CTRL-ALT-DEL Password Change Problem

Pedro Miguel Frazão F. Ferreira pfrazao at ualg.pt
Sat Jan 16 15:06:14 GMT 1999 

Beej wrote:
> 
> I'm working in an academic environment, and we have students working on
> Solaris 2.6 and NT 4 (not up to SP4 yet), and I'll be moving our
> NT clients onto a dedicated Samba-based PDC running on an Ultra1 SPARC.
> 
> One of the main goals here will be to sync the passwords so students
> need only be concerned about the one (apparent) account.
> 
> My problem is that I cannot change my NT password while served off
> samba using the CTRL-ALT-DEL method. It insists that I got my old
> password wrong, and so will not change (but it lets me log into the
> workstation to start with).
> 
> The log message says:
> [1999/01/17 00:59:45, 0] smbd/chgpasswd.c:check_oem_password(741)
>   check_oem_password: old lm password doesn't match.

	Yesterday I experienced what I believe this problem is. At least I had
the same simptoms. The problem is that when samba tryes to change your
UNIX password, the UNIX password program is run as root and it does not
ask for an old password, but the chat password in smb.conf provides one.
The solution for me was to include these lines in smb.conf:

encrypt passwords = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *new*password* %n\n *new*password* %n\n *changed*
unix password sync = Yes

	Et voila ! Now the password chat does not provide a old password to the
UNIX passwd program which does not expect one (At least in my conf.:
samba2.0.0, Debian 2.1 (frozen dist-slink), NT Wkst 4 sp3).
	I think this is what you want. Hope this helps.

	Ciao,
> 
> Hacking the code shows that the old nt password doesn't match either.
> 
> I've been having this problem with samba releases 2beta4-5 and
> the big one, samba-2.0.0. Even have the same problem with grabbing
> the archive off cvs. Tis most frustrating.
> 
> I've successfully changed passwords using smbpasswd and ntpass in
> rpcclient (btw, is there a man page out for rpcclient?).
> 
> Is this a problem that will magically disappear if I upgrade the NT
> workstations to SP4 ?
> 
> I've read alot of messages in the samba-ntdom archive, and it seems
> that many people have managed to get this working, and I'm fascinated
> how they've done it. Suggestions please.
> 
> I've had no problem with adding and using new users, netlogon shares
> with policies, and roaming profiles ; They are working fine without
> too much fuss.
> 
> Included is the smb.conf for your inspection.
> 
> Something else I've noticed. I downloaded a ssh program that runs on
> NT boxes (ftp://ftp.netsoc.ucd.ie/pub/computing/ssh) that I've used
> before.
> 
> I've tried running the program off a samba share, and through the
> program's execution, I get this NT dialogue box popping up, saying
> something like "snmp.exe: The network name has been deleted". This
> message then keeps cropping up with any attempt to access files
> from the samba share, until logout.
> 
> I've only had this error come up from this ssh binary, and off a
> samba share (moved it to c:\temp and it worked fine).
> 
> This is not a ntdomain problem, but I thought I'd share this bit of
> weirdness with the rest of you. =)
> 
> Bj
> 
> Included smb.conf
> 
> # Global parameters
>         ; Samba Test Domain
>         workgroup = BJLAB
>         ...
>         encrypt passwords = Yes
>         log file = /local/samba2/var/log.%m
>         max log size = 5000
>         lock dir = /tmp/sambalocks
>         browseable = no
>         create mask = 0600
>         directory mask = 0700
>         domain logons = yes
>         domain master = yes
>         preferred master = yes
> 
>         ; Watch those roaming profile connections disappear ASAP
>         deadtime = 1
> 
>         logon drive = X:
>         logon home = \\%N\%U
>         logon script = scripts\%U.cmd
>         logon path = \\%N\Profiles\%U
> 
> [homes]
>         comment = Home Directories
>         writeable = yes
>         browseable = yes
>         guest ok = no
> 
>         ...
> 
> [NETLOGON]
>         path = /local/samba2/netlogon
>         writeable = no
>         locking = no
> 
> [Profiles]
>         path = /local/samba2/profiles
>         writeable = yes
> 
> +-------------------------------+--------------------------------------+
> |      Benjamin (Bj) Kuit       |  School of Computing Sciences        |
> |      Systems Programmer       |  University of Technology, Sydney    |
> |      Phone: 9514 1841         |  Email: bj at mcs.uts.edu.au            |
> |      Mobile: 0412 182 972     |                                      |
> +-------------------------------+--------------------------------------+

-- 
------------------------------------------------------------------------
    Pedro Miguel Frazao Fernandes Ferreira, Universidade do Algarve
          U.C.E.H., Campus de Gambelas, 8000 - Faro, Portugal
pfrazao at ualg.pt     Tel.:+351 89 800950 / 872950     Fax: +351 89 818560
                     http://w3.ualg.pt/~pfrazao

More information about the samba-ntdom mailing list