Horanburg, Chadd (ISS Southfield)
2001-Jan-05 10:24 UTC
Users can't change their own password...
Hello, I've recently put Samba into production, and while I do love it, I am having a problem I can not figure out. It comes when a regular user tries to change their password. I have dug through the FAQ's I could find, and also looked through a few trouble shooting sections. Everything they suggest checks out. The server as a whole works great. If I log in as root and change a users password, that works fine. However, a user is unable to. As for the basic info, this is running on an Intel platform, using Solaris 7 (X86). I am using Samba 2.0.7. Below I have pasted the Global Section, minus a few lines taken out for security. And below that is some excerpts from the logs, along with the command I ran, minus the actual userid. If anyone has any ideas, I would love to hear them. I'm open to anything at this point. You can reach me at choranburg@iss.net A sincere thanks, Chadd ******<Excerpts from [GLOBAL] [global] workgroup = #<blank> we don't use standard NT networking.... netbios name = xxxxxxx encrypt passwords = Yes allow trusted domains = No restrict anonymous = Yes debug level = 3 log file = /var/adm/samba/log max log size = 2000 logon drive = H: local master = No guest account valid users = +xxxxx admin users = xxxxxxxxxx #(my account) read list = +xxxxx write list = +xxxxx my userid is currently 10 digits, would that cause a problem? I've tried smaller userids, legal on both Sun and NT as far as I know. *******<Command string used> % /usr/local/samba/bin/smbpasswd doing parameter log file = /var/adm/samba/log doing parameter max log size = 2000 doing parameter logon drive = H: doing parameter local master = No doing parameter guest account = doing parameter valid users = +xxxxx doing parameter admin users = xxxxxxxxxx (my account) doing parameter read list = +xxxxx doing parameter write list = +xxxxx pm_process() returned Yes added interface ip=xxx.xxx.xxx.xxx bcast=xxx.xxx.xxx.255 nmask=255.255.255.0 Old SMB password: New SMB password: Retype new SMB password: Connecting to 127.0.0.1 at port 139 machine 127.0.0.1 rejected the session setup. Error was : ERRSRV - ERRbadpw (Bad password - name/password pair in a Tree Connect or Session Setup are invalid.). Failed to change password for xxxxxxxxxx *******<Excerpt from the Logs, my guess as to what the problem is.> [2000/11/22 04:23:07, 3] param/loadparm.c:lp_load(2805) pm_process() returned Yes [2000/11/22 04:23:07, 3] param/loadparm.c:lp_add_ipc(1594) adding IPC service [2000/11/22 04:23:07, 2] lib/interface.c:add_interface(83) added interface ip=xxx.xxx.xxx.xxx bcast=xxx.xxx.xxx.255 nmask=255.255.255.0 [2000/11/22 04:23:07, 0] lib/util_sock.c:set_socket_options(151) Failed to set socket option SO_KEEPALIVE (Error Bad file number) [2000/11/22 04:23:07, 0] lib/util_sock.c:set_socket_options(151) Failed to set socket option TCP_NODELAY (Error Bad file number) [2000/11/22 04:23:07, 2] smbd/server.c:main(746) Changed root to / [2000/11/22 04:23:07, 3] smbd/oplock.c:open_oplock_ipc(86) open_oplock_ipc: opening loopback UDP socket. [2000/11/22 04:23:07, 3] lib/util_sock.c:open_socket_in(875) bind succeeded on port 0 [2000/11/22 04:23:07, 3] smbd/oplock.c:open_oplock_ipc(114) open_oplock ipc: pid = 8517, global_oplock_port = 32805 [2000/11/22 04:23:07, 3] smbd/process.c:process_smb(618) Transaction 0 of length 76 [2000/11/22 04:23:07, 2] smbd/reply.c:reply_special(97) netbios connect: name1=127.0.0.1 name2=SERVER [2000/11/22 04:23:07, 3] smbd/process.c:process_smb(618) Transaction 1 of length 168 [2000/11/22 04:23:07, 3] smbd/process.c:switch_message(448) switch message SMBnegprot (pid 8517) [2000/11/22 04:23:07, 3] smbd/negprot.c:reply_negprot(341) Requested protocol [PC NETWORK PROGRAM 1.0] [2000/11/22 04:23:07, 3] smbd/negprot.c:reply_negprot(341) Requested protocol [MICROSOFT NETWORKS 1.03] [2000/11/22 04:23:07, 3] smbd/negprot.c:reply_negprot(341) Requested protocol [MICROSOFT NETWORKS 3.0] [2000/11/22 04:23:07, 3] smbd/negprot.c:reply_negprot(341) Requested protocol [LANMAN1.0] [2000/11/22 04:23:07, 3] smbd/negprot.c:reply_negprot(341) Requested protocol [LM1.2X002] [2000/11/22 04:23:07, 3] smbd/negprot.c:reply_negprot(341) Requested protocol [Samba] [2000/11/22 04:23:07, 3] smbd/negprot.c:reply_negprot(424) Selected protocol NT LANMAN 1.0 [2000/11/22 04:23:07, 3] smbd/process.c:process_smb(618) Transaction 2 of length 78 [2000/11/22 04:23:07, 3] smbd/process.c:switch_message(448) switch message SMBsesssetupX (pid 8517) [2000/11/22 04:23:07, 3] smbd/reply.c:reply_sesssetup_and_X(805) Domain=[] NativeOS=[Unix] NativeLanMan=[Samba] [2000/11/22 04:23:07, 3] smbd/reply.c:reply_sesssetup_and_X(809) sesssetupX:name=[] <---- is this what could be causing it??? I don't know why it's blank [2000/11/22 04:23:07, 3] smbd/reply.c:reply_sesssetup_and_X(952) No such user - using guest account [2000/11/22 04:23:07, 1] smbd/reply.c:reply_sesssetup_and_X(988) Username is invalid on this system Please email any advice you may have to choranburg@iss.net, it is most greatly appreciated. ********************************************************* Chadd M. Horanburg Internet Security Systems Managed Intrusion Detection Systems, Intrusion Detection Technician 3000 Town Center Dr Suite 1100 Southfield, MI 48075 P. 877-563-8739 F. 248-352-0301 choranburg@iss.net PGP Key available from standard key servers Internet Security Systems - The power to protect *********************************************************
Hello Chad, Based on the error message I see, try this: Set your guest account = to a valid unix user. (if guest account = nothing, then samba defaults to using user 'nobody' which you may have for security reasons removed from your etc/passwd file. Hope this helps, Don -----Original Message----- From: Horanburg, Chadd (ISS Southfield) [mailto:CHoranburg@iss.net] Sent: Friday, January 05, 2001 5:25 AM To: Samba (E-mail) Subject: Users can't change their own password... Hello, I've recently put Samba into production, and while I do love it, I am having a problem I can not figure out. It comes when a regular user tries to change their password. I have dug through the FAQ's I could find, and also looked through a few trouble shooting sections. Everything they suggest checks out. The server as a whole works great. If I log in as root and change a users password, that works fine. However, a user is unable to. As for the basic info, this is running on an Intel platform, using Solaris 7 (X86). I am using Samba 2.0.7. Below I have pasted the Global Section, minus a few lines taken out for security. And below that is some excerpts from the logs, along with the command I ran, minus the actual userid. If anyone has any ideas, I would love to hear them. I'm open to anything at this point. You can reach me at choranburg@iss.net A sincere thanks, Chadd ******<Excerpts from [GLOBAL] [global] workgroup = #<blank> we don't use standard NT networking.... netbios name = xxxxxxx encrypt passwords = Yes allow trusted domains = No restrict anonymous = Yes debug level = 3 log file = /var/adm/samba/log max log size = 2000 logon drive = H: local master = No guest account valid users = +xxxxx admin users = xxxxxxxxxx #(my account) read list = +xxxxx write list = +xxxxx my userid is currently 10 digits, would that cause a problem? I've tried smaller userids, legal on both Sun and NT as far as I know. *******<Command string used> % /usr/local/samba/bin/smbpasswd doing parameter log file = /var/adm/samba/log doing parameter max log size = 2000 doing parameter logon drive = H: doing parameter local master = No doing parameter guest account = doing parameter valid users = +xxxxx doing parameter admin users = xxxxxxxxxx (my account) doing parameter read list = +xxxxx doing parameter write list = +xxxxx pm_process() returned Yes added interface ip=xxx.xxx.xxx.xxx bcast=xxx.xxx.xxx.255 nmask=255.255.255.0 Old SMB password: New SMB password: Retype new SMB password: Connecting to 127.0.0.1 at port 139 machine 127.0.0.1 rejected the session setup. Error was : ERRSRV - ERRbadpw (Bad password - name/password pair in a Tree Connect or Session Setup are invalid.). Failed to change password for xxxxxxxxxx *******<Excerpt from the Logs, my guess as to what the problem is.> [2000/11/22 04:23:07, 3] param/loadparm.c:lp_load(2805) pm_process() returned Yes [2000/11/22 04:23:07, 3] param/loadparm.c:lp_add_ipc(1594) adding IPC service [2000/11/22 04:23:07, 2] lib/interface.c:add_interface(83) added interface ip=xxx.xxx.xxx.xxx bcast=xxx.xxx.xxx.255 nmask=255.255.255.0 [2000/11/22 04:23:07, 0] lib/util_sock.c:set_socket_options(151) Failed to set socket option SO_KEEPALIVE (Error Bad file number) [2000/11/22 04:23:07, 0] lib/util_sock.c:set_socket_options(151) Failed to set socket option TCP_NODELAY (Error Bad file number) [2000/11/22 04:23:07, 2] smbd/server.c:main(746) Changed root to / [2000/11/22 04:23:07, 3] smbd/oplock.c:open_oplock_ipc(86) open_oplock_ipc: opening loopback UDP socket. [2000/11/22 04:23:07, 3] lib/util_sock.c:open_socket_in(875) bind succeeded on port 0 [2000/11/22 04:23:07, 3] smbd/oplock.c:open_oplock_ipc(114) open_oplock ipc: pid = 8517, global_oplock_port = 32805 [2000/11/22 04:23:07, 3] smbd/process.c:process_smb(618) Transaction 0 of length 76 [2000/11/22 04:23:07, 2] smbd/reply.c:reply_special(97) netbios connect: name1=127.0.0.1 name2=SERVER [2000/11/22 04:23:07, 3] smbd/process.c:process_smb(618) Transaction 1 of length 168 [2000/11/22 04:23:07, 3] smbd/process.c:switch_message(448) switch message SMBnegprot (pid 8517) [2000/11/22 04:23:07, 3] smbd/negprot.c:reply_negprot(341) Requested protocol [PC NETWORK PROGRAM 1.0] [2000/11/22 04:23:07, 3] smbd/negprot.c:reply_negprot(341) Requested protocol [MICROSOFT NETWORKS 1.03] [2000/11/22 04:23:07, 3] smbd/negprot.c:reply_negprot(341) Requested protocol [MICROSOFT NETWORKS 3.0] [2000/11/22 04:23:07, 3] smbd/negprot.c:reply_negprot(341) Requested protocol [LANMAN1.0] [2000/11/22 04:23:07, 3] smbd/negprot.c:reply_negprot(341) Requested protocol [LM1.2X002] [2000/11/22 04:23:07, 3] smbd/negprot.c:reply_negprot(341) Requested protocol [Samba] [2000/11/22 04:23:07, 3] smbd/negprot.c:reply_negprot(424) Selected protocol NT LANMAN 1.0 [2000/11/22 04:23:07, 3] smbd/process.c:process_smb(618) Transaction 2 of length 78 [2000/11/22 04:23:07, 3] smbd/process.c:switch_message(448) switch message SMBsesssetupX (pid 8517) [2000/11/22 04:23:07, 3] smbd/reply.c:reply_sesssetup_and_X(805) Domain=[] NativeOS=[Unix] NativeLanMan=[Samba] [2000/11/22 04:23:07, 3] smbd/reply.c:reply_sesssetup_and_X(809) sesssetupX:name=[] <---- is this what could be causing it??? I don't know why it's blank [2000/11/22 04:23:07, 3] smbd/reply.c:reply_sesssetup_and_X(952) No such user - using guest account [2000/11/22 04:23:07, 1] smbd/reply.c:reply_sesssetup_and_X(988) Username is invalid on this system Please email any advice you may have to choranburg@iss.net, it is most greatly appreciated. ********************************************************* Chadd M. Horanburg Internet Security Systems Managed Intrusion Detection Systems, Intrusion Detection Technician 3000 Town Center Dr Suite 1100 Southfield, MI 48075 P. 877-563-8739 F. 248-352-0301 choranburg@iss.net PGP Key available from standard key servers Internet Security Systems - The power to protect *********************************************************