[Samba] Problems with smbpasswd: any local changes are discarted after connection request

Lieven Van Acker Lieven.VanAcker at UGent.be
Wed Jan 19 18:41:50 GMT 2005


This issue was by design (see release notes of 3.0.2a), since the LCT
field is used to grant a user access. Point is LCT-X should != LCT-0.

Regards

Lieven

Op wo, 19-01-2005 te 18:22 +0100, schreef Lieven Van Acker:
> Hi,
> 
> Can anybody confirm the following problem:
> 
> Sequence:
> 
> bash-2.05# grep ankerpos /usr/samba.moonrock/private/smbpasswd
> ankerpos:921:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U
>          ]:LCT-0
> 
> bash-2.05# /usr/samba.moonrock/bin/smbpasswd -c /usr/samba.moonrock/lib/smb.conf
> ankerpos
> New SMB password:
> 
> Retype new SMB password:
> 
> bash-2.05# grep ankerpos /usr/samba.moonrock/private/smbpasswd
> ankerpos:921:4CD849F7C109C5D7B85EBEA904A749B9:1CC6D72446271E9697044BC68DB72678:[U
>          ]:LCT-0
> 
> bash-2.05# smbclient -L moonrock.admin -U ankerpos
> Password:
> 
> session setup failed: NT_STATUS_LOGON_FAILURE
> bash-2.05# grep ankerpos /usr/samba.moonrock/private/smbpasswd
> ankerpos:921:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U
>          ]:LCT-0
> 
> smbd.conf (global section):
> 
> [global]
>    printing = sysv
>    printcap name = /etc/printcap
>    load printers = yes
>    guest account = nobody
>    workgroup = WFW
>    os level = 33
>    encrypt passwords = yes
>    security = user
>    preserve case = yes
>    hosts allow = .....
>    log file = /var/samba.moonrock/log/smb/log.%m
>    log level = 3
>    max log size = 500
>    deadtime = 120
>    dfree command=/usr/samba.moonrock/bin/dfree
>    server string =
> #   character set = utf-8
>    unix charset = UTF8
> #   dos charset = cp850
>    socket address = ....
>    interfaces = ce0
>    bind interfaces only = yes
>    pid directory = /var/samba.moonrock/run
>    passdb backend = smbpasswd:/usr/samba.moonrock/private/smbpasswd
> 
> 
> log.moonrock:
> 
> [2005/01/19 18:02:31, 3] auth/auth.c:check_ntlm_password(219)
>   check_ntlm_password:  Checking password for unmapped user
> [WFW]\[ankerpos]@[MOONROCK] with the new password interface
> [2005/01/19 18:02:31, 3] auth/auth.c:check_ntlm_password(222)
>   check_ntlm_password:  mapped user is: [MOONROCK]\[ankerpos]@[MOONROCK]
> [2005/01/19 18:02:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
>   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2005/01/19 18:02:31, 3] smbd/uid.c:push_conn_ctx(365)
>   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2005/01/19 18:02:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2005/01/19 18:02:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
>   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
> [2005/01/19 18:02:31, 3] smbd/uid.c:push_conn_ctx(365)
>   push_conn_ctx(0) : conn_ctx_stack_ndx = 1
> [2005/01/19 18:02:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
> [2005/01/19 18:02:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
>   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2005/01/19 18:02:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
>   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2005/01/19 18:02:31, 3] libsmb/ntlm_check.c:ntlm_password_check(189)
>   ntlm_password_check: NO NT password stored for user ankerpos.
> [2005/01/19 18:02:31, 3] libsmb/ntlm_check.c:ntlm_password_check(356)
>   ntlm_password_check: NEITHER LanMan nor NT password supplied for user ankerpos
> [2005/01/19 18:02:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
>   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2005/01/19 18:02:31, 3] smbd/uid.c:push_conn_ctx(365)
>   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2005/01/19 18:02:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2005/01/19 18:02:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
>   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2005/01/19 18:02:31, 2] auth/auth.c:check_ntlm_password(312)
>   check_ntlm_password:  Authentication for user [ankerpos] -> [ankerpos] FAILED
> with error NT_STATUS_WRONG_PASSWORD
> [2005/01/19 18:02:31, 3] smbd/process.c:timeout_processing(1335)
>   timeout_processing: End of file from client (client has disconnected).
> [2005/01/19 18:02:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2005/01/19 18:02:31, 2] smbd/server.c:exit_server(577)
>   Closing connections
> [2005/01/19 18:02:31, 3] smbd/connection.c:yield_connection(69)
>   Yielding connection to
> [2005/01/19 18:02:31, 3] smbd/server.c:exit_server(620)
>   Server exit (normal exit)
> [2005/01/19 18:05:32, 3] auth/auth.c:check_ntlm_password(219)
>   check_ntlm_password:  Checking password for unmapped user
> [WFW]\[ankerpos]@[MOONROCK] with the new password interface
> [2005/01/19 18:05:32, 3] auth/auth.c:check_ntlm_password(222)
>   check_ntlm_password:  mapped user is: [MOONROCK]\[ankerpos]@[MOONROCK]
> [2005/01/19 18:05:32, 3] smbd/sec_ctx.c:push_sec_ctx(256)
>   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2005/01/19 18:05:32, 3] smbd/uid.c:push_conn_ctx(365)
>   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2005/01/19 18:05:32, 3] smbd/sec_ctx.c:set_sec_ctx(288)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2005/01/19 18:05:32, 3] smbd/sec_ctx.c:push_sec_ctx(256)
>   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
> [2005/01/19 18:05:32, 3] smbd/uid.c:push_conn_ctx(365)
>   push_conn_ctx(0) : conn_ctx_stack_ndx = 1
> [2005/01/19 18:05:32, 3] smbd/sec_ctx.c:set_sec_ctx(288)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
> [2005/01/19 18:05:32, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
>   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2005/01/19 18:05:32, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
>   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2005/01/19 18:05:32, 3] libsmb/ntlm_check.c:ntlm_password_check(189)
>   ntlm_password_check: NO NT password stored for user ankerpos.
> [2005/01/19 18:05:32, 3] libsmb/ntlm_check.c:ntlm_password_check(356)
>   ntlm_password_check: NEITHER LanMan nor NT password supplied for user ankerpos
> [2005/01/19 18:05:32, 3] smbd/sec_ctx.c:push_sec_ctx(256)
>   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2005/01/19 18:05:32, 3] smbd/uid.c:push_conn_ctx(365)
>   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2005/01/19 18:05:32, 3] smbd/sec_ctx.c:set_sec_ctx(288)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2005/01/19 18:05:32, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
>   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2005/01/19 18:05:32, 2] auth/auth.c:check_ntlm_password(312)
>   check_ntlm_password:  Authentication for user [ankerpos] -> [ankerpos] FAILED
> with error NT_STATUS_WRONG_PASSWORD
> [2005/01/19 18:05:32, 3] smbd/process.c:timeout_processing(1335)
>   timeout_processing: End of file from client (client has disconnected).
> [2005/01/19 18:05:32, 3] smbd/sec_ctx.c:set_sec_ctx(288)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2005/01/19 18:05:32, 2] smbd/server.c:exit_server(577)
>   Closing connections
> [2005/01/19 18:05:32, 3] smbd/connection.c:yield_connection(69)
>   Yielding connection to
> [2005/01/19 18:05:32, 3] smbd/server.c:exit_server(620)
>   Server exit (normal exit)
> 
> 
> 
> 
> 
> -- 
> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
> Lieven Van Acker                       e-mail: Lieven.VanAcker at UGent.be
> Directie ICT, Afdeling Infrastructuur               
> Groep Systemen                                      tel: +32 9 264 4732
> Universiteit Gent                                   fax: +32 9 264 4994
> Krijgslaan 281, gebouw S9, 9000 Gent, Belgie               www.UGent.be
> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
> 
-- 
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Lieven Van Acker                       e-mail: Lieven.VanAcker at UGent.be
Directie ICT, Afdeling Infrastructuur               
Groep Systemen                                      tel: +32 9 264 4732
Universiteit Gent                                   fax: +32 9 264 4994
Krijgslaan 281, gebouw S9, 9000 Gent, Belgie               www.UGent.be
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --



More information about the samba mailing list