Bug 6584 - smbpasswd -r -U report RPC fault
Summary: smbpasswd -r -U report RPC fault
Alias: None
Product: Samba 3.4
Classification: Unclassified
Component: Client Tools (show other bugs)
Version: 3.4.0
Hardware: All All
: P3 major
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
Depends on:
Reported: 2009-07-29 01:05 UTC by Zhou Weikuan
Modified: 2009-09-02 04:02 UTC (History)
0 users

See Also:
metze: review+

split domain/name in advance (3.43 KB, patch)
2009-08-30 10:55 UTC, Simo Sorce
no flags Details
revised version of that patch (tested and pushed to master) (2.04 KB, patch)
2009-09-02 03:21 UTC, Guenther Deschner
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Zhou Weikuan 2009-07-29 01:05:38 UTC
The steps to repro this problem:
0) configure the environment, use net ads join to join a win2k3 domain
1) smbpasswd -a user   (user must be a local unix account name)
2) smbpasswd -r machine -U machine/user

it reports:
#/usr/local/samba/bin/smbpasswd -r diablo -U diablo/weikuan
Old SMB password:
New SMB password:
Retype new SMB password:
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from host diablo!
machine diablo rejected the password change: Error was : NT code 0x1c010002.

This problem doesn't occur for samba-3.0.27a, it does occur for samba-3.3.6

We suspect it is caused by command line parser or RPC parser's problem.
Comment 1 Zhou Weikuan 2009-07-29 01:08:49 UTC
I think the root cause is: when we smbpasswd -r machine -U machine/user, the user is recognised as "machine/user", acctually, it should be "user".

Function libsmb/ntlmssp.c:ntlmssp_server_auth() is called twice each time we
user smbpasswd -r -U to update the password. in the first time, the parser
works good, domain="machine", workstation="machine", user="user", but in the
second time, domain="", workstation="machine", user="machine/user", this causes
the request to be resent to 2k3 domain to search user "machine/user", RPC fault

When we update the function, detect whether domain="" and user contains "/",
and then split the content of user into domain and user, the RPC fault doesn't occur, it becomes:

shell> sudo smbpasswd -r machine -U machine/user2
Old SMB password:
New SMB password:
Retype new SMB password:
machine machine rejected the password change: Error was : No such user.

Check the log, this is because function smbd/chgpasswd.c:check_oem_passwd is
passed in a user as "machine/user", after we split the user, and assign the
user with "user", the password for "user" is updated accordingly.

We can't fix the bug as the resolution above, it is too rough, the correct
solution should be somewhere on some parser.
Comment 2 Simo Sorce 2009-08-30 10:55:02 UTC
Created attachment 4613 [details]
split domain/name in advance

Can you please test this patch ?
It should fix your problem.
Comment 3 Guenther Deschner 2009-09-02 03:21:09 UTC
Created attachment 4622 [details]
revised version of that patch (tested and pushed to master)

Simo, I tested that patch and needed to make some small modifications to make it work. Its pushed to master now.
Comment 4 Guenther Deschner 2009-09-02 03:40:31 UTC
Karolin, please pick for 3.4
Comment 5 Karolin Seeger 2009-09-02 04:02:30 UTC
Closing out bug report.