[Samba] Re: samba-3.0.23d, smbpasswd, and "NO PASSWORD" behaviour
Todd Pfaff
pfaff at rhpcs.mcmaster.ca
Mon Feb 26 17:06:31 GMT 2007
I've had no responses to this question yet, and I'm still stuck with this
problem. Can anybody help, please?
Is this a capability of samba that not many people take advantage of?
Or am I trying to do something that just isn't possible anymore?
Picking through a the level 10 debug log of smbd, I see this:
[2007/02/26 11:49:36, 3] auth/auth_sam.c:sam_password_ok(51)
Account for user 'testuser' has no password and null passwords are NOT
allowed.
[2007/02/26 11:49:36, 9]
passdb/passdb.c:pdb_update_bad_password_count(1373)
No bad password attempts.
[2007/02/26 11:49:36, 5] auth/auth.c:check_ntlm_password(273)
check_ntlm_password: sam authentication for user [testuser] FAILED with
error NT_STATUS_LOGON_FAILURE
Is it no longer possible for a user to change their own samba password
from null "NO PASSWORD" using the smbpasswd command?
--
Todd Pfaff <pfaff at mcmaster.ca>
Research & High-Performance Computing Support
McMaster University, Hamilton, Ontario, Canada
http://www.rhpcs.mcmaster.ca/~pfaff
On Thu, 22 Feb 2007, Todd Pfaff wrote:
> We've recently started using samba-3.0.23d on Mandriva 2007.0 linux systems
> and we've noticed a change in behaviour of smbpasswd when a non-root user
> tries to change their password from "NO PASSWORD".
>
> Here's an example smbpasswd entry (all one line):
>
> testuser:12345:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:
> NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:[NU ]:LCT-00000000:
>
>
> The possibly related settings in our smb.conf are:
>
> encrypt passwords = yes
> security = user
> unix password sync = yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *password:* %n\n *password* %n\n *successfully*
> null passwords = no
>
>
> Since "null passwords = no" a user with "NO PASSWORD" should not be able to
> login to the samba account. That's working as expected.
>
> In past versions of samba, testuser could login to the linux account, run
> smbpasswd, enter an empty old password, and set a new password.
>
> Now when we try this we get this failure:
>
> [testuser at localhost ~]$ smbpasswd
> Old SMB password:
> New SMB password:
> Retype new SMB password:
> Could not connect to machine 127.0.0.1: NT_STATUS_LOGON_FAILURE
> Failed to change password for testuser
>
>
> Does anyone know why this failure is happening now?
>
> Was the behaviour of smbpasswd changed intentionally?
> If so, in what samba version did this change happen?
>
> Is there an alternative way to achieve the smbpasswd
> behaviour that we had in the past?
>
>
> Thanks,
> --
> Todd Pfaff <pfaff at mcmaster.ca>
> Research & High-Performance Computing Support
> McMaster University, Hamilton, Ontario, Canada
> http://www.rhpcs.mcmaster.ca/~pfaff
>
More information about the samba
mailing list