[Samba] samba 3.0.2a-Debian +ldapsam +smbldap-tools 3.0rc4-1=
newly created users can't log in
Andrew Bartlett
abartlet at samba.org
Thu Mar 18 21:37:23 GMT 2004
On Fri, 2004-03-19 at 06:33, Bradley W. Langhorst wrote:
> On Thu, 2004-03-18 at 13:15, Bradley W. Langhorst wrote:
>
> > sambaPwdLastSet: 0
> here's the problem!
> if i manually change this to "1" in the ldap store the login works fine
> 0 should be an okay value i think - though smbldap-passwd should set it
> to the current time...
It should! Either the value must be left out, or it *must* be a valid
time.
> > I cranked up the log to 100 and watched what's going on during login...
> > It finds the user using the same filter as i did above.
> > It finds all the attributes except the NT and LM passwords.
> > But then i find this:
> > 2004/03/18 11:58:52, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
> > pop_sec_ctx (2007, 100) - sec_ctx_stack_ndx = 0
> > [2004/03/18 11:58:52, 3] libsmb/ntlm_check.c:ntlm_password_check(182)
> > ntlm_password_check: NO NT password stored for user mcmahon.
> > [2004/03/18 11:58:52, 3] libsmb/ntlm_check.c:ntlm_password_check(309)
> > ntlm_password_check: NO LanMan password set for user mcmahon (and no
> > NT password supplied)
> I believe these false reports to be a bug
> i just looked in the code to see if i could find something obvious but
> it would take me a while trace out whats going on...
>
> maybe one of the developers just knows where to fix this.
The issue is that we key the existence of a valid password against
sambaPwdLastSet being some value other than 0. This is due to bugs in
3.0.0 and 3.0.1 (see the 3.0.2a release notes).
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040319/714613fa/attachment.bin
More information about the samba-technical
mailing list