LinuxQuestions.org - How to Change Password of Domain User on Ubuntu Box

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - How to Change Password of Domain User on Ubuntu Box (https://www.linuxquestions.org/questions/linux-newbie-8/how-to-change-password-of-domain-user-on-ubuntu-box-648208/)

How to Change Password of Domain User on Ubuntu Box

Hi to All,

I have created a Linux Box (Ubuntu) where domain users of Active Directory can log in. I have successfully login the domain accounts and I'm trying to change password of a domain user.

DOMAIN\admin@sampledesktop:~$ passwd
passwd: User not known to the underlying authentication module
passwd: password unchanged

Please see below some PAM config.

/etc/pam.d/common-password:
password requisite pam_unix.so nullok obscure md5
password required pam_smbpass.so nullok use_authtok try_first_pass

/etc/pam.d/common-auth:
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth sufficient /lib/security/pam_winbind.so use_first_pass
auth required /lib/security/pam_deny.so

account required /lib/security/pam_unix.so broken_shadow
account sufficient /lib/security/pam_localuser.so
account sufficient /lib/security/pam_succeed_if.so uid < 100 quiet
account [default=bad success=ok user_unknown=ignore] /lib/security/pam_winbind.so
account required /lib/security/pam_permit.so

password requisite /lib/security/pam_passwdqc.so retry=3
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow
password sufficient /lib/security/pam_winbind.so use_authtok
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so

auth optional /lib/security/pam_smbpass.so migrate

I'm hoping someone can help me to find a solution to thing.

That's all.

sudo passwd (user name)

A, ok thanks. However, I've encountered some problems on using sudo for domain users. Although I've inserted the domain group on visudo, system return a message, not in the sudoer file. Before this, I also have error on listing domain user / group (wbinfo -u /-g), saying error listing on domain users /groups.

Is it a prerequisite to have a successful listing of domain user /group although it's successful to connect on domain users on my ubuntu desktop? or it just a wrong contents on /etc/pam.d/sudo?

/etc/pam.d/sudo entries:
auth sufficient pam_winbind.so
auth sufficient pam_unix.so nullok_secure use_first_pass
auth required pam_deny.so
@include common-account

I hope you could help me with this. Thanks.