Hello!
I install latest ClearOS 5.2 and set domain for my network. And now I can change passwords for user only from webconfig. When user try change password from windows XP (or windows 7) interface they get 'you don't have rights for change password'
and in log I see error
system userpasswd: password change failed for avp: Parameter is invalid - Username
I try from console
/usr/sbin/userpasswd avp
...
and get same error
Can anybody help my with this problem?
Thank you!
Alexander
I install latest ClearOS 5.2 and set domain for my network. And now I can change passwords for user only from webconfig. When user try change password from windows XP (or windows 7) interface they get 'you don't have rights for change password'
and in log I see error
system userpasswd: password change failed for avp: Parameter is invalid - Username
I try from console
/usr/sbin/userpasswd avp
...
and get same error
Can anybody help my with this problem?
Thank you!
Alexander
Share this post:
Responses (57)
-
Accepted Answer
-
Accepted Answer
Tim,
I have same issue trying to get passwords updated so checked the updates:
When I use webconfig panel all my updates appear to be working and enabled. Many are at 5.2.20 and app-samba-api is 5.2.21 however I can not locate app-users at all in this list.
Command line provides this:
[root@gw1 ~]# rpm -q app-users
app-users-5.2-10
[root@gw1 ~]#
I do not want to update from command line until I understand why it did not update automatically and why it is not listed in the Software Updates panel.
Many thanks,
Andy
EDIT
Attached output of the Modules and Software listing [file name=webconfig_dump.txt size=9633]http://www.clearfoundation.com/media/kunena/attachments/legacy/files/webconfig_dump.txt[/file] -
Accepted Answer
Hello-
I am experiencing the password change issue with a new install of 5.2 service pack 1 (just freshly downloaded 2 days ago)and windows xp clients. It looks like smb.conf was changed since the beginning of the thread and matches the password chat time suggested earlier in this thread. Also the version app-samba-api-5.2-21 is correct. The ClearOS install is standalone without firewall.
I have the password policy set to minimum 5 chars (yes all attempts are more than that), modify any time, no expire, and no history for now.
I am not having any luck finding a solution that isn't already 'in place' as this is a brand new install.
Any thoughts would be very welcome. -
Accepted Answer
Hi all,
This problem keeps returning and I tried several Windoze 7 related solutions without result, so for now I am giving up on this.
The only solution that works for me is to create shortcuts with the static ip address instead of using the host name.
It's quick and dirty, but I don't see another solution ...
Please advice,
John -
Accepted Answer
-
Accepted Answer
Hi all,
I am sorry to report that the problem has returned again ... with a vengeance ...
This time it's no longer a firewall issue, because when switching to "standalone without firewall", the problem persists.
The problem only occurs on Win7 clients while no changes have been made to the setup and according to my knowledge, all required services are up and running.
Occasionally I got an error message with something like, that there where too many connections to the server ... or something, but I didn't write it down ... :blush: ... yet
The usual response is that I get another chance of typing the write password ... :blink: ... dohhh ...
Can someone please advice me about this, because this reoccurring issue is starting to get the most out of me ... :angry:
Please advice,
John -
Accepted Answer
Thank you Nick,
I added the following deviating Incoming Allow rules (not required for Windoze XP):
137 TCP
138 TCP
139 UDP
445 UDP
Not sure why Windoze 7 suddenly requires these additional rules, but for now it solved the problem.
Greetings,
John
Ps. IP tables is something I'd rather not screw around with, since one little mistake can break the whole firewall. -
Accepted Answer
John, I'd suggest opening both UDP and TCP for 135, 137-9 and 445 for starters and see if that fixes your problem. Alternatively add 2 firewall rules:
iptables -A INPUT -p udp -s {your_LAN_subnet} -j LOG
iptables -A INPUT -p tcp -s {your_LAN_subnet} -j LOG
Then monitor /var/log/messages for all blocked packets. You can set up a separate log if you want as well by adding
to /etc/syslog.conf then restart syslog with a "service syslog restart". You should stop logging like this when you can or set logrotate to rotate /var/log/firewall. Otherwise the log will just keep getting bigger. Firewall messages will go to both logs and /var/log/firewall will get a few other messages as well.kern.5 /var/log/firewall
-
Accepted Answer
Thanks Manu,
My problem is of a different kind.
I have a standalone COS box with FW and discovered that, when I change it to a standalone without FW, the Win7 clients are able to login again.
The strange thing is that I did not make any changes and that previously they where able to login ... :blink:
Restarting the FW did not solve the problem.
Anyway ... I use the following custom firewall rules by entering the 'Protocol', 'Source Address' 192.168.1.0/24 and the using the 'Destination Port (Range)':
(non relevant ports have been blanked out)
Am I missing a port or did I make a mistake somewhere ... ?!?
I thought that I did some extensive research on properly opening the correct ports ... :blush:
Please advice,
John -
Accepted Answer
Hi.
I have the same Problem: Domain user can not change his password, client system: Windows 7. The Error-Message which i get is: The password on this account cannot be changed at this time.
I issued the yum commands Tim Burgess provided, rebooted server and client (to be sure) but the problem persists.
My server installation is brand new and yum update did install many updates
So what's wrong? How to solve the problem?
Regards,
Manu
EDIT - Solved:
I did solve the Problem... In my case the problem was, that my initial password (set in the webinterface) was only 4 characters long (testpurposes...). But the minimal length should be 5 chars. After changing the Password in the web-interface to a longer one, the user was able to change his pw
Thanks anyway, I hope my posts helps someone else. -
Accepted Answer
Hi all,
The problem has returned with a vengeance ... :angry:
At the moment only the root can login and all other accounts give the following Windoze error:
"The specified network password is not correct."
# service ldap status
slapd (pid 6299) is running...
When I check the ClearOS web interface, System - Resources - Services, all core & relevant standard services are up and running.
Also when attempting to access the MySQL database in Opera (http://<ip cos>:81/mysql), I get the following re-occurring error, before ultimately showing the proper web interface (after a lot of ok clicking ... :S ):
Restarting the LDAP service and rebooting the server did not solve the problem.
Please assist and if you need any log info, please tell me so I can add it to this post.
John
EDIT:
Unlike earlier, after pressing the ok button a lot of times MySQL still keeps giving the same error message.
If necessary, I will start a new thread, if any of you can confirm that this is a new / non related issue.
EDIT II:
Ok ... I confirmed that only the Windoze 7 clients have the problem of not being able to login anymore.
The Windoze XP clients do not have this problem.
No changes have been made on the server side, but the problem started after a few Windoze 7 client updates.
Not that it matters, but if this is the cause I think it would be good thing to confirm.
EDIT III:
A colleague confirmed that after removing the latest Windoze 7 updates, that he is still unable to login so now I am completely at a loss about the cause of this problem ... :silly:
Please advice. -
Accepted Answer
Hi all,
The problem seems to be solved now that a few were able to change their password.
I suspect that the problem was, that I thought that the 'username' was not case sensitive, but it probably is ... what makes no sense to me, but could be quiet normal in the Linux world ... :blink:
Anyway ... the error message suggested that there was a problem with the username / account.
If it happens again i will let you know.
Greetings,
John -
Accepted Answer
Thanks Tim,
# rpm -q app-users
app-users-5.2-21
So I suppose I can start collecting some courage to ask them to try again ...
I am still not in the clear, why they still were unable to change their passwords after I implemented these changes.
Or maybe it was a user error ... but than, there should have been another error message ... :blink:
Cross my fingers,
John -
Accepted Answer
John, it's moved location on the server so your download failed. It now lives in the updates folder HERE so
yum clean all
yum upgrade
is all you need to do...if it reports there is nothing to update, then you should already have the latest version (5.2-21). You can find out with
rpm -q app-users
-
Accepted Answer
Thanks for your responses Alex & Len,
There must be a good reason why the file is no longer on the servers, so I leave it at that ... but ...
Since I was able to successfully change their passwords (when logged in with their accounts), I almost suspected this to be a user error.
Until I let them change their password on the box itself, without any problems ... :blink:
For now it works, because the box is not fully in production yet, but I don't want to make this a standard procedure ... and neither do they ... :blush:
Btw ... it didn't matter if I switched off the (standalone) firewall and AFAIK all the correct ports are opened.
Please advice,
John -
Accepted Answer
The app-users-5.2-20.i386.rpm is no longer in the /clearos/enterprise/5.2/other directory.
I see the download in the above post. Downloaded, installed it, made the smb.conf change Peter suggested.
http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,10/do,quote/func,post/id,17599/
It worked on my Win 7 64-bin laptop. -
Accepted Answer
Hi
If you look at the previous lines of your log, you will see that it is reporting:-
Saving to: `missing.html'
and indeed if you try to load the file in a browser, it comes up with an error page. It looks like the file is no longer on the server. I'm not sure why they have taken it off, but it could perhaps be that it conflicts with a subsequent update. However, i've put the copy from my server up on my web space for you:-
http://www.computer-sos.org.uk/clearos/app-users-5.2-20.i386.rpm
Hope this helps. Be aware that I am only a user like yourself, so any help or advice i may give may have flaws in it.
Alex -
Accepted Answer
-
Accepted Answer
Hi all,
Since the reported problem has been solved a while ago, I wonder why I still encounter it ... :blink:
When clients attempt to change their password they get the infamous error message:
Paramater is invalid - Username.
When I login with their account I am able to successfully change their password ... :blink:
Maybe it's my M$ minded brain that is falling of a cliff, but this is really freaking me out ... :angry:
These are the steps I took before deciding to write this post:
# yum clean all
# yum update
# service samba restart
# wget http://download.clearfoundation.com/clearos/enterprise/5.2/other/app-users-5.2-20.i386.rpm
--2011-04-13 14:49:24-- http://download.clearfoundation.com/clearos/enterprise/5.2/other/app-users-5.2-20.i386.rpm
Resolving download.clearfoundation.com... 67.18.3.121, 64.34.186.224, 64.34.185.197, ...
Connecting to download.clearfoundation.com|67.18.3.121|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://mirror1-dallas.clearsdn.com/missing.html [following]
--2011-04-13 14:49:25-- http://mirror1-dallas.clearsdn.com/missing.html
Resolving mirror1-dallas.clearsdn.com... 67.18.3.121
Connecting to mirror1-dallas.clearsdn.com|67.18.3.121|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 452 [text/html]
Saving to: `missing.html'
100%[======================================>] 452 --.-K/s in 0s
2011-04-13 14:49:26 (9.66 MB/s) - `missing.html' saved [452/452]
# rpm -Uvh app-users-5.2-20.i386.rpm
error: open of app-users-5.2-20.i386.rpm failed: No such file or directory
changing "unix password sync = Yes" to "unix password sync = No" in /etc/samba/smb.conf and a smb restart also did not solve the problem.
Please help ...
Greetings,
John -
Accepted Answer
Hi I don't know if this will help but we had the same problem and it turned out that all we had to do on our 5.2 sp 1 pdc was change the following line in the smb.com (/etc/samba/smb.conf):
unix password sync = Yes
to
unix password sync = No
once samba was restarted (/etcinit.d/smb restart) we were able to change passwords from windows. -
Accepted Answer
I am having this issue of trying to change the password from the Windows XP client. It's important to note that I did a fresh install of ClearOS (5.2 SP1) this month. I checked the smb.conf file and "password chat timeout" is equal to "10" and I have the package "app-samba-api 5.2-21" installed by default. The only item that differs from what was discussed in this thread is the "app-users" rpm. I did a package list and ClearOS 5.2 SP1 installs app-users-5.2-10.
I suppose the updated ClearOS software (app-samba-api) that was fixed in the bug report got put into SP1 but perhaps the app-users-5.2-20.i386.rpm didn't get added to the iso. I am not a developer so I have no idea if there is a reason it didn't get included in the iso but just wanted to make someone aware that this issue still has to be fixed manually when installing ClearOS 5.2 SP1
I am a first time user of ClearOS and I really like it. Thanks for the hard work!
-Eric -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Hi all,
i have also the problem.
when i want to change password user form pc (win7) in the domain, in my log i have this:
[2010/09/22 21:52:23.039871, 0] ../libcli/auth/smbencrypt.c:589(decode_pw_buffer)
decode_pw_buffer: incorrect password length (-1480333090).
[2010/09/22 21:52:23.039939, 0] ../libcli/auth/smbencrypt.c:590(decode_pw_buffer)
decode_pw_buffer: check that 'encrypt passwords = yes'
i've aded to smb.conf : encrypt passwords = yes
but it not resolved .
thanks, -
Accepted Answer
Peter
OK, ignore my last 2 messages please. I am feeling very dumb right now.
I set up my server with roaming profiles for 1 good reason. I couldn't trust the people in my office to make sensible use of the U: drive so that they would have access to their files from any computer. I should have taken my own advice. The reason my computer was taking so long to log on and off is that it was synchronizing my user profile, which had become rather large due to my use of the documents and downloads folders. A quick bit of housekeeping onto the U: drive and suddenly my computer logs on and off in a fraction of the time.
I can understand why Roaming Profiles are not entirely recommended, though in our office, unfortunately necessary.
Alex -
Accepted Answer
-
Accepted Answer
Peter
I am very pleased to announce that mine is also working fine now thank you.
Not sure if this is worth mentioning, but since most people will have a password policy of "No Expire" or a long time, due to this problem having existed, it might. I changed the password policy while my desktop was logged on and on logging off, it came up with an error message about being unable to save my roaming profile. Starting again, I shutdown all computers and had no issues with the rest. In other words, it might be best to log off all computers before changing the "password policy" settings.
One possible issue I have come across in connection with this is that logging on or changing password on my Windows Vista Business Edition Desktop takes an absolute age, despite the fact that it is by far the fastest computer on our network (all the rest run XP Pro).
The first time I tried to change my password, it hung for 5 minutes saying it was changing the password. It is not unusual for it to take that long to log on as well. All of the xp machines log on in seconds as you would expect.
It's not a major issue to me as I really hate Vista and wanted an excuse to get rid of it.
Alex -
Accepted Answer
-
Accepted Answer
Ah yes. You should also add the following line to the /etc/samba/smb.conf file:
passwd chat timeout = 10
By default, the password change request will only wait 2 seconds. That's not enough time for some systems (notably, our old file server). You may need to reload the Samba server after making this change:
service smb restart
Maybe if Peter explain us what the rmp does, we can contribute some help too.
Sure! The password request from a Windows desktop is handled by the /usr/sbin/userpasswd script. The first bug was just a typo... that was fixed. The second issue involves some magic that happens when Samba runs this script. If the passwords in LDAP are changed when Samba is running the script, you will get the warning message. By adding a workaround specifically for Samba, the password changes succeed.
In case you are wondering, the bug crept into 5.2 because of the changes required by the password policy system. Unfortunately, running a test using the /usr/sbin/userpasswd script directly doesn't catch the problem. -
Accepted Answer
-
Accepted Answer

Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »