[Samba] Order of getpwnam call in Get_Pwnam_internals.

hhyy ww hywusmb at gmail.com
Thu Jan 25 10:27:48 UTC 2024 

Hi list,

My case :
Local UNIX user : ZTEST
domain : uuq.ork
domain user : UUQ\ztest
smb.conf for standalone samba : /home/hywu/smb.conf

[/home/hywu] # cat /home/hywu/smb.conf
[global]
passdb backend = smbpasswd
workgroup = WORKGROUP
security=user

Smbpasswd fail to change local UNIX user password (ZTEST) when samba role is DC.
I want to change password of local UNIX user "ZTEST" but get domain
user "UUQ\ztest" from


root at uuu:/# getent passwd | tail
hywu:x:1000:1000 hywu,,,:/home/hywu:/bin/bash
sshd:X:128:65534::/run/sshd:/usr/sbin/nologin
jone:x:1001:1001:,,,:/home/jone:/bin/bash
ZTEST:X:1002:1002:,,,:/home/ZTEST: /bin/bash
UUQ\administrator:*:0:100::/home/UUQ/administrator:/bin/false
UUQ\guest:*:3000008:100::/home/UUQ/guest :/bin/false
UUQ\krbtgt:*:3000012:100::/home/UUQ/krbtgt:/bin/false
UUQ\ztest:*:3000013:100::/home/UUQ/ztest:/bin/false
root at uuu:/#
root at uuu:/#smbpasswd -c /home/hywu/smb.conf -U ZTEST -D 2
rlimit max:increasing (1024) to minimum Windows limit (16384)
New SMB password:
Retype new SMB password:
Cannot update entry for user UUQ\ztest, as they don't exist in the
smbpasswd file!
smbpasswd_update_sam_account: mod_smbfilepud_entry failed!
Failed to modify entry for user ZTEST.
root at uuu:/# uname -a
Linux uuu 6.5.0-14-generic #14~22.04.1-Ubuntu SMP...


I checked samba code then I found the problem is order of gerpwnam
call in Get_Pwnam_internals(). Lowercase first order will get domain
user (UUQ/ztest) but local account(ZTEST).

local_password_change()
 pdb_getsampwnam()
  smbpasswd_getsampwnam()
    build_sam_account()
     Get_Pwnam_alloc()
      Get_Pwnam_internals() <-- turn "ZTEST" to "ztest"
       getpwnam_alloc_cached()
        getpwnam()
         (nss_winbinadd)
          winbindd_getpwnam_send()
           parse_domain_user() <-- add "UUQ" to domain and namespace.
            assume_domain()

When samba role is DC , "winbind use default domain" does not work in
assume_domain(). Then getpwnam() get domain user.

I have checked the following list and commit
https://lists.samba.org/archive/samba-technical/2008-March/058508.htmlhttps://git.samba.org/?p=samba.git;a=commitdiff;h=ea4a0d509ef70e91baedc5eebf4f4bcff10dac96

Why the order of getpwnam call in Get_Pwnam_internals() change from
original name first to lowercase first?

HY Wu.

More information about the samba mailing list