accepted Answer

    John
    John
    Offline
    Wednesday, April 20 2011, 05:52 PM - #Permalink
    Resolved
    0 votes
    Thanks Tim,
    # rpm -q app-users
    app-users-5.2-21

    So I suppose I can start collecting some courage to ask them to try again ...
    I am still not in the clear, why they still were unable to change their passwords after I implemented these changes.
    Or maybe it was a user error ... but than, there should have been another error message ... :blink:

    Cross my fingers,

    John
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, April 20 2011, 04:18 PM - #Permalink
    Resolved
    0 votes
    John, it's moved location on the server so your download failed. It now lives in the updates folder HERE so
    yum clean all
    yum upgrade

    is all you need to do...if it reports there is nothing to update, then you should already have the latest version (5.2-21). You can find out with
    rpm -q app-users
    The reply is currently minimized Show
  • Accepted Answer

    John
    John
    Offline
    Wednesday, April 20 2011, 04:10 PM - #Permalink
    Resolved
    0 votes
    Thanks for your responses Alex & Len,

    There must be a good reason why the file is no longer on the servers, so I leave it at that ... but ...
    Since I was able to successfully change their passwords (when logged in with their accounts), I almost suspected this to be a user error.
    Until I let them change their password on the box itself, without any problems ... :blink:
    For now it works, because the box is not fully in production yet, but I don't want to make this a standard procedure ... and neither do they ... :blush:
    Btw ... it didn't matter if I switched off the (standalone) firewall and AFAIK all the correct ports are opened.

    Please advice,

    John
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, April 19 2011, 01:12 AM - #Permalink
    Resolved
    0 votes
    The app-users-5.2-20.i386.rpm is no longer in the /clearos/enterprise/5.2/other directory.

    I see the download in the above post. Downloaded, installed it, made the smb.conf change Peter suggested.

    http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,10/do,quote/func,post/id,17599/

    It worked on my Win 7 64-bin laptop.
    The reply is currently minimized Show
  • Accepted Answer

    Alex
    Alex
    Offline
    Monday, April 18 2011, 09:42 AM - #Permalink
    Resolved
    0 votes
    Hi

    If you look at the previous lines of your log, you will see that it is reporting:-
    Saving to: `missing.html'
    and indeed if you try to load the file in a browser, it comes up with an error page. It looks like the file is no longer on the server. I'm not sure why they have taken it off, but it could perhaps be that it conflicts with a subsequent update. However, i've put the copy from my server up on my web space for you:-

    http://www.computer-sos.org.uk/clearos/app-users-5.2-20.i386.rpm

    Hope this helps. Be aware that I am only a user like yourself, so any help or advice i may give may have flaws in it.

    Alex
    The reply is currently minimized Show
  • Accepted Answer

    John
    John
    Offline
    Saturday, April 16 2011, 04:52 PM - #Permalink
    Resolved
    0 votes
    Ok ... this time, I'll keep it short ... :lol:

    What is the cause of this error message (read the post above for more detail):
    # rpm -Uvh app-users-5.2-20.i386.rpm
    error: open of app-users-5.2-20.i386.rpm failed: No such file or directory

    Greetings,

    John
    The reply is currently minimized Show
  • Accepted Answer

    John
    John
    Offline
    Wednesday, April 13 2011, 01:29 PM - #Permalink
    Resolved
    0 votes
    Hi all,

    Since the reported problem has been solved a while ago, I wonder why I still encounter it ... :blink:
    When clients attempt to change their password they get the infamous error message:
    Paramater is invalid - Username.
    When I login with their account I am able to successfully change their password ... :blink:
    Maybe it's my M$ minded brain that is falling of a cliff, but this is really freaking me out ... :angry:

    These are the steps I took before deciding to write this post:
    # yum clean all

    # yum update

    # service samba restart

    # wget http://download.clearfoundation.com/clearos/enterprise/5.2/other/app-users-5.2-20.i386.rpm
    --2011-04-13 14:49:24-- http://download.clearfoundation.com/clearos/enterprise/5.2/other/app-users-5.2-20.i386.rpm
    Resolving download.clearfoundation.com... 67.18.3.121, 64.34.186.224, 64.34.185.197, ...
    Connecting to download.clearfoundation.com|67.18.3.121|:80... connected.
    HTTP request sent, awaiting response... 302 Found
    Location: http://mirror1-dallas.clearsdn.com/missing.html [following]
    --2011-04-13 14:49:25-- http://mirror1-dallas.clearsdn.com/missing.html
    Resolving mirror1-dallas.clearsdn.com... 67.18.3.121
    Connecting to mirror1-dallas.clearsdn.com|67.18.3.121|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 452 [text/html]
    Saving to: `missing.html'

    100%[======================================>] 452 --.-K/s in 0s

    2011-04-13 14:49:26 (9.66 MB/s) - `missing.html' saved [452/452]

    # rpm -Uvh app-users-5.2-20.i386.rpm
    error: open of app-users-5.2-20.i386.rpm failed: No such file or directory

    changing "unix password sync = Yes" to "unix password sync = No" in /etc/samba/smb.conf and a smb restart also did not solve the problem.

    Please help ...

    Greetings,

    John
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, March 16 2011, 05:21 PM - #Permalink
    Resolved
    0 votes
    Thanks Nik, It worked for me...
    The reply is currently minimized Show
  • Accepted Answer

    Nik Bold
    Nik Bold
    Offline
    Tuesday, February 01 2011, 02:04 PM - #Permalink
    Resolved
    0 votes
    Hi I don't know if this will help but we had the same problem and it turned out that all we had to do on our 5.2 sp 1 pdc was change the following line in the smb.com (/etc/samba/smb.conf):


    unix password sync = Yes

    to

    unix password sync = No

    once samba was restarted (/etcinit.d/smb restart) we were able to change passwords from windows.
    The reply is currently minimized Show
  • Accepted Answer

    Eric
    Eric
    Offline
    Saturday, December 11 2010, 06:11 AM - #Permalink
    Resolved
    0 votes
    I am having this issue of trying to change the password from the Windows XP client. It's important to note that I did a fresh install of ClearOS (5.2 SP1) this month. I checked the smb.conf file and "password chat timeout" is equal to "10" and I have the package "app-samba-api 5.2-21" installed by default. The only item that differs from what was discussed in this thread is the "app-users" rpm. I did a package list and ClearOS 5.2 SP1 installs app-users-5.2-10.

    I suppose the updated ClearOS software (app-samba-api) that was fixed in the bug report got put into SP1 but perhaps the app-users-5.2-20.i386.rpm didn't get added to the iso. I am not a developer so I have no idea if there is a reason it didn't get included in the iso but just wanted to make someone aware that this issue still has to be fixed manually when installing ClearOS 5.2 SP1

    I am a first time user of ClearOS and I really like it. Thanks for the hard work!

    -Eric
    The reply is currently minimized Show
  • Accepted Answer

    Kevin
    Kevin
    Offline
    Wednesday, October 13 2010, 06:10 PM - #Permalink
    Resolved
    0 votes
    Thanks Peter,

    This version appears in the "other" folder which does not appear in my repo list.

    I had to manually install per your instructions.

    Kevin
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, October 13 2010, 05:43 PM - #Permalink
    Resolved
    0 votes
    The reply is currently minimized Show
  • Accepted Answer

    Kevin
    Kevin
    Offline
    Wednesday, October 13 2010, 05:30 PM - #Permalink
    Resolved
    0 votes
    Hello everyone,

    Peter, thanks for the fix.

    Did this fix get put into the normal upgrades yet?

    Kevin
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, October 07 2010, 07:20 PM - #Permalink
    Resolved
    0 votes
    Peter,

    My thanks also. Only partially tested and have to turn aging back on but it seems to be fixed for me also.

    Thank you again.

    John
    The reply is currently minimized Show
  • Accepted Answer

    chilonnb
    chilonnb
    Offline
    Friday, September 24 2010, 07:30 AM - #Permalink
    Resolved
    0 votes
    Hi all,

    it works for me now.

    thanks everybody.

    thanks peter :)
    The reply is currently minimized Show
  • Accepted Answer

    Ed Bernard
    Ed Bernard
    Offline
    Thursday, September 23 2010, 08:20 PM - #Permalink
    Resolved
    0 votes
    I applied the fixes supplied by Peter for my client today and I am pleased to report that it worked perfectly. Thanks very much!
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, September 23 2010, 05:45 PM - #Permalink
    Resolved
    0 votes
    Have you applied the "passwd chat timeout = 10" change and installed the new RPM?
    The reply is currently minimized Show
  • Accepted Answer

    chilonnb
    chilonnb
    Offline
    Thursday, September 23 2010, 10:49 AM - #Permalink
    Resolved
    0 votes
    hi Alex,

    I've tested short and long password !!! :( but the problem does not resolved .

    thanks,
    The reply is currently minimized Show
  • Accepted Answer

    Alex
    Alex
    Offline
    Thursday, September 23 2010, 10:11 AM - #Permalink
    Resolved
    0 votes
    chilonnb

    According to the first error message, the password is the wrong length. Have you tried with a longer password?

    Alex
    The reply is currently minimized Show
  • Accepted Answer

    chilonnb
    chilonnb
    Offline
    Wednesday, September 22 2010, 08:59 PM - #Permalink
    Resolved
    0 votes
    Hi all,

    i have also the problem.


    when i want to change password user form pc (win7) in the domain, in my log i have this:

    [2010/09/22 21:52:23.039871, 0] ../libcli/auth/smbencrypt.c:589(decode_pw_buffer)
    decode_pw_buffer: incorrect password length (-1480333090).
    [2010/09/22 21:52:23.039939, 0] ../libcli/auth/smbencrypt.c:590(decode_pw_buffer)
    decode_pw_buffer: check that 'encrypt passwords = yes'

    i've aded to smb.conf : encrypt passwords = yes

    but it not resolved .

    thanks,
    The reply is currently minimized Show
  • Accepted Answer

    Alex
    Alex
    Offline
    Tuesday, September 21 2010, 11:57 AM - #Permalink
    Resolved
    0 votes
    Peter

    OK, ignore my last 2 messages please. I am feeling very dumb right now.

    I set up my server with roaming profiles for 1 good reason. I couldn't trust the people in my office to make sensible use of the U: drive so that they would have access to their files from any computer. I should have taken my own advice. The reason my computer was taking so long to log on and off is that it was synchronizing my user profile, which had become rather large due to my use of the documents and downloads folders. A quick bit of housekeeping onto the U: drive and suddenly my computer logs on and off in a fraction of the time.

    I can understand why Roaming Profiles are not entirely recommended, though in our office, unfortunately necessary.


    Alex
    The reply is currently minimized Show
  • Accepted Answer

    Alex
    Alex
    Offline
    Tuesday, September 21 2010, 10:25 AM - #Permalink
    Resolved
    0 votes
    The Windows Event for the logon and logoff is Winlogon 6005 "The winlogon notification subscriber <Profiles> is taking long time to handle the notification event (Logon)."
    The reply is currently minimized Show
  • Accepted Answer

    Alex
    Alex
    Offline
    Tuesday, September 21 2010, 10:18 AM - #Permalink
    Resolved
    0 votes
    Peter

    I am very pleased to announce that mine is also working fine now thank you.

    Not sure if this is worth mentioning, but since most people will have a password policy of "No Expire" or a long time, due to this problem having existed, it might. I changed the password policy while my desktop was logged on and on logging off, it came up with an error message about being unable to save my roaming profile. Starting again, I shutdown all computers and had no issues with the rest. In other words, it might be best to log off all computers before changing the "password policy" settings.

    One possible issue I have come across in connection with this is that logging on or changing password on my Windows Vista Business Edition Desktop takes an absolute age, despite the fact that it is by far the fastest computer on our network (all the rest run XP Pro).

    The first time I tried to change my password, it hung for 5 minutes saying it was changing the password. It is not unusual for it to take that long to log on as well. All of the xp machines log on in seconds as you would expect.

    It's not a major issue to me as I really hate Vista and wanted an excuse to get rid of it.

    Alex
    The reply is currently minimized Show
  • Accepted Answer

    MaxMouse
    MaxMouse
    Offline
    Monday, September 20 2010, 08:55 PM - #Permalink
    Resolved
    0 votes
    Confirmed!!! :woohoo:

    I already changed a password using Ctrl + Alt + Del method!

    Again Peter, thank you so much for the solution, and my humble congratulation to all the team to make ClearOS what it is right now. ;)


    PD.
    Amazing that something as a few seconds can make.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, September 20 2010, 07:51 PM - #Permalink
    Resolved
    0 votes
    Ah yes. You should also add the following line to the /etc/samba/smb.conf file:

    passwd chat timeout = 10

    By default, the password change request will only wait 2 seconds. That's not enough time for some systems (notably, our old file server). You may need to reload the Samba server after making this change:

    service smb restart

    Maybe if Peter explain us what the rmp does, we can contribute some help too.


    Sure! The password request from a Windows desktop is handled by the /usr/sbin/userpasswd script. The first bug was just a typo... that was fixed. The second issue involves some magic that happens when Samba runs this script. If the passwords in LDAP are changed when Samba is running the script, you will get the warning message. By adding a workaround specifically for Samba, the password changes succeed.

    In case you are wondering, the bug crept into 5.2 because of the changes required by the password policy system. Unfortunately, running a test using the /usr/sbin/userpasswd script directly doesn't catch the problem.
    The reply is currently minimized Show
  • Accepted Answer

    MaxMouse
    MaxMouse
    Offline
    Monday, September 20 2010, 04:18 PM - #Permalink
    Resolved
    0 votes
    Hi everyone!

    Maybe if Peter explain us what the rmp does, we can contribute some help too.

    Anyway I sill waiting anxious and thank you so much Peter for the support.
    The reply is currently minimized Show
  • Accepted Answer

    chilonnb
    chilonnb
    Offline
    Monday, September 20 2010, 03:34 PM - #Permalink
    Resolved
    0 votes
    Hi All,

    Any news please ??

    Thanks,
    The reply is currently minimized Show
  • Accepted Answer

    Monday, September 20 2010, 02:29 PM - #Permalink
    Resolved
    0 votes
    Hi all,

    I'll be able to test this myself today. I'll report back here.
    The reply is currently minimized Show
Your Reply