undesired root password change

Jeroen Heijungs Jeroen.Heijungs at Het-Muziektheater.nl
Mon Mar 26 09:35:36 GMT 2001 

After I have found the solutions for the login troubles, I have stumbled
upon the next rather annoying problem, perhaps hav I done something very
wrong, but if someone knows anything about the following then please...

Samba 2.0.7 on FreeBSD 4.2-stable
Windows 95 workstations
I used plaintext password, everything OK.
When I put the parm "encrypt passwords = true", no one can login, until I
add a user with the smbpasswd -a option.
Now I want to change the password for the user, in Windows I do this in
Configuration, and all goes well, I can login again with te new password,
but not with the old one. 
So far so good.

BUT now the horror: when I try (on the BSD box) to su myself to root, it
keeps on saying that the password is wrong, but I have not changed the
password so far I know. It turns out that the root password is changed to
the new password for the user above, I have examined this a little bit and
found out that when changing the password in Windows, the corresponding
password in the smbpasswd file is being changed accordingly, BUT NOT THE
PASSWORD FOR THE UNIX-USER, INSTEAD THE PASSWORD FOR ROOT IS BEING CHANGED!!!

My question: is this a known behaviour? is this a real security bug, have I
done something wrong or overlooked something?
BTW isn't there an option to force periodic password change?

thanks in advance
Jeroen Heijungs
Het Muziektheater
Amsterdam, The Netherlands


My SMB.CONF
[global]
   workgroup = LICHT
   netbios name = LICHTSERVER
   server string = TEST %L (Samba %v)
   domain logons = Yes
   os level = 33
   logon script = %g\smblogin.bat

   # Netwerkopties
   interfaces = 172.22.1.1/16 172.20.1.14/16
   socket options = TCP_NODELAY SO_KEEPALIVE IPTOS_LOWDELAY

   # Security
   invalid users = root
   security = user
   min password length = 5
   unix password sync = Yes
   encrypt passwords = true
   smb passwd file = /usr/local/private/smbpasswd
   hosts allow = 172.22. 172.20.1.12 172.20.3.26 localhost

   # File system rechten
   inherit permissions = yes
   map archive = no

   # Logging
   log file = /var/log/log.%m
   max log size = 1024
   debug uid = Yes
   log level = 1

   # Printing
   load printers = No

More information about the samba mailing list