[Samba] Sudden authentication failures, hex dumps in log.samba

Pekka L.J. Jalkanen pekka.jalkanen at vihreat.fi
Tue May 14 02:04:02 MDT 2013

On 14.5.2013 8:04, Andrew Bartlett wrote:
> On Mon, 2013-05-13 at 14:24 +0300, Pekka L.J. Jalkanen wrote:
>>> Any ideas how to resolve this problem?
>> No comments, it seems.
>> I can see that even if this is a bug in Samba it would be really hard to
>> reproduce. But it's really frustrating too, because if the
>> authentication isn't reliable I sort of have to keep the Windows DC around.
>> So if somebody would have an enlightened suggestion what to do, I'd be
>> grateful.
>> The only idea I'm having myself would be to recreate the machine
>> accounts of the computers in question, but that'd be just a shot in the
>> dark, and if the problem lies within the user accounts instead, that
>> wouldn't help.
> G'Day,
> I'm sorry I haven't been able to get back to you.

Please don't. I've had all too many questions for you already. Thank you
for your patience with me!

> The issue is the same
> for all of these accounts.  We simply have a password encoded in a
> format that we do not correctly parse.  The 00 20 stuff is literally
> some unicode space (ie the spacebar, yes!) padding that is in this
> structure.  

Huh?! Now I'm surprised, both about that there is such a parsing problem
and that the problem is _that_ trivial.

Shouldn't this mean that I can most likely work the problem away by
simply changing the passwords of these users? Now that would be great
news indeed!

> I need to get both and encrypted copy of the data and some time to work
> over it, so we can correct this issue in our IDL. 

You already have a complete copy of our Samba DC's DB due to that
exportkeytab issue. I can send you nonsanitised logs separately so that
you can see the relevant account names. Is that enough, or do you need
me to try to make an actual packet capture of this problem?

Pekka L.J. Jalkanen

More information about the samba mailing list