[Samba] samba 3.0.2a-Debian +ldapsam +smbldap-tools 3.0rc4-1= newly created users can't log in

Andrew Bartlett abartlet at samba.org
Thu Mar 18 21:37:23 GMT 2004

On Fri, 2004-03-19 at 06:33, Bradley W. Langhorst wrote:
> On Thu, 2004-03-18 at 13:15, Bradley W. Langhorst wrote:
> > sambaPwdLastSet: 0
> here's the problem!
> if i manually change this to "1" in the ldap store  the login works fine
> 0 should be an okay value i think - though smbldap-passwd should set it
> to the current time...

It should!  Either the value must be left out, or it *must* be a valid

> > I cranked up the log to 100 and watched what's going on during login...
> > It finds the user using the same filter as i did above.
> > It finds all the attributes except the NT and LM passwords.
> > But then i find this:
> > 2004/03/18 11:58:52, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
> >   pop_sec_ctx (2007, 100) - sec_ctx_stack_ndx = 0
> > [2004/03/18 11:58:52, 3] libsmb/ntlm_check.c:ntlm_password_check(182)
> >   ntlm_password_check: NO NT password stored for user mcmahon.
> > [2004/03/18 11:58:52, 3] libsmb/ntlm_check.c:ntlm_password_check(309)
> >   ntlm_password_check: NO LanMan password set for user mcmahon (and no
> > NT password supplied)
> I believe these false reports to be a bug
> i just looked in the code to see if i could find something obvious but
> it would take me a while trace out whats going on...
> maybe one of the developers just knows  where to fix this.

The issue is that we key the existence of a valid password against
sambaPwdLastSet being some value other than 0.   This is due to bugs in
3.0.0 and 3.0.1 (see the 3.0.2a release notes).  

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040319/714613fa/attachment.bin

More information about the samba mailing list