Password server rejecting passwords.

Arcadio A. Sincero Jr. asincero at
Sat Jan 31 07:14:25 GMT 1998

Hello SAMBA Mailing List,

	I have three SAMBA v1.9.18 servers running on three Linux 2.0.33
(Debian 1.3.2 distribution) machines operating on my LAN. They are named
Server1, Server2, and Server3.  I have Server1 functioning as the
"password server" for my SAMBA and Win95 network.  In Server1's smb.conf
file I have the following set:

	password level    = 20
	security          = user
        encrypt passwords = yes

I created the smbpasswd file for Server1 as was explained in the
ENCRYPTION.txt text file (except I used ypcat passwd.byname because I run
NIS: ypcat passwd.byname| > smbpasswd).

	I have Server2 and Server3 ask Server1 for password
authentication.  Therefore I have the following in thier smb.conf files:

	password level    = 20
	security          = server
        password server   = Server1
        encrypt passwords = yes

	I also have Server1 functioning as the "domain master browser" as
well as the "WINS server".  Therefore, I also have the following in
Server1's smb.conf file:

	wins support      = yes
        domain master     = yes
        local master      = yes
        preferred master  = yes
        os level          = 255

        Server2, however, does domain logins.  So in Server2's smb.conf
file, I also have:

        domain logons     = yes
        logon script      = logon.bat


	Now that I got all that preliminary stuff out of the way, I can
get to my problem :-) ...

	My problem is trying to change the SMB password from Control
Panel->Passwords from Win95 boxes.  Win95 reports that "This request is
not supported by the network".  The "NET PASSWORD" command from DOS boxes
also fail.  Checking the log files of Server2, I see the following error

	password server SERVER1 rejected the password
        get_smbpwd_entry: unable to open file /etc/samba/private/smbpasswd

The second part of the error message is understandable.  Because Server2
is set to ask Server1 for password authentication, I figure it doesn't
need an smbpasswd file of its own.  So I didn't create one.  But the first
part of the error message I do not understand.  Why does Server1 reject
the password?

	Checking Server1's log file did not reveal a whole lot.  In it's
log file, the only message that I see that could be related to this
problem is:

	get_smbpwd_entry: malformed password entry (uid not number)

I say "could be" because I get the first error message in Server2's log
file multiple times (once for every time I try to change the password from
a Win95 box), but that error message in Server1's log file only appears

	I tried fooling with the "passwd program" setting in the smb.conf
file.  To see if the program I set for "passwd program" even gets
executed when I try to change the password from the Win95 box, I created a
test script (called 'testbin') which simply looks like this:

	echo "Hello" > /tmp/out

And I set the "passwd program" setting to "passwd program = testbin".  If
the passwd program actually does get executed, I should get a file named
'out' in /tmp.  But I don't.  So this seems to indicate that the program I
have set for "passwd program" does not even get executed.  I did this for
both Server1 and Server2 with negative results.

	Also, I did set -DALLOW_CHANGE_PASSWORD in the Makefile before
compiling SAMBA.

	Anybody have any ideas as to what could be the problem?  Thanks in
advance for any help on this.

Arcadio A. Sincero Jr. a.k.a The TicK -=LpC=-
Undergraduate Computer Science Major/Linux Enthusiast/Competitive Bodybuilder 
e-mail: asincero at

"Only lamers quote themselves in their .signatures." 
                                - Arcadio A. Sincero Jr., 1997

More information about the samba mailing list