The Samba-Bugzilla – Bug 537
Incorrect behaviour on 'long' (14 character) passwords
Last modified: 2005-08-24 10:19:36 UTC
I cannot change user password (with ctrl+alt+del from w2k) if my OLD password >
smbldap_search_suffix: searching for:[(&(uid=tiamat)
[2003/09/30 18:14:39, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462)
init_sam_from_ldap: Entry found for user: tiamat
[2003/09/30 18:14:39, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 1
[2003/09/30 18:14:39, 0] smbd/chgpasswd.c:check_oem_password(827)
check_oem_password: incorrect password length (-1274909167).
With smbpasswd it works:
# smbpasswd -U tiamat -r server
Old SMB password:
New SMB password:
Retype new SMB password:
Password changed for user tiamat on server.
I run samba CVS 3.0.1pre1 on FreeBSD sparc64.
I check this bug with samba CVS 3.0.1pre1 on FreeBSD 5.1 (sparc64 and i386).
Samba act as PDC with ldapsam backend.
I cannot change user password from Win2k workstations with ctrl+alt+del, if
length of the current password is more than 14 symbols.
1. set user password to 'passwd'.
2. login to Win2k workstation, press alt+ctrl+del and success change
password from 'passwd' to 'verylongpassword'.
3.again alt+ctrl+del and try change password from 'verylongpassword' to
'passwd' - get error:
The User name or old password is incorrect. Letters in password must be
typed using the correct case. Make sure that Caps Lock is not accidentaly
In samba logs (i try i386 and sparc64) i see same errors:
[2003/10/01 09:09:16, 0] smbd/chgpasswd.c:check_oem_password(827)
check_oem_password: incorrect password length (456509439).
i can successfully change the user password with smbpasswd -U user -r server
(server i386 or sparc64):
$ smbpasswd -U user -r server
Old SMB password: verylongpassword
New SMB password: passwd
Retype new SMB password: passwd
Password changed for user user on server.
From what I understand, Win2k handles long passwords by simply not using the LM
password at all. It is not included in the password change request, and not
stored in the SAM.
We check the LM password first, and trucate long passwords. This is the
incorrect way to handle this, and causes this error.
reseting target milestone. 3.0.1 has been frozen. WIll have to
fixed in latest 3.0 CVS code
samba 3.0.2 include fix ?
Thanks a lot!
This is not in 3.0.2, but in 3.0 CVS (we branched the code to avoid taking this
There are still some more '14 char' issues to sort however...
- Ensure we do not send the (weak, 14-character effective length) password as a
- Fix smbpasswd to talk to a Samba server, with correct NTLMSSP for the NULL
- Don't use the LanMan password change for >14 passwords.
Whenever we are after an LM password we need to call
E_deshash() directly, and if the BOOL return is False, then the password has
been truncated. We can't strlen it directly, as we need the length in the DOS
Most of samba calls other 'helper' functions, like nt_lm_owf_gen() and
SMBencrypt, and this needs to be fixed.
*** Bug 1210 has been marked as a duplicate of this bug. ***
Patch for the final issue here is in SVN (don't use a null session, and avoid
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.