+++ This bug was initially created as a clone of Bug #467905 +++ Description of problem: Non-root user can't change his samba password when system <-> samba password synchronization is enabled because of selinux. Version-Release number of selected component (if applicable): samba 3.0.32-3.5.el5 selinux-policy-targeted-2.4.6-170.el5 How reproducible: always Steps to Reproduce: run RHTS test /CoreOS/samba/Regression/config/bz422721-password-change-with-pam, watch for avc denials. or 1.setup samba to sync its password with classic unix system passwords, start it. smb.conf: [global] security = user pam password change =yes unix password sync = yes 2. create user, add mih to samba user db 3. 'su' to the new user, change password with smbpasswd Actual results: [zel@x86-64-5s-2-m1 root]$ smbpasswd Old SMB password: New SMB password: Retype new SMB password: Receiving SMB: Server stopped responding rpc_api_pipe: Remote machine 127.0.0.1 pipe \samr fnum 0x77d1returned critical error. Error was Call returned zero bytes (EOF) cli_rpc_pipe_close: cli_close failed on pipe \samr, fnum 0x77d1 to machine 127.0.0.1. Error was Call returned zero bytes (EOF) machine 127.0.0.1 rejected the password change: Error was : NT_STATUS_END_OF_FILE. Failed to change password for zel The problem is caused by unix_update incorrectly requiring old password when root asks for password change. pam_unix.so module will not ask for it and pass it to unix_update.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-1358.html