[Samba] Strange NT_STATUS_PASSWORD errors after upgrade to 3.0.26a
Duncan Brannen
dbb at st-andrews.ac.uk
Thu Nov 15 17:04:18 GMT 2007
It does look like samba > 3.0.23c now writes extra info into the
sambaDomain object in ldap (?)
sambaPwdHistoryLength: 0
sambaMaxPwdAge: -1
sambaMinPwdAge: 0
sambaLockoutThreshold: 0
sambaMinPwdLength: 5
but that looks like it shouldn't be expiring passwords ( -1 )
Should it?
Cheers,
Duncan
Duncan Brannen wrote:
>
>
> Hi,
> I just upgraded one of our samba BDC's (with LDAP back end on
> solaris 10) from 3.0.23c to
> 3.0.26a and can no longer mount shares.
>
> The error message I'm seeing in the samba logs is
> [2007/11/15 14:15:26, 1] auth/auth_sam.c:sam_account_ok(172)
> sam_account_ok: Account for user 'dbb' password must change!.
> [2007/11/15 14:15:26, 3] auth/auth_winbind.c:check_winbind_security(80)
> check_winbind_security: Not using winbind, requested domain
> [CLASSROOM] was for this SAM.
> [2007/11/15 14:15:26, 2] auth/auth.c:check_ntlm_password(319)
> check_ntlm_password: Authentication for user [dbb] -> [dbb] FAILED
> with error NT_STATUS_PASSWORD_MUST_CHANGE
> [2007/11/15 14:15:26, 3] smbd/error.c:error_packet_set(106)
> error packet at smbd/sesssetup.c(1489) cmd=115 (SMBsesssetupX)
> NT_STATUS_PASSWORD_MUST_CHANGE
>
>
> I tried reinstalling 3.0.23c and now get
>
>
> init_sam_from_ldap: Entry found for user: dbb
> [2007/11/15 16:28:13, 1] auth/auth_sam.c:sam_account_ok(178)
> sam_account_ok: Account for user 'dbb' password expired!.
> [2007/11/15 16:28:13, 1] auth/auth_sam.c:sam_account_ok(179)
> sam_account_ok: Password expired at 'Mon, 16 Feb 1970 08:06:40 BST'
> (4000000) unix time.
> [2007/11/15 16:28:13, 3] auth/auth_winbind.c:check_winbind_security(80)
> check_winbind_security: Not using winbind, requested domain
> [CLASSROOM] was for this SAM.
> [2007/11/15 16:28:13, 2] auth/auth.c:check_ntlm_password(319)
> check_ntlm_password: Authentication for user [dbb] -> [dbb] FAILED
> with error NT_STATUS_PASSWORD_EXPIRED
>
>
> Any thoughts? It worked fine earlier. I've tried deleting all the
> var/locks tdb files and the private/*.tdb files, resetting the SID and
> smbpassword
> but it doesn't seem to help. Reasoning for this is there seemed to be
> a new Account Policy entry appear in the gencache.tdb file to do with
> password age after the upgrade.
>
> There isn't anything set in the samba attributes of the ldap accounts
> to do with password expiry so it's all default.
>
> Cheers,
> Duncan
>
More information about the samba
mailing list