[Samba] Sudden authentication failures, hex dumps in log.samba

[Pekka L.J. Jalkanen]

On 14.5.2013 19:31, Andrew Bartlett wrote:
> On Tue, 2013-05-14 at 11:04 +0300, Pekka L.J. Jalkanen wrote:
>> On 14.5.2013 8:04, Andrew Bartlett wrote:
>>> The issue is the same
>>> for all of these accounts.  We simply have a password encoded in a
>>> format that we do not correctly parse.  The 00 20 stuff is literally
>>> some unicode space (ie the spacebar, yes!) padding that is in this
>>> structure.  
>>
>> Huh?! Now I'm surprised, both about that there is such a parsing problem
>> and that the problem is _that_ trivial.
>>
>> Shouldn't this mean that I can most likely work the problem away by
>> simply changing the passwords of these users? Now that would be great
>> news indeed!
> 
> Yes, if I'm understanding it correctly. 

OK, I'll ask some of them to change their password, and then see what
will happen. Thank you!

(The account migration between domains was done earlier this year, but
the accounts were temporarily marked as having never expiring passwords
so that no password changes would be imposed in the process. Perhaps the
whole issue wouldn't exist if this hadn't been done...)

>>> I need to get both and encrypted copy of the data and some time to work
>>> over it, so we can correct this issue in our IDL. 
>>
>> You already have a complete copy of our Samba DC's DB due to that
>> exportkeytab issue. I can send you nonsanitised logs separately so that
>> you can see the relevant account names. Is that enough, or do you need
>> me to try to make an actual packet capture of this problem?
> 
> The exportkeytab issue is the same issue.  You are just seeing the same
> failure to read the password for a particular account in multiple ways. 

Oh. Well, now I'm understanding it all much better (or I at least hope
that I do now). Thank you for explaining this!

And thanks for replying--that reminded me that I forgot to send that log
file to you. Will do so promptly.

Pekka L.J. Jalkanen