Samba 2.0.6 smbpasswd difficulties
John Malmberg
wb8tyw at qsl.net
Thu Dec 13 21:35:02 GMT 2001
"john marchant" <jmarchant at cobbcounty.organization> wrote:
> Date: Thu, 13 Dec 2001 13:01:35 -0500
Samba Version: 2.0.6
Frontport 1.0 E 2
OpenVMS ??? 7.?
TCPIP 5.? Eco ?
>
> Ok, now I have:
>
> smbpasswd
> Old SMB password:
> New SMB password:
> Retype new SMB password:
>
> machine 127.0.0.1 rejected the session setup. Error was : ERRSRV - ERRbadpw
> (Bad
> password - name/password pair in a Tree Connect or Session Setup are
> invalid.).
> Failed to change password for my_username
The error message indicates that for some reason smbpasswd is trying to
access a Windows NT Server at localhost. Of course that will never happen.
This happens when you try to run the SMBPASSWD from some other account
than the SYSTEM account.
This means that you need to run SMBPASSWD from the SYSTEM account due to
this UNIX code that I did not notice.
And that means unless you are using the untested domain passthrough, the
password can not be set by any other account.
Obviously this area needs more debugging.
To make this work, the FRONTPORT library needs to be updated so that the
fport__getuid() code can detect when it is installed with privilege, and
then behave like a UNIX program that has the setuid bit set.
Plus an OpenVMS specific patch to SMBPASSWD needs to be made to fix the
security so that non-privileged users are restricted to changing their
own LANMAN passwords.
The only workaround is:
You will need to be logged into the SYSTEM account, and use the
following commands.
Adding an account:
smbpasswd -a username password
Or to change the password:
smbpasswd username password.
Or spend the time to figure out how to get the SAMBA 2.0.6 to become a
member of an NT domain. (This is experimental in the UNIX release so I
have no idea of how well it will work.)
-John
wb8tyw at qsl.network
Personal Opinion Only
More information about the samba-vms
mailing list