[Samba] Prevent smbpasswd lan manager field change
rjansen at vub.ac.be
Mon Apr 12 08:31:58 MDT 2010
We recently upgraded an old samba 3.0.10 to 3.4.6 due to broken quota when
moving from Veritas to NFS mounts from a Cellera EMC.
Our samba passwd backend is a smbpasswd file.
This file is generated from a database via some scripts.
Recently we see that some PC clients manage to change the LANMAN field in
the smbpasswd file.
get changed to
Remarkably the Windows NT password hash remains the same.
It seems that the LANMAN password hash get's "zeroed" somehow.
Users do NOT have access to the smbpasswd binary, so it's via a client
(verified this via a Win 7 client trying to change a Samba share passwd)
Can anyone shed some light on why this happens in the 3.4.6 version ?
We actually do not want this to happen as the smbpasswd file is getting
out of sync with our database.
As far as I understand all the smb.conf options with their default setting
should prevent changes in the smbpasswd file.
Here's our smb.conf:
# Global parameters
server string = ACME Samba
log level = 01
log file = /tmp/SAMBA/logs/log.%m
max log size = 200
name resolve order = lmhosts host wins bcast
socket options = TCP_NODELAY SO_KEEPALIVE
load printers = No
dns proxy = No
ldap ssl = no
create mask = 0600
directory mask = 0700
hosts allow = <obfuscated>
delete readonly = Yes
passdb backend = smbpasswd
comment = Home Directories
read only = No
map system = Yes
map hidden = No
browseable = No
dos filemode = Yes
comment = All Printers
path = /usr/spool/samba
printable = Yes
browseable = No
Thanks in advance
Computer Center VUB/ULB (VUBnet)
Ing. Robert Jansen
email: rjansen at vub.ac.be
More information about the samba