Can not change domain password from Windows XX
Morris Stevens
mstevens at initialsecurity.com
Tue Nov 27 11:28:02 GMT 2001
I have had great success with SAMBA so far, and love it to death. What I
have here is a minor setback, but it is proving to be a time consuming one.
I have a samba server (samba v. 2.2.1a) on Red Hat Linux v. 7.2 with several
member samba servers out serving files over a VPN. It is working great thus
far, and I could not be more happy with it. My Problem is that I can't use
the standard password utility in windows to change my domain password. I
get an hourglass at the workstation (tried at several workstations with
several different versions of windows...same thing) for a few moments, then
a response back that my password is bad. If I use a known bad password, I
get an immediate return back that I have a bad password--no hourglass.
My current smb.conf:
[global]
netbios name = IS_MASTER
workgroup = CORP_DOM
wins server=192.168.101.10
time server=yes
log level=3
passwd chat debug=yes
os level = 64
preferred master = no
domain master = yes
local master = no
security = user
encrypt passwords = yes
domain logons = yes
#logon script
logon script = "%U.bat"
unix password sync = yes
passwd program = /usr/bin/passwd
[netlogon]
path=/usr/corporate_shares/netlogon
writeable = no
write list = @adm
[sysvol]
path=/usr/corporate_shares/sysvol
read only=no
browseable=no
write list = @corpgroup
this is the log.smbd file output for an unsuccessful login with above
paramaters (increased debug info)
[2001/11/27 13:25:05, 3] smbd/oplock.c:init_oplocks(1200)
open_oplock_ipc: opening loopback UDP socket.
[2001/11/27 13:25:05, 3] lib/util_sock.c:open_socket_in(837)
bind succeeded on port 0
[2001/11/27 13:25:05, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(293)
Linux kernel oplocks enabled
[2001/11/27 13:25:05, 3] smbd/oplock.c:init_oplocks(1230)
open_oplock ipc: pid = 4718, global_oplock_port = 33318
[2001/11/27 13:25:05, 3] smbd/process.c:process_smb(837)
Transaction 0 of length 72
[2001/11/27 13:25:05, 2] smbd/reply.c:reply_special(92)
netbios connect: name1=IS_MASTER name2=MSTEVENS
[2001/11/27 13:25:05, 2] smbd/reply.c:reply_special(111)
netbios connect: local=is_master remote=mstevens
[2001/11/27 13:25:05, 3] smbd/process.c:process_smb(837)
Transaction 1 of length 158
[2001/11/27 13:25:05, 3] smbd/process.c:switch_message(650)
switch message SMBnegprot (pid 4718)
[2001/11/27 13:25:05, 3] smbd/sec_ctx.c:set_sec_ctx(316)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2001/11/27 13:25:05, 3] smbd/negprot.c:reply_negprot(349)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2001/11/27 13:25:05, 3] smbd/negprot.c:reply_negprot(349)
Requested protocol [MICROSOFT NETWORKS 3.0]
[2001/11/27 13:25:05, 3] smbd/negprot.c:reply_negprot(349)
Requested protocol [DOS LM1.2X002]
[2001/11/27 13:25:05, 3] smbd/negprot.c:reply_negprot(349)
Requested protocol [DOS LANMAN2.1]
[2001/11/27 13:25:05, 3] smbd/negprot.c:reply_negprot(349)
Requested protocol [Windows for Workgroups 3.1a]
[2001/11/27 13:25:05, 3] smbd/negprot.c:reply_negprot(349)
Requested protocol [NT LM 0.12]
[2001/11/27 13:25:05, 3] smbd/negprot.c:reply_negprot(433)
Selected protocol NT LM 0.12
[2001/11/27 13:25:05, 3] smbd/process.c:process_smb(837)
Transaction 2 of length 162
[2001/11/27 13:25:05, 3] smbd/process.c:switch_message(650)
switch message SMBsesssetupX (pid 4718)
[2001/11/27 13:25:05, 3] smbd/sec_ctx.c:set_sec_ctx(316)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2001/11/27 13:25:05, 3] smbd/reply.c:reply_sesssetup_and_X(865)
Domain=[CORP_DOM] NativeOS=[Windows 4.0] NativeLanMan=[Windows 4.0]
[2001/11/27 13:25:05, 3] smbd/reply.c:reply_sesssetup_and_X(876)
sesssetupX:name=[MIS906]
[2001/11/27 13:25:05, 2] smbd/reply.c:reply_sesssetup_and_X(990)
Defaulting to Lanman password for mis906
[2001/11/27 13:25:05, 3] smbd/sec_ctx.c:push_sec_ctx(284)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2001/11/27 13:25:05, 3] smbd/sec_ctx.c:set_sec_ctx(316)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2001/11/27 13:25:05, 3] smbd/sec_ctx.c:get_current_groups(167)
get_current_groups: uid 0 is in 2 groups: 513, 501
[2001/11/27 13:25:05, 3] smbd/sec_ctx.c:pop_sec_ctx(423)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2001/11/27 13:25:05, 3] smbd/sec_ctx.c:get_current_groups(167)
get_current_groups: uid 0 is in 2 groups: 513, 501
[2001/11/27 13:25:05, 3] smbd/password.c:register_vuid(322)
uid 513 registered to name mis906
[2001/11/27 13:25:05, 3] smbd/password.c:register_vuid(324)
Clearing default real name
[2001/11/27 13:25:05, 3] smbd/password.c:register_vuid(326)
User name: mis906 Real name: Morris Stevens
[2001/11/27 13:25:05, 1] lib/util_sock.c:get_socket_name(1001)
Gethostbyaddr failed for 192.168.101.104
[2001/11/27 13:25:05, 3] smbd/process.c:chain_reply(982)
Chained message
[2001/11/27 13:25:05, 3] smbd/process.c:switch_message(650)
switch message SMBtconX (pid 4718)
[2001/11/27 13:25:05, 3] smbd/sec_ctx.c:set_sec_ctx(316)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2001/11/27 13:25:05, 3] smbd/password.c:authorise_login(787)
authorise_login: ACCEPTED: validated uid ok as non-guest (user=mis906)
[2001/11/27 13:25:05, 3] smbd/service.c:make_connection(477)
Connect path is /tmp
[2001/11/27 13:25:05, 3] smbd/sec_ctx.c:push_sec_ctx(284)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2001/11/27 13:25:05, 3] smbd/sec_ctx.c:set_sec_ctx(316)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2001/11/27 13:25:05, 3] smbd/sec_ctx.c:get_current_groups(167)
get_current_groups: uid 0 is in 2 groups: 513, 501
[2001/11/27 13:25:05, 3] smbd/sec_ctx.c:pop_sec_ctx(423)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2001/11/27 13:25:05, 3] smbd/sec_ctx.c:get_current_groups(167)
get_current_groups: uid 0 is in 2 groups: 513, 501
[2001/11/27 13:25:05, 3] lib/util_seaccess.c:se_access_check(239)
se_access_check: user sid is
S-1-5-21-2876717569-4028184876-3063061709-2026
[2001/11/27 13:25:05, 3] lib/util_seaccess.c:se_access_check(242)
se_access_check: also S-1-5-21-2876717569-4028184876-3063061709-2027
[2001/11/27 13:25:05, 3] lib/util_seaccess.c:se_access_check(242)
se_access_check: also S-1-5-21-2876717569-4028184876-3063061709-2003
[2001/11/27 13:25:05, 3] lib/util_seaccess.c:se_access_check(242)
se_access_check: also S-1-1-0
[2001/11/27 13:25:05, 3] lib/util_seaccess.c:se_access_check(242)
se_access_check: also S-1-5-2
[2001/11/27 13:25:05, 3] lib/util_seaccess.c:se_access_check(242)
se_access_check: also S-1-5-11
[2001/11/27 13:25:05, 3] smbd/vfs.c:vfs_init_default(98)
Initialising default vfs hooks
[2001/11/27 13:25:05, 3] smbd/sec_ctx.c:set_sec_ctx(316)
setting sec ctx (513, 513) - sec_ctx_stack_ndx = 0
[2001/11/27 13:25:05, 3] smbd/sec_ctx.c:set_sec_ctx(322)
2 user groups:
513 501
[2001/11/27 13:25:05, 3] smbd/vfs.c:vfs_ChDir(643)
vfs_ChDir to /tmp
[2001/11/27 13:25:05, 3] smbd/service.c:make_connection(606)
mstevens (192.168.101.104) connect to service IPC$ as user mis906
(uid=513, gid=513) (pid 4718)
[2001/11/27 13:25:05, 3] smbd/sec_ctx.c:set_sec_ctx(316)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2001/11/27 13:25:05, 3] smbd/reply.c:reply_tcon_and_X(387)
tconX service=ipc$ user=mis906
[2001/11/27 13:25:05, 3] smbd/process.c:process_smb(837)
Transaction 3 of length 99
[2001/11/27 13:25:05, 3] smbd/process.c:switch_message(650)
switch message SMBtrans (pid 4718)
[2001/11/27 13:25:05, 3] smbd/sec_ctx.c:set_sec_ctx(316)
setting sec ctx (513, 513) - sec_ctx_stack_ndx = 0
[2001/11/27 13:25:05, 3] smbd/sec_ctx.c:set_sec_ctx(322)
2 user groups:
513 501
[2001/11/27 13:25:05, 3] smbd/ipc.c:reply_trans(484)
trans <\PIPE\LANMAN> data=0 params=19 setup=0
[2001/11/27 13:25:05, 3] smbd/ipc.c:named_pipe(336)
named pipe command on <LANMAN> name
[2001/11/27 13:25:05, 3] smbd/lanman.c:api_reply(3327)
Got API command 13 of form <WrLh> <B16BBDz>
(tdscnt=0,tpscnt=19,mdrcnt=427,mprcnt=6)
[2001/11/27 13:25:05, 3] smbd/lanman.c:api_reply(3335)
Doing RNetServerGetInfo
[2001/11/27 13:25:05, 3] smbd/process.c:process_smb(837)
Transaction 4 of length 99
[2001/11/27 13:25:05, 3] smbd/process.c:switch_message(650)
switch message SMBtrans (pid 4718)
[2001/11/27 13:25:05, 3] smbd/ipc.c:reply_trans(484)
trans <\PIPE\LANMAN> data=0 params=19 setup=0
[2001/11/27 13:25:05, 3] smbd/ipc.c:named_pipe(336)
named pipe command on <LANMAN> name
[2001/11/27 13:25:05, 3] smbd/lanman.c:api_reply(3327)
Got API command 63 of form <WrLh> <zzzBBzz>
(tdscnt=0,tpscnt=19,mdrcnt=427,mprcnt=6)
[2001/11/27 13:25:05, 3] smbd/lanman.c:api_reply(3335)
Doing NetWkstaGetInfo
[2001/11/27 13:25:05, 3] smbd/process.c:process_smb(837)
Transaction 5 of length 100
[2001/11/27 13:25:05, 3] smbd/process.c:switch_message(650)
switch message SMBsesssetupX (pid 4718)
[2001/11/27 13:25:05, 3] smbd/sec_ctx.c:set_sec_ctx(316)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2001/11/27 13:25:05, 3] smbd/reply.c:reply_sesssetup_and_X(865)
Domain=[] NativeOS=[CORP_DOM] NativeLanMan=[Windows 4.0]
[2001/11/27 13:25:05, 3] smbd/reply.c:reply_sesssetup_and_X(876)
sesssetupX:name=[]
[2001/11/27 13:25:05, 3] smbd/sec_ctx.c:push_sec_ctx(284)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2001/11/27 13:25:05, 3] smbd/sec_ctx.c:set_sec_ctx(316)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2001/11/27 13:25:05, 3] smbd/sec_ctx.c:get_current_groups(167)
get_current_groups: uid 0 is in 1 groups: 99
[2001/11/27 13:25:05, 3] smbd/sec_ctx.c:pop_sec_ctx(423)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2001/11/27 13:25:05, 3] smbd/sec_ctx.c:get_current_groups(167)
get_current_groups: uid 0 is in 1 groups: 99
[2001/11/27 13:25:05, 3] smbd/password.c:register_vuid(322)
uid 99 registered to name nobody
[2001/11/27 13:25:05, 3] smbd/password.c:register_vuid(324)
Clearing default real name
[2001/11/27 13:25:05, 3] smbd/password.c:register_vuid(326)
User name: nobody Real name: Nobody
[2001/11/27 13:25:05, 3] smbd/process.c:process_smb(837)
Transaction 6 of length 636
[2001/11/27 13:25:05, 3] smbd/process.c:switch_message(650)
switch message SMBtrans (pid 4718)
[2001/11/27 13:25:05, 3] smbd/sec_ctx.c:set_sec_ctx(316)
setting sec ctx (513, 513) - sec_ctx_stack_ndx = 0
[2001/11/27 13:25:05, 3] smbd/sec_ctx.c:set_sec_ctx(322)
2 user groups:
513 501
[2001/11/27 13:25:05, 3] smbd/ipc.c:reply_trans(484)
trans <\PIPE\LANMAN> data=532 params=21 setup=0
[2001/11/27 13:25:05, 3] smbd/ipc.c:named_pipe(336)
named pipe command on <LANMAN> name
[2001/11/27 13:25:05, 3] smbd/lanman.c:api_reply(3327)
Got API command 214 of form <zsT> <B516B16>
(tdscnt=532,tpscnt=21,mdrcnt=0,mprcnt=4)
[2001/11/27 13:25:05, 3] smbd/lanman.c:api_reply(3335)
Doing SamOEMChangePassword
[2001/11/27 13:25:05, 3] smbd/lanman.c:api_SamOEMChangePassword(1880)
api_SamOEMChangePassword: Change password for <MIS906>
[2001/11/27 13:25:05, 3] smbd/sec_ctx.c:push_sec_ctx(284)
push_sec_ctx(513, 513) : sec_ctx_stack_ndx = 1
[2001/11/27 13:25:05, 3] smbd/sec_ctx.c:set_sec_ctx(316)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2001/11/27 13:25:05, 3] smbd/sec_ctx.c:pop_sec_ctx(423)
pop_sec_ctx (513, 513) - sec_ctx_stack_ndx = 0
[2001/11/27 13:25:05, 3] smbd/chgpasswd.c:chgpasswd(451)
Password change for user: mis906
[2001/11/27 13:25:05, 3] smbd/sec_ctx.c:push_sec_ctx(284)
push_sec_ctx(513, 513) : sec_ctx_stack_ndx = 1
[2001/11/27 13:25:05, 3] smbd/sec_ctx.c:set_sec_ctx(316)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2001/11/27 13:25:05, 3] smbd/chgpasswd.c:chat_with_program(415)
Dochild for user mis906 (uid=0,gid=0)
[2001/11/27 13:25:09, 3] smbd/chgpasswd.c:talktochild(295)
Response 1 incorrect
[2001/11/27 13:25:09, 3] smbd/chgpasswd.c:chat_with_program(348)
Child failed to change password: mis906
[2001/11/27 13:25:09, 3] smbd/chgpasswd.c:chat_with_program(387)
The process exited while we were waiting
[2001/11/27 13:25:12, 3] smbd/process.c:process_smb(837)
Transaction 7 of length 39
[2001/11/27 13:25:12, 3] smbd/process.c:switch_message(650)
switch message SMBtdis (pid 4718)
[2001/11/27 13:25:12, 3] smbd/sec_ctx.c:set_sec_ctx(316)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2001/11/27 13:25:12, 3] smbd/sec_ctx.c:set_sec_ctx(316)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2001/11/27 13:25:12, 3] smbd/service.c:close_cnum(644)
mstevens (192.168.101.104) closed connection to service IPC$
[2001/11/27 13:25:12, 3] smbd/connection.c:yield_connection(50)
Yielding connection to IPC$
[2001/11/27 13:25:12, 3] smbd/sec_ctx.c:set_sec_ctx(316)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2001/11/27 13:25:12, 3] smbd/process.c:timeout_processing(1062)
end of file from client
[2001/11/27 13:25:12, 3] smbd/sec_ctx.c:set_sec_ctx(316)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2001/11/27 13:25:12, 2] smbd/server.c:exit_server(448)
Closing connections
[2001/11/27 13:25:12, 3] smbd/connection.c:yield_connection(50)
Yielding connection to
[2001/11/27 13:25:12, 3] smbd/server.c:exit_server(483)
Server exit (normal exit)
If anybody has seen this and can give me a clue, I would appreciate it
muchly. Thanks,
Morris
More information about the samba-ntdom
mailing list