Chris Almond
2004-May-17 19:10 UTC
[Samba] samba 3.0.4 on SLES8: password sync will not work...(decode_pw_buffer: incorrect password length)
Has anyone got unix password sync for samba3.0.x running successfully on SLES8 server? Do I need the SLES service packs? Is there an interaction with PAM that I need to be aware of? I've compiled the full developer build of samba from 3.0.4-4 source. Compile was successful. I'm running tdbsam as password backend. I've troubleshooted quit a bit using google, docs, etc. as guide. Everytime I get same DEBUG output in the log file: [2004/05/17 09:44:08, 0] libsmb/smbencrypt.c:decode_pw_buffer(519) decode_pw_buffer: incorrect password length (-2013139859). [2004/05/17 09:44:08, 0] libsmb/smbencrypt.c:decode_pw_buffer(520) decode_pw_buffer: check that 'encrypt passwords = yes' and here is the DEBUG source code from smbencrypt.c generating the output above: /* Password cannot be longer than the size of the password buffer */ if ( (byte_len < 0) || (byte_len > 512)) { DEBUG(0, ("decode_pw_buffer: incorrect password length (%d).\n", byte_len)); DEBUG(0, ("decode_pw_buffer: check that 'encrypt passwords = yes'\n")); return False; } So somewhow the byte_len of the password buffer (first 4 bits of the buffer) is not being set correctly. I've played with many different passwd chat scripts - all leading to the same problem.
RRuegner
2004-May-17 19:37 UTC
[Samba] samba 3.0.4 on SLES8: password sync will not work...(decode_pw_buffer: incorrect password length)
Chris Almond schrieb:> Has anyone got unix password sync for samba3.0.x running successfully on > SLES8 server? Do I need the SLES service packs? Is there an > interaction with PAM that I need to be aware of? > > I've compiled the full developer build of samba from 3.0.4-4 source. > Compile was successful. I'm running tdbsam as password backend. I've > troubleshooted quit a bit using google, docs, etc. as guide. > > Everytime I get same DEBUG output in the log file: > > [2004/05/17 09:44:08, 0] libsmb/smbencrypt.c:decode_pw_buffer(519) > decode_pw_buffer: incorrect password length (-2013139859). > [2004/05/17 09:44:08, 0] libsmb/smbencrypt.c:decode_pw_buffer(520) > decode_pw_buffer: check that 'encrypt passwords = yes' > > and here is the DEBUG source code from smbencrypt.c generating the > output above: > > /* Password cannot be longer than the size of the password buffer */ > if ( (byte_len < 0) || (byte_len > 512)) { > DEBUG(0, ("decode_pw_buffer: incorrect password length > (%d).\n", byte_len)); > DEBUG(0, ("decode_pw_buffer: check that 'encrypt passwords = > yes'\n")); > return False; > } > > So somewhow the byte_len of the password buffer (first 4 bits of the > buffer) is not being set correctly. > > I've played with many different passwd chat scripts - all leading to the > same problem. > > >Hi you should use the suse rpms , from ftp.suse.com people gd , or get the latest smba packs from sernet ftp, yes and of course you have to change /etc/pam.d/login with something like this #%PAM-1.0 # password-sync # # A sample PAM configuration that shows the use of pam_smbpass to make # sure private/smbpasswd is kept in sync when /etc/passwd (/etc/shadow) # is changed. Useful when an expired password might be changed by an # application (such as ssh). auth requisite pam_nologin.so auth required pam_unix.so account required pam_unix.so password requisite pam_cracklib.so retry=3 password requisite pam_unix.so shadow md5 use_authtok try_first_pass password required pam_smbpass.so nullok use_authtok try_first_pass session required pam_unix.so ###################################################################################### so it will work, be aware that you will get failure if you client has the latest ms patches which breaks this feature, but it should be ok with the latest version of stable samba ( which you can get at sernets ftp ) Regards