samba - Jun 2007 - decode_pw_buffer: incorrect password length

Hello list

I have a problem that i am confronting for long time and i dont get a result.
We use samba 3.0.24 (also tried other versions) with openldap and the  
smbldap-tools  on Suse Linux SLES9.
We use openldap for user authentikation for samba (objectClass:  
sambaSamAccount) and other application like email, apache, squid  
(objectClass: shadowAccount and objectClass: posixAccount).

My scope is to have syncroniced the passwords and the expire-date for   
samba- and shadow-Accounts.

My problem: when a user changes his password from a windows-client  
(xp) he get an error like "The User name or old password is incorrect.  
Letters in passwords must be typed using the correct case."

The strange is that the server *did* change both Linux and Windows
passwords and the shadowLastChange and  sambaPwdLastSet attributes also.
So all is ok anly i get this "stupid" message.

In the samba-logs i see this:

[2007/06/18 08:59:08, 0] libsmb/smbencrypt.c:decode_pw_buffer(520)
   decode_pw_buffer: incorrect password length (-1582166334).
[2007/06/18 08:59:08, 0] libsmb/smbencrypt.c:decode_pw_buffer(521)
   decode_pw_buffer: check that 'encrypt passwords = yes'

in my smb.conf i have :       unix password sync = Yes

Is this a bug ?
Other tips?

Thank you in advanced
luis

On Mon, 2007-06-18 at 10:54 +0200, alois blasbichler
wrote:
> Hello list
> 
> I have a problem that i am confronting for long time and i dont get a
result.
> We use samba 3.0.24 (also tried other versions) with openldap and the  
> smbldap-tools  on Suse Linux SLES9.
> We use openldap for user authentikation for samba (objectClass:  
> sambaSamAccount) and other application like email, apache, squid  
> (objectClass: shadowAccount and objectClass: posixAccount).
> 
> My scope is to have syncroniced the passwords and the expire-date for   
> samba- and shadow-Accounts.
> 
> My problem: when a user changes his password from a windows-client  
> (xp) he get an error like "The User name or old password is incorrect.
> Letters in passwords must be typed using the correct case."
> 
> The strange is that the server *did* change both Linux and Windows
> passwords and the shadowLastChange and  sambaPwdLastSet attributes also.
> So all is ok anly i get this "stupid" message.
So, do you have a problem or not?
> In the samba-logs i see this:
> 
> [2007/06/18 08:59:08, 0] libsmb/smbencrypt.c:decode_pw_buffer(520)
>    decode_pw_buffer: incorrect password length (-1582166334).
> [2007/06/18 08:59:08, 0] libsmb/smbencrypt.c:decode_pw_buffer(521)
>    decode_pw_buffer: check that 'encrypt passwords = yes'
> 
> in my smb.conf i have :       unix password sync = Yes
> 
> Is this a bug ?
These messages indicate that the old password was incorrect, and as such
we have been unable to decrypt the new one (the new password is passed
encrypted with the old one).

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20070618/6d14ce2c/attachment.bin

alois blasbichler escribi?:
> In the samba-logs i see this:
> 
> [2007/06/18 08:59:08, 0] libsmb/smbencrypt.c:decode_pw_buffer(520)
>   decode_pw_buffer: incorrect password length (-1582166334).
> [2007/06/18 08:59:08, 0] libsmb/smbencrypt.c:decode_pw_buffer(521)
>   decode_pw_buffer: check that 'encrypt passwords = yes'
> 
> in my smb.conf i have :       unix password sync = Yes
I have a similar setup with thi settings:

pam password change = no
encrypt passwords = true
unix password sync = no
ldap password sync = yes

It works well, since my users are all ldap+samba based. The 'ldap password
sync' updates
both passwords well. See the manpage of smb.conf for info about this setting.

Regards.

>> [2007/06/18 08:59:08, 0] libsmb/smbencrypt.c:decode_pw_buffer(520)
>> decode_pw_buffer: incorrect password length (-1582166334).
>> [2007/06/18 08:59:08, 0] libsmb/smbencrypt.c:decode_pw_buffer(521)
>> decode_pw_buffer: check that 'encrypt passwords = yes'
>>
>> in my smb.conf i have :       unix password sync = Yes
>
> I have a similar setup with thi settings:
>
> pam password change = no
> encrypt passwords = true
> unix password sync = no
> ldap password sync = yes
>
> It works well, since my users are all ldap+samba based. The 'ldap  
> password sync' updates both passwords well. See the manpage of  
> smb.conf for info about this setting.
Thank you

With your settings for me too it works well, except the attribute   
"shadowLastChange" was not updated. This i need for my other  
applications (like squid, email, apache) for password-expire.

So i inserted unix password sync = Yes , and  now also the attribute   
"shadowLastChange" was updated, but now i get an error-message when i
change my password under Windows xp  and in the log i see the error  
like above (although all attributes were changed rigth).

Other suggestions?
Regards luis