Help with Interpretation
Matthias Wächter
matthias at waechter.wol.at
Mon Jul 26 05:48:57 GMT 1999
On Mon, 26 Jul 1999, Hendrik den Hartog wrote:
> (Password change works without 'unix password sync')
Of course, Samba does no lexical checking of your password.
> We need the sync because some Client machines (Acorn RiscPCs)
> can't use encrypted PWs.
?? /etc/passwd is also encrypted, just in another way. If they send plain
text passwords you can always validate again the smbpasswd, too. Using
pam_smb I think you can also drop any password storing in /etc/passwd or
/etc/shadow.
Your problem is not the password sync itself, your problem is either the
underlaying UNIX or yourself using a really _easy-to-guess_ password. :-)
> [1999/07/26 13:36:50, 3] smbd/chgpasswd.c:chgpasswd(394)
> Password change for user: testpupil
> [1999/07/26 13:36:50, 3] smbd/chgpasswd.c:findpty(89)
> pty: try to open ptya0, line was /dev/ptyXX
> [1999/07/26 13:36:50, 3] smbd/chgpasswd.c:findpty(93)
> pty: opened /dev/ptya0
> [1999/07/26 13:36:50, 3] smbd/chgpasswd.c:chat_with_program(369)
> Dochild for user testpupil (uid=0,gid=0)
> [1999/07/26 13:36:50, 10] smbd/chgpasswd.c:dochild(189)
> Invoking '/usr/bin/passwd testpupil' as password change program.
> [1999/07/26 13:36:51, 100] smbd/chgpasswd.c:talktochild(263)
> talktochild: chatbuf=[*New*UNIX*password*] responsebuf=[New UNIX
> password: ]
> [1999/07/26 13:36:51, 100] smbd/chgpasswd.c:talktochild(276)
> talktochild: sendbuf=[test123
> ]
Well... that password breaks your UNIX passwd program. Try it on the
command line (as non-root): you will receive the same message message:
> [1999/07/26 13:36:51, 100] smbd/chgpasswd.c:talktochild(263)
> talktochild: chatbuf=[*ReType*new*UNIX*password*] responsebuf=[
> BAD PASSWORD: it is based on a dictionary word
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Retype new UNIX password: ]
That's what's written here...
> [1999/07/26 13:36:51, 100] smbd/chgpasswd.c:talktochild(276)
> talktochild: sendbuf=[test123
> ]
> [1999/07/26 13:36:55, 100] smbd/chgpasswd.c:talktochild(263)
> talktochild: chatbuf=[*passwd:*all*authentication*tokens*updated*
> successfully*] responsebuf=[]
Interestingly, there is no response? Hmmm... maybe you didn't specify the
correct password chat for your system?
> [1999/07/26 13:36:55, 3] smbd/chgpasswd.c:talktochild(266)
> response 3 incorrect
In fact, response 2 should have already been incorrect (from my point of
view), in case of "BAD PASSWORD:" samba should stop sending passwords to
the passwd program immediately. This is accomplished by not specifying
_any_ "*" in your password chat script (at least after the first
chatbuf) as long as the response isn't really random.
My chat script looks as follows:
passwd chat = *New\spassword: %n\n \nRe-enter\snew\spassword: %n\n \nPassword\schanged.\n
\s is replacement for " ", because " " is the separator for
chatbuf/sendbuf. It may look uglier than the star-ed default, but it only
accepts what I really receive from passwd in case of success in each
step.
Well, anyhow: Use a "better" password (from /bin/passwd's point of view)
and try again.
Sehr Wus,
- Matthias
--
Bunt ist das Dasein und granatenstark. Und: Volle Kanne, Hoschis!
aus: "Bill und Teds verrückte Reise durch die Zeit"
-----------------------------------------------------------------------------
More information about the samba-ntdom
mailing list