[Samba] Strange error message when a user can't change password

Mogens Kjaer mk at crc.dk
Tue Sep 24 13:10:01 GMT 2002

Mogens Kjaer wrote:
> Bradley W. Langhorst wrote:
>>> However, if a user selects a password that is too short,
>>> he/she will get a misleading error message saying that
>>> the _old_ password is wrong.
>>> This occurs both when the user is on a w2k machine or
>>> on a win95 machine.
>>> How do I set it up so that the user is given
>>> a better error message?
>> I don't think you can...
>> I gave up on that problem a while ago.
>> I'd love to be proved wrong though...
>> brad
> I can see from the source code in source/smbd/lanman.c
> that the error code returned from samba is 86:
> #define NERR_badpass 86

I have learned a few things...

I got it to work with w2k clients,
by modifying source/rpc_server/srv_samr_nt.c:

I have found a description of the error codes
for win9x clients in:



The transaction response parameters section consists of:
@ A 16 bit word indicating the return status. The possible values are:

Code                    Valu  Description
NERR_Success            0     No errors encountered
ERROR_ACCESS_DENIED     5     User has insufficient privilege
ERROR-INVALID-PASSWORD  86    The specified password is invalid
NERR_PasswordCantChange 2243  The password cannot be changed
NERR_PasswordTooShort   2246  The password is too short

So I changed the error code 86 into 2246 - but the error
message I get in win95 is: "The password of this user is
too recent to change".

I can see in ethereal that a response packet with the error
number 2246 is indeed sent from samba. The text displayed
by ethereal for this error message is "The password is too short".

I don't know why windows doesn't display the right message...

Mogens Kjaer, Carlsberg Laboratory, Dept. of Chemistry
Gamle Carlsberg Vej 10, DK-2500 Valby, Denmark
Phone: +45 33 27 53 25, Fax: +45 33 27 47 08
Email: mk at crc.dk Homepage: http://www.crc.dk

More information about the samba mailing list