[Samba] samba 3.0.2a-Debian +ldapsam +smbldap-tools 3.0rc4-1= newly created users can't log in

Andrew Bartlett abartlet at samba.org
Thu Mar 18 21:37:23 GMT 2004 

On Fri, 2004-03-19 at 06:33, Bradley W. Langhorst wrote:
> On Thu, 2004-03-18 at 13:15, Bradley W. Langhorst wrote:
> 
> > sambaPwdLastSet: 0
> here's the problem!
> if i manually change this to "1" in the ldap store  the login works fine
> 0 should be an okay value i think - though smbldap-passwd should set it
> to the current time...

It should!  Either the value must be left out, or it *must* be a valid
time.

> > I cranked up the log to 100 and watched what's going on during login...
> > It finds the user using the same filter as i did above.
> > It finds all the attributes except the NT and LM passwords.
> > But then i find this:
> > 2004/03/18 11:58:52, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
> >   pop_sec_ctx (2007, 100) - sec_ctx_stack_ndx = 0
> > [2004/03/18 11:58:52, 3] libsmb/ntlm_check.c:ntlm_password_check(182)
> >   ntlm_password_check: NO NT password stored for user mcmahon.
> > [2004/03/18 11:58:52, 3] libsmb/ntlm_check.c:ntlm_password_check(309)
> >   ntlm_password_check: NO LanMan password set for user mcmahon (and no
> > NT password supplied)
> I believe these false reports to be a bug
> i just looked in the code to see if i could find something obvious but
> it would take me a while trace out whats going on...
> 
> maybe one of the developers just knows  where to fix this.

The issue is that we key the existence of a valid password against
sambaPwdLastSet being some value other than 0.   This is due to bugs in
3.0.0 and 3.0.1 (see the 3.0.2a release notes).  

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040319/714613fa/attachment.bin

More information about the samba mailing list