[Samba] Re: samba-3.0.23d, smbpasswd, and "NO PASSWORD" behaviour

Todd Pfaff pfaff at rhpcs.mcmaster.ca
Tue Feb 5 16:33:22 GMT 2008


Help! (pretty please :)

I'm still having the problem described below with samba-3.0.24.

Here's an excerpt from the smbpasswd man page:

    When run by an ordinary user with no  options,  smbpasswd  will  prompt
    them  for  their old SMB password and then ask them for their new pass
    word twice, to ensure that the new password  was  typed  correctly.  No
    passwords  will be echoed on the screen whilst being typed. If you have
    a blank SMB password (specified by the string "NO PASSWORD" in the smb
    passwd  file)  then  just press the <Enter> key when asked for your old
    password.

Is this samba documentation incorrect?
Or am I doing something incorrectly?

cheers,
Todd

> Date: Mon, 26 Feb 2007 15:59:44 -0500 (EST)
> From: Todd Pfaff <pfaff at rhpcs.mcmaster.ca>
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] Re: samba-3.0.23d, smbpasswd, and "NO PASSWORD" 
> behaviour
> 
> The way it's documented to work in the smbpasswd man page, and the way it 
> used to work for us with older samba releases is: when a user has a null 
> password, and smb.conf "null passwords = no", the user can _not_ make an smb 
> connection, but they _can_ set their samba password to something non-null by 
> running smbpasswd and entering an empty old password.
> In order to run smbpasswd the user must login to their linux account with 
> ssh, and that _does_ require a password.
> 
> So in fact this may be considered even more secure than what you're 
> suggesting because a new user has no ability to make smb connections to the 
> server until they have logged in to their linux account with a password and 
> run smbpasswd to set a samba password.
> 
> I realize that I could set an initial smb password for every user, but there 
> are situations where that is inconvenient, and since this null password 
> method did work perfectly well in the past without being a significant 
> security risk, it's now inconvenient that it no longer works as it did in the 
> past.
> 
> I'm trying to determine why the behaviour changed, or if it really didn't 
> change but I'm now doing something incorrectly on my samba server.
> And if it really did change then someone should fix the smbpasswd man page 
> accordingly, and maybe mention something in the release notes.
> 
> Regards,
> Todd
> 
> On Mon, 26 Feb 2007, Gary Dale wrote:
> 
>> The obvious question is, why would you want a null password to begin with? 
>> This seems to me to be a serious security problem.
>> 
>> If it's for new users, give them a temporary password through a secure 
>> channel and require them to change it the first time they log on.
>> 
>> 
>> Todd Pfaff wrote:
>>> I've had no responses to this question yet, and I'm still stuck with this 
>>> problem.  Can anybody help, please?
>>> 
>>> Is this a capability of samba that not many people take advantage of?
>>> 
>>> Or am I trying to do something that just isn't possible anymore?
>>> 
>>> Picking through a the level 10 debug log of smbd, I see this:
>>>
>>>   [2007/02/26 11:49:36, 3] auth/auth_sam.c:sam_password_ok(51)
>>>   Account for user 'testuser' has no password and null passwords are NOT
>>>   allowed.
>>>   [2007/02/26 11:49:36, 9]
>>>   passdb/passdb.c:pdb_update_bad_password_count(1373)
>>>   No bad password attempts.
>>>   [2007/02/26 11:49:36, 5] auth/auth.c:check_ntlm_password(273)
>>>   check_ntlm_password: sam authentication for user [testuser] FAILED with
>>>   error NT_STATUS_LOGON_FAILURE
>>> 
>>> 
>>> Is it no longer possible for a user to change their own samba password from 
>>> null "NO PASSWORD" using the smbpasswd command?
>>> 
>>> -- 
>>> Todd Pfaff <pfaff at mcmaster.ca>
>>> Research & High-Performance Computing Support
>>> McMaster University, Hamilton, Ontario, Canada
>>> http://www.rhpcs.mcmaster.ca/~pfaff
>>> 
>>> On Thu, 22 Feb 2007, Todd Pfaff wrote:
>>> 
>>>> We've recently started using samba-3.0.23d on Mandriva 2007.0 linux 
>>>> systems and we've noticed a change in behaviour of smbpasswd when a 
>>>> non-root user tries to change their password from "NO PASSWORD".
>>>> 
>>>> Here's an example smbpasswd entry (all one line):
>>>>
>>>>  testuser:12345:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:
>>>>  NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:[NU         ]:LCT-00000000:
>>>> 
>>>> 
>>>> The possibly related settings in our smb.conf are:
>>>>
>>>>  encrypt passwords = yes
>>>>  security = user
>>>>  unix password sync = yes
>>>>  passwd program = /usr/bin/passwd %u
>>>>  passwd chat = *password:* %n\n *password* %n\n *successfully*
>>>>  null passwords = no
>>>> 
>>>> 
>>>> Since "null passwords = no" a user with "NO PASSWORD" should not be able 
>>>> to login to the samba account.  That's working as expected.
>>>> 
>>>> In past versions of samba, testuser could login to the linux account, run 
>>>> smbpasswd, enter an empty old password, and set a new password.
>>>> 
>>>> Now when we try this we get this failure:
>>>>
>>>>  [testuser at localhost ~]$ smbpasswd
>>>>  Old SMB password:
>>>>  New SMB password:
>>>>  Retype new SMB password:
>>>>  Could not connect to machine 127.0.0.1: NT_STATUS_LOGON_FAILURE
>>>>  Failed to change password for testuser
>>>> 
>>>> 
>>>> Does anyone know why this failure is happening now?
>>>> 
>>>> Was the behaviour of smbpasswd changed intentionally?
>>>> If so, in what samba version did this change happen?
>>>> 
>>>> Is there an alternative way to achieve the smbpasswd
>>>> behaviour that we had in the past?
>>>> 
>>>> 
>>>> Thanks,
>>>> -- 
>>>> Todd Pfaff <pfaff at mcmaster.ca>
>>>> Research & High-Performance Computing Support
>>>> McMaster University, Hamilton, Ontario, Canada
>>>> http://www.rhpcs.mcmaster.ca/~pfaff
>>>> 
>>


More information about the samba mailing list