[Samba] Samba + pdb_mysql - password hashes disappearing?
Andrew Gray
grayaw at egr.unlv.edu
Tue Apr 20 16:34:55 GMT 2004
After catching a mention of this in another topic, I tried changing
things so pass last set time column and pass can change time column both
returned a real number instead of 0, and it works now.
On Mon, 2004-04-19 at 16:13, Andrew Gray wrote:
> This is using samba-3.0.2a, as downloaded from us2.samba.org today (19th
> of April), on Debian Linux.
>
> I have setup and gotten mostly-working the MySQL PDB for Samba. It
> queries the database correctly, pulls in the data, etc.
>
> However, when I connect as a user, I get:
> [2004/04/19 15:56:23, 3] libsmb/ntlm_check.c:ntlm_password_check(182)
> ntlm_password_check: NO NT password stored for user grayaw.
> [2004/04/19 15:56:23, 3] libsmb/ntlm_check.c:ntlm_password_check(294)
> ntlm_password_check: NEITHER LanMan nor NT password supplied for user
> grayaw
>
> Finding this odd (since the hashes are in the database, and correct), I
> added a lot of debugging, specifically in row_to_sam_account in
> passdb/pdb_mysql.c at line 105:
>
> if (pdb_gethexpwd(row[20], temp))
> {
> DEBUG(0, ("Got LANMAN password %s\n", temp));
> pdb_set_lanman_passwd(u, temp, PDB_SET);
> }
>
> (I have done the same things with the LANMAN and NT hashes throughout -
> same results with both, but only listing LANMAN for brevity). This
> outputs in the log file the expected line ("Got LANMAN password <string
> of 8 binary characters that are my LANMAN hash, as pulled from the
> database, followed by leftovers from the SELECT statement which
> shouldn't be an issue since the copies are byte-number-restricted later
> on)).
>
> I then added a couple lines into passdb/pdb_get_set.c,
> pdb_set_lanman_password, line 958:
>
> if (pwd) {
> sampass->private.lm_pw = data_blob(pwd, LM_HASH_LEN);
> DEBUG(0, ("Setting LANMAN password %s in %08x\n", pwd,
> sampass));
> DEBUG(0, ("Trying to get it back: %08x\n",
> pdb_get_lanman_passwd(sampass)));
>
> This is to the verify it is setting the password, and able to retrieve
> it. I get the correct lines in the logfile ("Setting LANMAN password
> <same stuff> in 08394fd8", then "Trying to get it back: 08397808").
>
> Curiousier and curiousier. I added debug lines to auth/auth_sam.c,
> sam_password_ok, line 56:
>
> DEBUG(0, ("Attempting to retrieve passwords for user '%s' from
> %08x.\n", username,sampass));
> lm_pw = pdb_get_lanman_passwd(sampass);
> nt_pw = pdb_get_nt_passwd(sampass);
>
> DEBUG(0, ("Got %08x and %08x\n", lm_pw, nt_pw));
>
> Here I get: "Attempting to retrieve passwords for user 'grayaw' from
> 08394fd8." (correct) and "Got 00000000 and 00000000."
>
> Huh? The passwords were set, and retrievable with the exact same
> functions right after the set. So I am very confused. It would seem
> the password entries are being wiped out, somehow, someway, but I'm not
> familiar enough with the source to begin tracking this down.
>
> I've searched google, this mailing list, etc. and can't find any
> reference to this problem. Any assistance would be appreciated.
>
> --
> Andrew Gray
> Systems Administrator
> College of Engineering
> University of Nevada, Las Vegas
--
Andrew Gray
Systems Administrator
College of Engineering
University of Nevada, Las Vegas
More information about the samba
mailing list