Bug 2258 - smbpasswd backend, smbpasswd password changes undone with connect
Summary: smbpasswd backend, smbpasswd password changes undone with connect
Status: CLOSED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts (show other bugs)
Version: 3.0.10
Hardware: Sparc Solaris
: P3 critical
Target Milestone: none
Assignee: Gerald (Jerry) Carter (dead mail address)
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-01-19 10:10 UTC by Lieven Van Acker
Modified: 2005-08-24 10:17 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Lieven Van Acker 2005-01-19 10:10:16 UTC 
Sequence:

bash-2.05# grep ankerpos /usr/samba.moonrock/private/smbpasswd
ankerpos:921:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U
         ]:LCT-0

bash-2.05# /usr/samba.moonrock/bin/smbpasswd -c /usr/samba.moonrock/lib/smb.conf
ankerpos
New SMB password:

Retype new SMB password:

bash-2.05# grep ankerpos /usr/samba.moonrock/private/smbpasswd
ankerpos:921:4CD849F7C109C5D7B85EBEA904A749B9:1CC6D72446271E9697044BC68DB72678:[U
         ]:LCT-0

bash-2.05# smbclient -L moonrock.admin -U ankerpos
Password:

session setup failed: NT_STATUS_LOGON_FAILURE
bash-2.05# grep ankerpos /usr/samba.moonrock/private/smbpasswd
ankerpos:921:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U
         ]:LCT-0

smbd.conf (global section):

[global]
   printing = sysv
   printcap name = /etc/printcap
   load printers = yes
   guest account = nobody
   workgroup = WFW
   os level = 33
   encrypt passwords = yes
   security = user
   preserve case = yes
   hosts allow = 157.193. 193.190.80.0/255.255.248.0
   log file = /var/samba.moonrock/log/smb/log.%m
   log level = 3
   max log size = 500
   deadtime = 120
   dfree command=/usr/samba.moonrock/bin/dfree
   server string =
#   character set = utf-8
   unix charset = UTF8
#   dos charset = cp850
   socket address = 157.193.71.220
   interfaces = ce0
   bind interfaces only = yes
   pid directory = /var/samba.moonrock/run
   passdb backend = smbpasswd:/usr/samba.moonrock/private/smbpasswd


log.moonrock:

[2005/01/19 18:02:31, 3] auth/auth.c:check_ntlm_password(219)
  check_ntlm_password:  Checking password for unmapped user
[WFW]\[ankerpos]@[MOONROCK] with the new password interface
[2005/01/19 18:02:31, 3] auth/auth.c:check_ntlm_password(222)
  check_ntlm_password:  mapped user is: [MOONROCK]\[ankerpos]@[MOONROCK]
[2005/01/19 18:02:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/01/19 18:02:31, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/01/19 18:02:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/01/19 18:02:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2005/01/19 18:02:31, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2005/01/19 18:02:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2005/01/19 18:02:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/01/19 18:02:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/01/19 18:02:31, 3] libsmb/ntlm_check.c:ntlm_password_check(189)
  ntlm_password_check: NO NT password stored for user ankerpos.
[2005/01/19 18:02:31, 3] libsmb/ntlm_check.c:ntlm_password_check(356)
  ntlm_password_check: NEITHER LanMan nor NT password supplied for user ankerpos
[2005/01/19 18:02:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/01/19 18:02:31, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/01/19 18:02:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/01/19 18:02:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/01/19 18:02:31, 2] auth/auth.c:check_ntlm_password(312)
  check_ntlm_password:  Authentication for user [ankerpos] -> [ankerpos] FAILED
with error NT_STATUS_WRONG_PASSWORD
[2005/01/19 18:02:31, 3] smbd/process.c:timeout_processing(1335)
  timeout_processing: End of file from client (client has disconnected).
[2005/01/19 18:02:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/01/19 18:02:31, 2] smbd/server.c:exit_server(577)
  Closing connections
[2005/01/19 18:02:31, 3] smbd/connection.c:yield_connection(69)
  Yielding connection to
[2005/01/19 18:02:31, 3] smbd/server.c:exit_server(620)
  Server exit (normal exit)
[2005/01/19 18:05:32, 3] auth/auth.c:check_ntlm_password(219)
  check_ntlm_password:  Checking password for unmapped user
[WFW]\[ankerpos]@[MOONROCK] with the new password interface
[2005/01/19 18:05:32, 3] auth/auth.c:check_ntlm_password(222)
  check_ntlm_password:  mapped user is: [MOONROCK]\[ankerpos]@[MOONROCK]
[2005/01/19 18:05:32, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/01/19 18:05:32, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/01/19 18:05:32, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/01/19 18:05:32, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2005/01/19 18:05:32, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2005/01/19 18:05:32, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2005/01/19 18:05:32, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/01/19 18:05:32, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/01/19 18:05:32, 3] libsmb/ntlm_check.c:ntlm_password_check(189)
  ntlm_password_check: NO NT password stored for user ankerpos.
[2005/01/19 18:05:32, 3] libsmb/ntlm_check.c:ntlm_password_check(356)
  ntlm_password_check: NEITHER LanMan nor NT password supplied for user ankerpos
[2005/01/19 18:05:32, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/01/19 18:05:32, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/01/19 18:05:32, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/01/19 18:05:32, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/01/19 18:05:32, 2] auth/auth.c:check_ntlm_password(312)
  check_ntlm_password:  Authentication for user [ankerpos] -> [ankerpos] FAILED
with error NT_STATUS_WRONG_PASSWORD
[2005/01/19 18:05:32, 3] smbd/process.c:timeout_processing(1335)
  timeout_processing: End of file from client (client has disconnected).
[2005/01/19 18:05:32, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/01/19 18:05:32, 2] smbd/server.c:exit_server(577)
  Closing connections
[2005/01/19 18:05:32, 3] smbd/connection.c:yield_connection(69)
  Yielding connection to
[2005/01/19 18:05:32, 3] smbd/server.c:exit_server(620)
  Server exit (normal exit)
Comment 1 Gerald (Jerry) Carter (dead mail address) 2005-01-19 10:24:23 UTC 
This is actually by design due to the LCT == 0 in the 
smbpasswd entry.  Please read the release notes for 3.0.2a.  
Are you perhaps using an older release of the smbpasswd 
tool ?
Comment 2 Lieven Van Acker 2005-01-19 11:35:56 UTC 
> Are you perhaps using an older release of the smbpasswd 
> tool ?

we are using a centralised system to generate smbpasswd files. Thanks for the
hint. I guess this bug can be closed now. We will have to modify this generation
script.

Regards
Comment 3 Gerald (Jerry) Carter (dead mail address) 2005-02-07 07:34:49 UTC 
originally reported against 3.0.11pre1.  Moving back to version to 3.0.10 
to remove preX and rcX versions.
Comment 4 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:17:42 UTC 
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.