Samba 2.2.0 password changing problem

Joe Meslovich joe at bridgewater.edu
Mon Apr 23 16:22:22 GMT 2001 

	Using a cvs download from the morning of Thursday April 19th I
upgraded our login server running 2.0.6 to 2.2.0. Since then I have
discovered that users are unable to change their passwords. They are win
95 clients and an error is returned that the old password is incorrect.
When I use smbpasswd to manually change passwords it appears to work, but
the users cannot be validated then by the samba server. Users with
passwords that came over from 2.0.6 can still login, but anyone who has
had their password manually by smbpasswd 2.2.0 cannot login. Below is an
exert from the system log with level 100 debugging.

[2001/04/23 09:46:45, 10] passdb/smbpass.c:iterate_getsmbpwnam(1291)
  found by name: jam002
[2001/04/23 09:46:45, 7] passdb/smbpass.c:endsmbfilepwent_internal(184)
  endsmbfilepwent_internal: closed password file.
[2001/04/23 09:46:45, 4] smbd/password.c:smb_password_ok(454)
  Checking SMB password for user jam002
[2001/04/23 09:46:45, 5] smbd/password.c:smb_password_ok(473)
  challenge received
[2001/04/23 09:46:45, 4] smbd/password.c:smb_password_ok(481)
  smb_password_ok: Checking NT MD4 password
[2001/04/23 09:46:45, 4] smbd/password.c:smb_password_ok(488)
  NT MD4 password check failed
[2001/04/23 09:46:45, 4] smbd/password.c:smb_password_ok(494)
  Checking LM MD4 password
[2001/04/23 09:46:45, 4] smbd/password.c:smb_password_ok(510)
  LM MD4 password check failed
[2001/04/23 09:46:45, 2] smbd/password.c:pass_check_smb(586)
  pass_check_smb failed - invalid password for user [jam002]
[2001/04/23 09:46:45, 1] smbd/reply.c:reply_sesssetup_and_X(975)
  Rejecting user 'jam002': authentication failed

Here is an exert from our smb.conf concerning passwds:

   domain logons = yes
   unix password sync = yes
#   unix realname = yes
#  passwd program = /bin/passwd %u
#  passwd chat = *New*password* %n\n *new*password* %n\n
   passwd program = /usr/local/sbin/BCpassman -user %u terra pluto
   passwd chat = *new*password* %n\n retype*new*password* %n\n *All*is*well*

BCpassman is our in house expect script that uses ssh to sync unix passwds
on two other unix systems. From what I have seen the process does not get
that far. I am still puzzled by the fact that passwds changed by the 2.0.6
version of smbpasswd allow users to log in, but not the 2.2.0 version.

Here is the entry in the smbpasswd file for user jam002 created by the
2.0.6 version of smbpasswd:

jam002:8663:9C6602D2622F49641664635A22D01271:617B07A0803FA6981960CADCAA059CF3:[U
          ]:LCT-3AE454F7:

Here is the same entry using the 2.2.0 version

jam002:8663:9C6602D2622F4964613E9293942509F0:9550C6CA481F99CF8A50547B752D85A6:[U
          ]:LCT-3AE45555:

The plain text passwd is: iaat5tiums


I am just stumped by the fact that it is failing in this manner. The only
change that I have made to the download was to /smbd/chgpasswd.c here is a
diff of my changes:

# diff chgpasswd.orig chgpasswd.c
241c241
<               timeout = 2000;
---
>               timeout = 4000;
410c410
<               alarm(20);
---
>               alarm(30);

This change was made to allow enough time for the BCpassman script to
completely finish so as not to leave a orphaned child process. We have
made this change in previous versions of samba as well and they have
functions normally.

							Thank you,
							Joe Meslovich

----------------------------------------------------------------------------
Joe Meslovich						joe at bridgewater.edu
Associate Network/Systems Engineer	                College Box 499
Tel: (540) 828 - 5343

More information about the samba-technical mailing list