[Samba] Error when changing domain password in Windows XP

Gaiseric Vandal gaiseric.vandal at gmail.com
Thu May 26 05:10:35 MDT 2011 

Do you have a password change chat script configured and defined in smb.conf
?

I run solaris 10 with Sun/Oracle Directory Server for LDAP backend.  Samba
runs as root but root is NOT a ldap administrator.  My chat script has to
run with ldap admin priveledges.   Though I could have probably had it run
as the windows user if it it can process the old and new password.

-----Original Message-----
From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
On Behalf Of Torkil Svensgaard
Sent: Thursday, May 26, 2011 6:42 AM
To: samba at lists.samba.org
Subject: [Samba] Error when changing domain password in Windows XP

Hi list

I'm have a samba (2:3.5.4~dfsg-1ubuntu8.4) domain with LDAP backend and 
I'm getting the following error when I try to change my domain password 
via Windows XP:

"The User name or old password is incorrect. Letters in passwords must 
be typed using the correct case".

The password is typed correctly and it does get changed in LDAP though.

This snippet from the log may be the culprit:

[2011/05/26 12:22:14.392666,  5] lib/smbldap.c:1556(smbldap_modify)
   smbldap_modify: dn => [uid=torkil,ou=Users,dc=drcmr,dc=local]
[2011/05/26 12:22:14.392990, 10] lib/smbldap.c:1576(smbldap_modify)
   Failed to modify dn: uid=torkil,ou=Users,dc=drcmr,dc=local, error: 16 
(No such attribute) (modify/delete: sambaNTPassword: no such value)
[2011/05/26 12:22:14.393027,  3] smbd/sec_ctx.c:418(pop_sec_ctx)
   pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 1
[2011/05/26 12:22:14.393046,  5] 
rpc_server/srv_samr_nt.c:1954(_samr_ChangePasswordUser2)
   _samr_ChangePasswordUser2: 1954
[2011/05/26 12:22:14.393059,  1] 
../librpc/ndr/ndr.c:251(ndr_print_function_debug)
        samr_ChangePasswordUser2: struct samr_ChangePasswordUser2
           out: struct samr_ChangePasswordUser2
               result                   : NT_STATUS_UNSUCCESSFUL

The attribute sambaNTPassword is present on the object, so that makes no 
sense?

I'm also seeing this error:

[2011/05/26 12:22:15.512074,  0] 
../libcli/auth/smbencrypt.c:589(decode_pw_buffer)
   decode_pw_buffer: incorrect password length (1024268875).
[2011/05/26 12:22:15.512087,  0] 
../libcli/auth/smbencrypt.c:590(decode_pw_buffer)
   decode_pw_buffer: check that 'encrypt passwords = yes'
[2011/05/26 12:22:15.512100,  5] 
rpc_server/srv_samr_nt.c:1954(_samr_ChangePasswordUser2)
   _samr_ChangePasswordUser2: 1954
[2011/05/26 12:22:15.512111,  1] 
../librpc/ndr/ndr.c:251(ndr_print_function_debug)
        samr_ChangePasswordUser2: struct samr_ChangePasswordUser2
           out: struct samr_ChangePasswordUser2
               result                   : NT_STATUS_WRONG_PASSWORD

Any suggestions? I found this problem when I installed pam_passwdqc, 
which seem to work.

Thanks,

Torkil
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list