[Samba] Re: samba-3.0.23d, smbpasswd, and "NO PASSWORD" behaviour

Todd Pfaff pfaff at rhpcs.mcmaster.ca
Mon Feb 26 17:06:31 GMT 2007 

I've had no responses to this question yet, and I'm still stuck with this 
problem.  Can anybody help, please?

Is this a capability of samba that not many people take advantage of?

Or am I trying to do something that just isn't possible anymore?

Picking through a the level 10 debug log of smbd, I see this:

   [2007/02/26 11:49:36, 3] auth/auth_sam.c:sam_password_ok(51)
   Account for user 'testuser' has no password and null passwords are NOT
   allowed.
   [2007/02/26 11:49:36, 9]
   passdb/passdb.c:pdb_update_bad_password_count(1373)
   No bad password attempts.
   [2007/02/26 11:49:36, 5] auth/auth.c:check_ntlm_password(273)
   check_ntlm_password: sam authentication for user [testuser] FAILED with
   error NT_STATUS_LOGON_FAILURE


Is it no longer possible for a user to change their own samba password 
from null "NO PASSWORD" using the smbpasswd command?

--
Todd Pfaff <pfaff at mcmaster.ca>
Research & High-Performance Computing Support
McMaster University, Hamilton, Ontario, Canada
http://www.rhpcs.mcmaster.ca/~pfaff

On Thu, 22 Feb 2007, Todd Pfaff wrote:

> We've recently started using samba-3.0.23d on Mandriva 2007.0 linux systems 
> and we've noticed a change in behaviour of smbpasswd when a non-root user 
> tries to change their password from "NO PASSWORD".
>
> Here's an example smbpasswd entry (all one line):
>
>  testuser:12345:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:
>  NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:[NU         ]:LCT-00000000:
>
>
> The possibly related settings in our smb.conf are:
>
>  encrypt passwords = yes
>  security = user
>  unix password sync = yes
>  passwd program = /usr/bin/passwd %u
>  passwd chat = *password:* %n\n *password* %n\n *successfully*
>  null passwords = no
>
>
> Since "null passwords = no" a user with "NO PASSWORD" should not be able to 
> login to the samba account.  That's working as expected.
>
> In past versions of samba, testuser could login to the linux account, run 
> smbpasswd, enter an empty old password, and set a new password.
>
> Now when we try this we get this failure:
>
>  [testuser at localhost ~]$ smbpasswd
>  Old SMB password:
>  New SMB password:
>  Retype new SMB password:
>  Could not connect to machine 127.0.0.1: NT_STATUS_LOGON_FAILURE
>  Failed to change password for testuser
>
>
> Does anyone know why this failure is happening now?
>
> Was the behaviour of smbpasswd changed intentionally?
> If so, in what samba version did this change happen?
>
> Is there an alternative way to achieve the smbpasswd
> behaviour that we had in the past?
>
>
> Thanks,
> --
> Todd Pfaff <pfaff at mcmaster.ca>
> Research & High-Performance Computing Support
> McMaster University, Hamilton, Ontario, Canada
> http://www.rhpcs.mcmaster.ca/~pfaff
>

More information about the samba mailing list