[Samba] iPlanet ldap authentication: NT password check failed

Mihail S. Dorofeev mdorofeev at sibnefteprovod.ru
Tue Oct 22 11:51:01 GMT 2002 

Hello everybody!

Sorry for (maybe) a stupid question... Again:
problem with authentication against LDAP (iPlanet Directory Server 4.16), Solaris 8 SPARK server
i have compiled samba 2.2.6 --with-ldapsam option
When connecting from w2k prof workstation i see the following log files:
----------------------------------------------------------------------------------------------------------------------
2002/10/22 14:42:21, 2] passdb/pdb_ldap.c:ldap_open_connection(216)
  ldap_open_connection: connection opened
[2002/10/22 14:42:21, 2] passdb/pdb_ldap.c:ldap_connect_system(250)
  ldap_connect_system: succesful connection to the LDAP server
[2002/10/22 14:42:21, 2] passdb/pdb_ldap.c:ldap_search_one_user(262)
  ldap_search_one_user: searching for:[(&(uid=mdorofeev)(objectclass=sambaAccount))]
[2002/10/22 14:42:21, 2] passdb/pdb_ldap.c:get_single_attribute(360)
  get_single_attribute: [uid] = [mdorofeev]
[2002/10/22 14:42:21, 2] passdb/pdb_ldap.c:init_sam_from_ldap(495)
  Entry found for user: mdorofeev
[2002/10/22 14:42:21, 2] passdb/pdb_ldap.c:get_single_attribute(354)
  get_single_attribute: [pwdLastSet] = [<does not exist>]
[2002/10/22 14:42:21, 2] passdb/pdb_ldap.c:get_single_attribute(354)
  get_single_attribute: [logonTime] = [<does not exist>]
[2002/10/22 14:42:21, 2] passdb/pdb_ldap.c:get_single_attribute(354)
  get_single_attribute: [logoffTime] = [<does not exist>]
[2002/10/22 14:42:21, 2] passdb/pdb_ldap.c:get_single_attribute(354)
  get_single_attribute: [kickoffTime] = [<does not exist>]
[2002/10/22 14:42:21, 2] passdb/pdb_ldap.c:get_single_attribute(354)
  get_single_attribute: [pwdCanChange] = [<does not exist>]
[2002/10/22 14:42:21, 2] passdb/pdb_ldap.c:get_single_attribute(354)
  get_single_attribute: [pwdMustChange] = [<does not exist>]
[2002/10/22 14:42:21, 2] passdb/pdb_ldap.c:get_single_attribute(360)
  get_single_attribute: [cn] = [Р?РёС:аиР> Р?РчС?Р?РчРчР?РёС╪ Р"Р?С?Р?С"РчРчР?]
[2002/10/22 14:42:21, 2] passdb/pdb_ldap.c:get_single_attribute(354)
  get_single_attribute: [homeDrive] = [<does not exist>]
[2002/10/22 14:42:21, 2] passdb/pdb_ldap.c:get_single_attribute(354)
  get_single_attribute: [smbHome] = [<does not exist>]
[2002/10/22 14:42:21, 4] lib/substitute.c:automount_server(160)
  Home server: margo
[2002/10/22 14:42:21, 2] passdb/pdb_ldap.c:get_single_attribute(354)
  get_single_attribute: [scriptPath] = [<does not exist>]
[2002/10/22 14:42:21, 2] passdb/pdb_ldap.c:get_single_attribute(354)
  get_single_attribute: [profilePath] = [<does not exist>]
[2002/10/22 14:42:21, 4] lib/substitute.c:automount_server(160)
  Home server: margo
[2002/10/22 14:42:21, 2] passdb/pdb_ldap.c:get_single_attribute(354)
  get_single_attribute: [description] = [<does not exist>]
[2002/10/22 14:42:21, 2] passdb/pdb_ldap.c:get_single_attribute(354)
  get_single_attribute: [userWorkstations] = [<does not exist>]
[2002/10/22 14:42:21, 2] passdb/pdb_ldap.c:get_single_attribute(360)
  get_single_attribute: [rid] = [100]
[2002/10/22 14:42:21, 2] passdb/pdb_ldap.c:get_single_attribute(354)
  get_single_attribute: [primaryGroupID] = [<does not exist>]
[2002/10/22 14:42:21, 2] passdb/pdb_ldap.c:get_single_attribute(354)
  get_single_attribute: [lmPassword] = [<does not exist>]
[2002/10/22 14:42:21, 2] passdb/pdb_ldap.c:get_single_attribute(360)
  get_single_attribute: [ntPassword] = [81030A39A1C251FCAAD3B435B51404EE]
[2002/10/22 14:42:21, 2] passdb/pdb_ldap.c:get_single_attribute(354)
  get_single_attribute: [acctFlags] = [<does not exist>]
[2002/10/22 14:42:21, 4] smbd/password.c:smb_password_ok(475)
  smb_password_ok: Checking SMB password for user mdorofeev
[2002/10/22 14:42:21, 4] smbd/password.c:smb_password_ok(499)
  smb_password_ok: Checking NT MD4 password
[2002/10/22 14:42:21, 4] smbd/password.c:smb_password_ok(504)
  smb_password_ok: NT MD4 password check failed
[2002/10/22 14:42:21, 2] smbd/password.c:pass_check_smb(575)
  pass_check_smb failed - invalid password for user [mdorofeev]
[2002/10/22 14:42:21, 2] smbd/reply.c:reply_sesssetup_and_X(972)
  NT Password did not match for user 'mdorofeev'!
[2002/10/22 14:42:21, 1] smbd/reply.c:reply_sesssetup_and_X(998)
  Rejecting user 'mdorofeev': authentication failed
----------------------------------------------------------------------------------------------------------------------
The QUESTION IS : IS THERE _A_ WAY TO USE userPassword attr for Samba authentication ??
What i did is i ran smbpasswd, looked at the password file,  copied the string containing the encrypted password and 
inserted this value into the directory->ntPassword filed. However it didnt match :( Login failed.
Or, maybe, there is a way to sync ntPassword and userPassword (taking care of different encryption scheme)?
This would be ONLY useful if done by LDAP server means......
I use plain text passwords in the userPassword filed for my eMail auth etc.... This also works for Solaris PAM Ldap auth!!!!

Sincerely, mdorofeev
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the samba mailing list