[Samba] pam_smbpasswd+ldap versus smbd+ldap problem

Pierre Belanger pbelang1 at oss.cantel.rogers.com
Tue Apr 16 12:10:02 GMT 2002 

Hi,

I downloaded a few minutes ago the latest 2.2.4-pre from the CVS.
Note that I haven't tried any previous version with the current
setup.

Here's what I am doing. I compiled 2.2.4-pre with :

./configure --without-winbind --with-acl-support --with-utmp
--with-syslog --with-pam --with-automount --with-pam_smbpass
--with-ldapsam

After installing the PAM module under Solaris 8, I am able to
use the "migrate" option for the module as well as authentication
using the ntPassword attribute from the LDAP server.

So far so good! Now the problem...

With Samba, it doesn't work at all. It keeps on saying :

  NT MD4 password check failed

for no reason!!! I know the password in the LDAP is good.

Here's the log, I removed the lmPassword and ntPassword.

[2002/04/16 14:56:30, 2] passdb/pdb_ldap.c:ldap_open_connection(143)
  ldap_open_connection: connection opened
[2002/04/16 14:56:30, 2] passdb/pdb_ldap.c:ldap_connect_system(177)
  ldap_connect_system: succesful connection to the LDAP server
[2002/04/16 14:56:30, 2] passdb/pdb_ldap.c:ldap_search_one_user(189)
  ldap_search_one_user: searching
for:[(&(uid=pbelang1)(objectclass=sambaaccount))]
[2002/04/16 14:56:30, 2] passdb/pdb_ldap.c:get_single_attribute(287)
  get_single_attribute: [uid] = [pbelang1]
[2002/04/16 14:56:30, 2] passdb/pdb_ldap.c:init_sam_from_ldap(422)
  Entry found for user: pbelang1
[2002/04/16 14:56:30, 2] passdb/pdb_ldap.c:get_single_attribute(287)
  get_single_attribute: [pwdLastSet] = [1018977257]
[2002/04/16 14:56:30, 2] passdb/pdb_ldap.c:get_single_attribute(287)
  get_single_attribute: [logonTime] = [0]
[2002/04/16 14:56:30, 2] passdb/pdb_ldap.c:get_single_attribute(287)
  get_single_attribute: [logoffTime] = [2147483647]
[2002/04/16 14:56:30, 2] passdb/pdb_ldap.c:get_single_attribute(287)
  get_single_attribute: [kickoffTime] = [2147483647]
[2002/04/16 14:56:30, 2] passdb/pdb_ldap.c:get_single_attribute(287)
  get_single_attribute: [pwdCanChange] = [0]
[2002/04/16 14:56:30, 2] passdb/pdb_ldap.c:get_single_attribute(287)
  get_single_attribute: [pwdMustChange] = [2147483647]
[2002/04/16 14:56:30, 2] passdb/pdb_ldap.c:get_single_attribute(287)
  get_single_attribute: [cn] = [pbelang1]
[2002/04/16 14:56:30, 2] passdb/pdb_ldap.c:get_single_attribute(280)
  get_single_attribute: [homeDrive] = [<does not exist>]
[2002/04/16 14:56:30, 5] passdb/pdb_ldap.c:init_sam_from_ldap(464)
  homeDrive fell back to H:
[2002/04/16 14:56:30, 2] passdb/pdb_ldap.c:get_single_attribute(280)
  get_single_attribute: [smbHome] = [<does not exist>]
[2002/04/16 14:56:30, 4] lib/substitute.c:automount_server(160)
  Home server: alkonost
[2002/04/16 14:56:30, 5] passdb/pdb_ldap.c:init_sam_from_ldap(473)
  smbHome fell back to \\alkonost\pbelang1
[2002/04/16 14:56:30, 2] passdb/pdb_ldap.c:get_single_attribute(280)
  get_single_attribute: [scriptPath] = [<does not exist>]
[2002/04/16 14:56:30, 5] passdb/pdb_ldap.c:init_sam_from_ldap(482)
  scriptPath fell back to logon.cmd
[2002/04/16 14:56:30, 2] passdb/pdb_ldap.c:get_single_attribute(280)
  get_single_attribute: [profilePath] = [<does not exist>]
[2002/04/16 14:56:30, 4] lib/substitute.c:automount_server(160)
  Home server: alkonost
[2002/04/16 14:56:30, 5] passdb/pdb_ldap.c:init_sam_from_ldap(491)
  profilePath fell back to \\alkonost\pbelang1\profile
[2002/04/16 14:56:30, 2] passdb/pdb_ldap.c:get_single_attribute(280)
  get_single_attribute: [description] = [<does not exist>]
[2002/04/16 14:56:30, 2] passdb/pdb_ldap.c:get_single_attribute(280)
  get_single_attribute: [userWorkstations] = [<does not exist>]
[2002/04/16 14:56:30, 2] passdb/pdb_ldap.c:get_single_attribute(287)
  get_single_attribute: [rid] = [61228]
[2002/04/16 14:56:30, 2] passdb/pdb_ldap.c:get_single_attribute(287)
  get_single_attribute: [primaryGroupID] = [1201]
[2002/04/16 14:56:30, 2] passdb/pdb_ldap.c:get_single_attribute(287)
  get_single_attribute: [lmPassword] = [<REMOVEDREMOVEDREMOVEDREMOVED>]
[2002/04/16 14:56:30, 2] passdb/pdb_ldap.c:get_single_attribute(287)
  get_single_attribute: [ntPassword] = [<REMOVEDREMOVEDREMOVEDREMOVED>]
[2002/04/16 14:56:30, 2] passdb/pdb_ldap.c:get_single_attribute(287)
  get_single_attribute: [acctFlags] = [[UX         ]]
[2002/04/16 14:56:30, 4] smbd/password.c:smb_password_ok(475)
  smb_password_ok: Checking SMB password for user pbelang1
[2002/04/16 14:56:30, 5] smbd/password.c:smb_password_ok(489)
  smb_password_ok: challenge received
[2002/04/16 14:56:30, 4] smbd/password.c:smb_password_ok(499)
  smb_password_ok: Checking NT MD4 password
[2002/04/16 14:56:30, 4] smbd/password.c:smb_password_ok(504)
  smb_password_ok: NT MD4 password check failed
[2002/04/16 14:56:30, 4] smbd/password.c:smb_password_ok(518)
  smb_password_ok: Checking LM password
[2002/04/16 14:56:30, 4] smbd/password.c:smb_password_ok(523)
  smb_password_ok: LM password check failed
[2002/04/16 14:56:30, 2] smbd/password.c:pass_check_smb(575)
  pass_check_smb failed - invalid password for user [pbelang1]
[2002/04/16 14:56:30, 1] smbd/reply.c:reply_sesssetup_and_X(989)
  Rejecting user 'pbelang1': authentication failed
[2002/04/16 14:56:30, 3] smbd/error.c:error_packet(106)
  error packet at smbd/reply.c(991) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE


Thank you,
Pierre B.

More information about the samba mailing list