[Samba] samba(3.6.4), with LDAP backend and sambapasswordhistory issue

Kevin Taylor groucho.64738 at hotmail.com
Tue May 8 07:28:27 MDT 2012 


Ok, here's an update. I recreated a user account and started changing the password on it, and now I'm seeing passwords stored in the sambapasswordhistory field. Each time I change it another one is stored.

Then, suddenly, the entire sambapasswordhistory entry is wiped clean and it's only storing the latest password. Each subsequent password change is only storing the latest password.

Seems like a buffer overflow maybe? If I modify the history length in the password policy, it looks like it starts working again for a bit.

I'm using Sun DSEE 7 as the ldap server and using the netscape5.ldif file. 



> From: groucho.64738 at hotmail.com
> To: samba at lists.samba.org
> Date: Tue, 8 May 2012 08:21:04 -0400
> Subject: Re: [Samba] samba(3.6.4), with LDAP backend and sambapasswordhistory issue
> 
> 
> 
> I'm still trying to track this down, to see if I can offer any further info. Increasing the log level shows that all of the history requests are happening in pdb_ldap.c, but I don't know that I saw where it was setting the history during a password change.
> 
> I'm also seeing a lot of 'Failed to get password history for user' messages. I'm not sure why samba can't get that information. I don't see any errors in the ldap server logs, but I might try to read them a little closer to see if something is being blocked.
> 
> Is there a samba command to display the user password history directly, and maybe I can see a different error?
> 
> 
> 
> > From: groucho.64738 at hotmail.com
> > To: samba at lists.samba.org
> > Date: Fri, 4 May 2012 14:05:54 -0400
> > Subject: [Samba] samba(3.6.4),	with LDAP backend and sambapasswordhistory issue
> > 
> > 
> > 
> > We would like to have password history working in our setup which is samba with Sun Directory Services 7.0 on the backend. Everything else seems to be working ok, but I notice that the sambapasswordhistory entry for any particular user is filled with 0's.
> > 
> > If I set the password for the account, then it's 16 0's, followed by a copy of the password hash, and the rest 0's.
> > 
> > If I change the password to something else, the history entry stays the same.
> > 
> > If I change the password back to the original, the second password hash that I entered isn't stored along with the original. It's 0's.
> > 
> > I've seen online that someone had this issue in 2005, but I didn't see any responses to this. Has anyone seen this or have a suggestion of what I can try?
> > 
> > Thanks for the help. 
> > 
> > 
> > we're using a history of 24 in case it matters...maybe that's a problem, should it be 23?
> > 
> > 
> >  		 	   		  
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
>  		 	   		  
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list