我成功配置了 Ubuntu 15.10 Workstation 以针对 Active Directory 进行身份验证。到目前为止唯一剩下的就是更改 Active Directory 密码的能力。当我passwd以登录 Active Directory 用户的身份输入命令时,我看到以下内容:
情况1:
aduser@xenomorph:~$ passwd
Changing password for aduser
(current) NT password:
passwd: Permission denied
passwd: password unchanged
案例 2:
aduser@xenomorph:~$ passwd aduser
Changing password for aduser
(current) NT password:
passwd: Permission denied
passwd: password unchanged
案例三:
aduser@xenomorph:~$ passwd DOMAIN\\aduser
Changing password for DOMAIN\aduser
(current) NT password:
passwd: Permission denied
passwd: password unchanged
在这三种情况下我都会收到以下日志(用户名发生变化但错误相同):
Nov 19 12:58:59 xenomorph passwd[5691]: pam_unix(passwd:chauthtok): user "aduser" does not exist in /etc/passwd
Nov 19 12:58:59 xenomorph passwd[5691]: pam_winbind(passwd:chauthtok): getting password (0x0000002a)
Nov 19 12:59:03 xenomorph passwd[5691]: pam_winbind(passwd:chauthtok): user 'aduser' granted access
Nov 19 12:59:03 xenomorph passwd[5691]: pam_unix(passwd:chauthtok): user "aduser" does not exist in /etc/passwd
Nov 19 12:59:03 xenomorph passwd[5691]: pam_winbind(passwd:chauthtok): getting password (0x00000012)
我的pam.d文件:common-password看起来像这样(为了更好的可读性我删除了所有注释):
password [success=2 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512
password [success=1 default=ignore] pam_winbind.so use_authtok try_first_pass
password requisite pam_deny.so
password required pam_permit.so
password optional pam_gnome_keyring.so
我不知道如何解决这个问题。有什么想法吗?