[Samba] ldapsam cannot find NT password hash

David Kowis david at kow.is
Sat May 25 18:29:37 UTC 2019


Hello!

I've been digging at this one for several days now, and haven't been
able to figure out what's going on. Google searches haven't been
particularly helpful, so maybe I am searching the wrong words.

My LDAP server has the proper schema, and I have an attribute for my
user: https://imgur.com/VRbM7s9 (yeah I know the password hash is there,
but I don't care, because this won't exist)

It shows up in pdbedit -L

root at freenas[~]# pdbedit -L
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
lp_load_ex: refreshing parameters
Initialising global parameters
Processing section "[global]"
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=NOSGOTH))]
StartTLS issued: using a TLS connection
smbldap_open_connection: connection opened
ldap_connect_system: successful connection to the LDAP server
smbldap_search_paged: base => [dc=dark,dc=kow,dc=is], filter =>
[(&(uid=*)(objectclass=sambaSamAccount))],scope => [2], pagesize => [1000]
smbldap_search_paged: search was successful
nobody:65534:Unprivileged user
init_sam_from_ldap: Entry found for user: Administrator
Administrator:90000002:Administrator
init_sam_from_ldap: Entry found for user: dkowis
dkowis:10001:David
init_sam_from_ldap: Entry found for user: butts
butts:90000004:butts <-- this one

However, the NtPassword hash does not show up in pdbedit -L -vw

init_sam_from_ldap: Entry found for user: butts
---------------
Unix username:        butts
NT username:          butts
Account Flags:        [U          ]
User SID:             S-1-5-21-3154784271-1170687896-3522057148-1005
Primary Group SID:    S-1-5-21-3154784271-1170687896-3522057148-513
Full Name:            butts
Home Directory:       \\freenas\butts
HomeDir Drive:
Logon Script:
Profile Path:         \\freenas\butts\profile
Domain:               NOSGOTH
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          never
Kickoff time:         never
Password last set:    0
Password can change:  0
Password must change: 0
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
LM hash             : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
NT hash             : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX


All authentication attempts either from windows or from linux smbclient
result in NT_STATUS_WRONG_PASSWORD
Logs: https://hastebin.com/cexudifino.js (ignore the silly extensions)

I'm very confused as to what's going on. When I debug my LDAP server, I
never see a query to load the NT password hash, but I do see attribute
requests for all the other elements here.

I'm hoping that this is a simple configuration problem, but I'm not sure.

Running on FreeNAS 11 and my smb.conf (via testparm -v) is here
https://termbin.com/v748

Thanks in advance for your help!

--
David Kowis




More information about the samba mailing list