samba - Mar 2001 - undesired root password change

After I have found the solutions for the login troubles, I have stumbled
upon the next rather annoying problem, perhaps hav I done something very
wrong, but if someone knows anything about the following then please...

Samba 2.0.7 on FreeBSD 4.2-stable
Windows 95 workstations
I used plaintext password, everything OK.
When I put the parm "encrypt passwords = true", no one can login,
until I
add a user with the smbpasswd -a option.
Now I want to change the password for the user, in Windows I do this in
Configuration, and all goes well, I can login again with te new password,
but not with the old one. 
So far so good.

BUT now the horror: when I try (on the BSD box) to su myself to root, it
keeps on saying that the password is wrong, but I have not changed the
password so far I know. It turns out that the root password is changed to
the new password for the user above, I have examined this a little bit and
found out that when changing the password in Windows, the corresponding
password in the smbpasswd file is being changed accordingly, BUT NOT THE
PASSWORD FOR THE UNIX-USER, INSTEAD THE PASSWORD FOR ROOT IS BEING CHANGED!!!

My question: is this a known behaviour? is this a real security bug, have I
done something wrong or overlooked something?
BTW isn't there an option to force periodic password change?

thanks in advance
Jeroen Heijungs
Het Muziektheater
Amsterdam, The Netherlands


My SMB.CONF
[global]
   workgroup = LICHT
   netbios name = LICHTSERVER
   server string = TEST %L (Samba %v)
   domain logons = Yes
   os level = 33
   logon script = %g\smblogin.bat

   # Netwerkopties
   interfaces = 172.22.1.1/16 172.20.1.14/16
   socket options = TCP_NODELAY SO_KEEPALIVE IPTOS_LOWDELAY

   # Security
   invalid users = root
   security = user
   min password length = 5
   unix password sync = Yes
   encrypt passwords = true
   smb passwd file = /usr/local/private/smbpasswd
   hosts allow = 172.22. 172.20.1.12 172.20.3.26 localhost

   # File system rechten
   inherit permissions = yes
   map archive = no

   # Logging
   log file = /var/log/log.%m
   max log size = 1024
   debug uid = Yes
   log level = 1

   # Printing
   load printers = No

You seem to be missing some lines in your Security Section. I'm pasting
the following from my smb.conf. Again, is is from a Linux system, you may
need to adjust slightly for BSD.       

# The following are needed to allow password changing from Windows to 
# update the Linux sytsem password also. 
# NOTE: Use these with 'encrypt passwords' and 'smb passwd file'
above.
# NOTE2: You do NOT need these to allow workstations to change only 
# the encrypted SMB passwords. They allow the Unix password 
# to be kept in sync with the SMB password. 
;  unix password sync = Yes ;  passwd program = /usr/bin/passwd %u
;  passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n 
*passwd:*all*authentication*tokens*updated*successfully* 



Note, the above two lines are all 1 line.




































On Mon, 26 Mar 2001, Jeroen Heijungs wrote:
> After I have found the solutions for the login troubles, I have stumbled
> upon the next rather annoying problem, perhaps hav I done something very
> wrong, but if someone knows anything about the following then please...
> 
> Samba 2.0.7 on FreeBSD 4.2-stable
> Windows 95 workstations
> I used plaintext password, everything OK.
> When I put the parm "encrypt passwords = true", no one can login,
until I
> add a user with the smbpasswd -a option.
> Now I want to change the password for the user, in Windows I do this in
> Configuration, and all goes well, I can login again with te new password,
> but not with the old one. 
> So far so good.
> 
> BUT now the horror: when I try (on the BSD box) to su myself to root, it
> keeps on saying that the password is wrong, but I have not changed the
> password so far I know. It turns out that the root password is changed to
> the new password for the user above, I have examined this a little bit and
> found out that when changing the password in Windows, the corresponding
> password in the smbpasswd file is being changed accordingly, BUT NOT THE
> PASSWORD FOR THE UNIX-USER, INSTEAD THE PASSWORD FOR ROOT IS BEING
CHANGED!!!
> 
> My question: is this a known behaviour? is this a real security bug, have I
> done something wrong or overlooked something?
> BTW isn't there an option to force periodic password change?
> 
> thanks in advance
> Jeroen Heijungs
> Het Muziektheater
> Amsterdam, The Netherlands
> 
> 
> My SMB.CONF
> [global]
>    workgroup = LICHT
>    netbios name = LICHTSERVER
>    server string = TEST %L (Samba %v)
>    domain logons = Yes
>    os level = 33
>    logon script = %g\smblogin.bat
> 
>    # Netwerkopties
>    interfaces = 172.22.1.1/16 172.20.1.14/16
>    socket options = TCP_NODELAY SO_KEEPALIVE IPTOS_LOWDELAY
> 
>    # Security
>    invalid users = root
>    security = user
>    min password length = 5
>    unix password sync = Yes
>    encrypt passwords = true
>    smb passwd file = /usr/local/private/smbpasswd
>    hosts allow = 172.22. 172.20.1.12 172.20.3.26 localhost
> 
>    # File system rechten
>    inherit permissions = yes
>    map archive = no
> 
>    # Logging
>    log file = /var/log/log.%m
>    max log size = 1024
>    debug uid = Yes
>    log level = 1
> 
>    # Printing
>    load printers = No
> 
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>