Samba 2.0.6 smbpasswd difficulties

[John Malmberg]

"john marchant" <jmarchant at cobbcounty.organization> wrote:
> Date: Thu, 13 Dec 2001 13:01:35 -0500


Samba Version: 2.0.6
Frontport 1.0 E 2
OpenVMS ???  7.?
TCPIP 5.? Eco ?

> 
> Ok, now I have:
> 
> smbpasswd
> Old SMB password:
> New SMB password:
> Retype new SMB password:
> 
> machine 127.0.0.1 rejected the session setup. Error was : ERRSRV - ERRbadpw
> (Bad
>  password - name/password pair in a Tree Connect or Session Setup are
> invalid.).
> Failed to change password for my_username


The error message indicates that for some reason smbpasswd is trying to 
access a Windows NT Server at localhost.  Of course that will never happen.

This happens when you try to run the SMBPASSWD from some other account 
than the SYSTEM account.

This means that you need to run SMBPASSWD from the SYSTEM account due to 
this UNIX code that I did not notice.

And that means unless you are using the untested domain passthrough, the 
password can not be set by any other account.

Obviously this area needs more debugging.

To make this work, the FRONTPORT library needs to be updated so that the 
fport__getuid() code can detect when it is installed with privilege, and 
  then behave like a UNIX program that has the setuid bit set.
Plus an OpenVMS specific patch to SMBPASSWD needs to be made to fix the 
security so that non-privileged users are restricted to changing their 
own LANMAN passwords.


The only workaround is:

You will need to be logged into the SYSTEM account, and use the 
following commands.

Adding an account:

smbpasswd -a username password

Or to change the password:

smbpasswd username password.

 

Or spend the time to figure out how to get the SAMBA 2.0.6 to become a 
member of an NT domain.  (This is experimental in the UNIX release so I 
have no idea of how well it will work.)

-John
wb8tyw at qsl.network
Personal Opinion Only