[Samba] Strange NT_STATUS_PASSWORD errors after upgrade to 3.0.26a

Duncan Brannen dbb at st-andrews.ac.uk
Thu Nov 15 17:04:18 GMT 2007 

It does look like samba > 3.0.23c now writes extra info into the 
sambaDomain object in ldap (?)

sambaPwdHistoryLength: 0
sambaMaxPwdAge: -1
sambaMinPwdAge: 0
sambaLockoutThreshold: 0
sambaMinPwdLength: 5

but that looks like it shouldn't be expiring passwords ( -1 )

Should it?

  Cheers,
             Duncan


Duncan Brannen wrote:
>
>
> Hi,
>       I just upgraded one of our samba BDC's (with LDAP back end on 
> solaris 10) from 3.0.23c to
> 3.0.26a and can no longer mount shares.
>
> The error message I'm seeing in the samba logs is
> [2007/11/15 14:15:26, 1] auth/auth_sam.c:sam_account_ok(172)
>  sam_account_ok: Account for user 'dbb' password must change!.
> [2007/11/15 14:15:26, 3] auth/auth_winbind.c:check_winbind_security(80)
>  check_winbind_security: Not using winbind, requested domain 
> [CLASSROOM] was for this SAM.
> [2007/11/15 14:15:26, 2] auth/auth.c:check_ntlm_password(319)
>  check_ntlm_password:  Authentication for user [dbb] -> [dbb] FAILED 
> with error NT_STATUS_PASSWORD_MUST_CHANGE
> [2007/11/15 14:15:26, 3] smbd/error.c:error_packet_set(106)
>  error packet at smbd/sesssetup.c(1489) cmd=115 (SMBsesssetupX) 
> NT_STATUS_PASSWORD_MUST_CHANGE
>
>
> I tried reinstalling 3.0.23c and now get
>
>
>  init_sam_from_ldap: Entry found for user: dbb
> [2007/11/15 16:28:13, 1] auth/auth_sam.c:sam_account_ok(178)
>  sam_account_ok: Account for user 'dbb' password expired!.
> [2007/11/15 16:28:13, 1] auth/auth_sam.c:sam_account_ok(179)
>  sam_account_ok: Password expired at 'Mon, 16 Feb 1970 08:06:40 BST' 
> (4000000) unix time.
> [2007/11/15 16:28:13, 3] auth/auth_winbind.c:check_winbind_security(80)
>  check_winbind_security: Not using winbind, requested domain 
> [CLASSROOM] was for this SAM.
> [2007/11/15 16:28:13, 2] auth/auth.c:check_ntlm_password(319)
>  check_ntlm_password:  Authentication for user [dbb] -> [dbb] FAILED 
> with error NT_STATUS_PASSWORD_EXPIRED
>
>
> Any thoughts?  It worked fine earlier.  I've tried deleting all the 
> var/locks tdb files and the private/*.tdb files, resetting the SID and 
> smbpassword
> but it doesn't seem to help.  Reasoning for this is there seemed to be 
> a new Account Policy entry appear in the gencache.tdb file to do with
> password age after the upgrade.
>
> There isn't anything set in the samba attributes of the ldap accounts 
> to do with password expiry so it's all default.
>
> Cheers,
>             Duncan
>

More information about the samba mailing list