[Samba] samba 3.0.4 on SLES8: password sync will not work...(decode_pw_buffer: incorrect password length)

RRuegner robert at ruegner.org
Mon May 17 19:37:30 GMT 2004 

Chris Almond schrieb:
> Has anyone got unix password sync for samba3.0.x running successfully on 
> SLES8 server?  Do I need the SLES service packs?  Is there an 
> interaction with PAM that I need to be aware of?
> 
> I've compiled the full developer build of samba from 3.0.4-4 source. 
> Compile was successful.  I'm running tdbsam as password backend.  I've 
> troubleshooted quit a bit using google, docs, etc. as guide.
> 
> Everytime I get same DEBUG output in the log file:
> 
>    [2004/05/17 09:44:08, 0] libsmb/smbencrypt.c:decode_pw_buffer(519)
>      decode_pw_buffer: incorrect password length (-2013139859).
>    [2004/05/17 09:44:08, 0] libsmb/smbencrypt.c:decode_pw_buffer(520)
>      decode_pw_buffer: check that 'encrypt passwords = yes'
> 
> and here is the DEBUG source code from smbencrypt.c generating the 
> output above:
> 
>    /* Password cannot be longer than the size of the password buffer */
>         if ( (byte_len < 0) || (byte_len > 512)) {
>             DEBUG(0, ("decode_pw_buffer: incorrect password length 
> (%d).\n", byte_len));
>             DEBUG(0, ("decode_pw_buffer: check that 'encrypt passwords = 
> yes'\n"));
>             return False;
>         }
> 
> So somewhow the byte_len of the password buffer (first 4 bits of the 
> buffer) is not being set correctly.
> 
> I've played with many different passwd chat scripts - all leading to the 
> same problem.
> 
> 
> 
Hi you should use the suse rpms , from ftp.suse.com people gd , or get 
the latest smba packs from sernet ftp,
yes and of course you have to change /etc/pam.d/login
with something like this
#%PAM-1.0
# password-sync
#
# A sample PAM configuration that shows the use of pam_smbpass to make
# sure private/smbpasswd is kept in sync when /etc/passwd (/etc/shadow)
# is changed.  Useful when an expired password might be changed by an
# application (such as ssh).
auth       requisite        pam_nologin.so
auth       required         pam_unix.so
account    required         pam_unix.so
password   requisite        pam_cracklib.so retry=3
password   requisite        pam_unix.so shadow md5 use_authtok 
try_first_pass
password   required         pam_smbpass.so nullok use_authtok try_first_pass
session    required         pam_unix.so
######################################################################################
so it will work,
be aware that you will get failure if you client has the latest ms 
patches which breaks this feature, but it should be ok with the latest 
version of stable samba ( which you can get at sernets ftp )
Regards

More information about the samba mailing list