Charles Hamel
2003-Dec-12 18:44 UTC
[Samba] incorrect password length when joining domain, need help
Hi I just re-initiated by ldap sam database using smbldap-populate.pl, modified the Administrator account (uid/gid=0). I can join the domain from a Samba 2.2.7 linux machine, it creates the machine account etc... The problem happens with Windows 2000 SP2, It tells me wrong user/password. Here is the samba error : decode_pw_buffer: incorrect password length (-2118884061). Here is the full log : Attempting administrator password change (level 23) for user workstation$ [2003/12/12 13:25:57, 0] libsmb/smbencrypt.c:decode_pw_buffer(501) decode_pw_buffer: incorrect password length (-2118884061). [2003/12/12 13:25:57, 0] libsmb/smbencrypt.c:decode_pw_buffer(502) decode_pw_buffer: check that 'encrypt passwords = yes' [2003/12/12 13:25:57, 5] rpc_parse/parse_prs.c:prs_debug(82) 000000 samr_io_r_set_userinfo [2003/12/12 13:25:57, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) 0000 status: NT_STATUS_ACCESS_DENIED [2003/12/12 13:25:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(1549) api_rpcTNP: called samr successfully Here is my smb.conf file [global] #### ADD SCRIPTS add machine script = /usr/local/samba/share/smbldap-useradd.pl -w "%u" add user script = /usr/local/samba/share/smbldap-useradd.pl "%u" delete user script = /usr/local/samba/share/smbldap-userdel.pl "%u" add group script = /usr/local/samba/share/smbldap-groupadd.pl "%g" delete group script = /usr/local/samba/share/smbldap-groupdel.pl "%g" add user to group script = /usr/local/samba/share/smbldap-groupmod.pl -m "%u" "%g" delete user from group script = /usr/local/samba/share/smbldap-groupmod.pl -x "%u" "%g" set primary group script = /usr/local/samba/share/smbldap-usermod.pl -G "%g" "%u" null passwords = yes #unix charset = UTF-8 passdb backend = ldapsam:ldap://localhost/ ldap suffix = o=smb,dc=qc,dc=ca ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap admin dn = cn=root,o=smb,dc=qc,dc=ca guest account = nobody workgroup = LINUX netbios name = PDC comment = Server security = user encrypt passwords = yes logon script = scripts\%U.bat domain logons = Yes os level = 255 preferred master = Yes domain master = Yes #hosts allow = 192.168.0.0/255.255.255.0 share modes = No wins support = Yes [homes] path=/home/domainusers read only = No create mask = 0700 directory mask = 0700 locking = No oplocks = No [netlogon] path = /usr/local/samba/netlogon locking = no read only = yes [profiles] path = /home/domainusers/profiles read only = no writeable = yes create mask = 0600 directory mask = 0700 Here is the LDIF entry of Administrator : dn: uid=Administrator,ou=Users,o=smb,dc=qc,dc=ca cn: Administrator sn: Administrator objectClass: inetOrgPerson objectClass: sambaSAMAccount objectClass: posixAccount uid: Administrator sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaHomePath: \\PDC\homes sambaHomeDrive: U: sambaProfilePath: \\PDC\profiles\ loginShell: /bin/false gecos: Netbios Domain Administrator sambaSID: S-1-5-21-3655003630-1527190663-3647191254-1000 sambaPrimaryGroupSID: S-1-5-21-3655003630-1527190663-3647191254-1001 uidNumber: 0 gidNumber: 0 homeDirectory: / sambaLMPassword: XXXXXXXXXXXXXXXXXXXXXXXXXX (removed) sambaAcctFlags: [U] sambaNTPassword: XXXXXXXXXXXXXXXXXXXXXXXXXX (removed) sambaPwdLastSet: 1071185436 sambaPwdMustChange: 1075073436 userPassword:: XXXXXXXXXXXXXXXXXXXXXXXXXX (removed) I am running Samba 3.0.1rc1 on Redhat 9.0 Please help me Thank you Charles
Charles Hamel
2003-Dec-12 20:38 UTC
[Samba] incorrect password length when joining domain, need help
I fixed my problem, This problem started to appear with 3.0.1rc1 ( maybe pre3 too ). I installed RC2 and it did not fix the problem, 3.0.0 works fine! Charles On Fri, 12 Dec 2003 14:01:51 -0500, Charles Hamel wrote> Hi > > I just re-initiated by ldap sam database using smbldap-populate.pl, modified > the Administrator account (uid/gid=0). I can join the domain from a Samba > > 2.2.7 linux machine, it creates the machine account etc... The > problem happens with Windows 2000 SP2, It tells me wrong > user/password. Here is the samba error : decode_pw_buffer: incorrect > password length (-2118884061). > > Here is the full log : > > Attempting administrator password change (level 23) for user workstation$ > [2003/12/12 13:25:57, 0] libsmb/smbencrypt.c:decode_pw_buffer(501) > decode_pw_buffer: incorrect password length (-2118884061). > [2003/12/12 13:25:57, 0] libsmb/smbencrypt.c:decode_pw_buffer(502) > decode_pw_buffer: check that 'encrypt passwords = yes' > [2003/12/12 13:25:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_set_userinfo > [2003/12/12 13:25:57, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0000 status: NT_STATUS_ACCESS_DENIED > [2003/12/12 13:25:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(1549) > api_rpcTNP: called samr successfully > > Here is my smb.conf file > [global] > > #### ADD SCRIPTS > add machine script = /usr/local/samba/share/smbldap-useradd.pl -w > "%u" add user script = /usr/local/samba/share/smbldap-useradd.pl > "%u" delete user script = /usr/local/samba/share/smbldap-userdel.pl "%u" > add group script = /usr/local/samba/share/smbldap-groupadd.pl "%g" > delete group script = /usr/local/samba/share/smbldap-groupdel.pl "%g" > add user to group script = /usr/local/samba/share/smbldap- > groupmod.pl -m "%u" "%g" delete user from group script = > /usr/local/samba/share/smbldap-groupmod.pl -x "%u" "%g" set primary > group script = /usr/local/samba/share/smbldap-usermod.pl -G "%g" "%u" > > null passwords = yes > #unix charset = UTF-8 > passdb backend = ldapsam:ldap://localhost/ > ldap suffix = o=smb,dc=qc,dc=ca > ldap machine suffix = ou=Computers > ldap user suffix = ou=Users > ldap group suffix = ou=Groups > ldap admin dn = cn=root,o=smb,dc=qc,dc=ca > guest account = nobody > workgroup = LINUX > netbios name = PDC > comment = Server > security = user > encrypt passwords = yes > logon script = scripts\%U.bat > domain logons = Yes > os level = 255 > preferred master = Yes > domain master = Yes > #hosts allow = 192.168.0.0/255.255.255.0 > share modes = No > wins support = Yes > [homes] > path=/home/domainusers > read only = No > create mask = 0700 > directory mask = 0700 > locking = No > oplocks = No > > [netlogon] > path = /usr/local/samba/netlogon > locking = no > read only = yes > > [profiles] > path = /home/domainusers/profiles > read only = no > writeable = yes > create mask = 0600 > directory mask = 0700 > > Here is the LDIF entry of Administrator : > > dn: uid=Administrator,ou=Users,o=smb,dc=qc,dc=ca > cn: Administrator > sn: Administrator > objectClass: inetOrgPerson > objectClass: sambaSAMAccount > objectClass: posixAccount > uid: Administrator > sambaLogonTime: 0 > sambaLogoffTime: 2147483647 > sambaKickoffTime: 2147483647 > sambaPwdCanChange: 0 > sambaHomePath: \\PDC\homes > sambaHomeDrive: U: > sambaProfilePath: \\PDC\profiles\ > loginShell: /bin/false > gecos: Netbios Domain Administrator > sambaSID: S-1-5-21-3655003630-1527190663-3647191254-1000 > sambaPrimaryGroupSID: S-1-5-21-3655003630-1527190663-3647191254-1001 > uidNumber: 0 > gidNumber: 0 > homeDirectory: / > sambaLMPassword: XXXXXXXXXXXXXXXXXXXXXXXXXX (removed) > sambaAcctFlags: [U] > sambaNTPassword: XXXXXXXXXXXXXXXXXXXXXXXXXX (removed) > sambaPwdLastSet: 1071185436 > sambaPwdMustChange: 1075073436 > userPassword:: XXXXXXXXXXXXXXXXXXXXXXXXXX (removed) > > I am running Samba 3.0.1rc1 on Redhat 9.0 > > Please help me > > Thank you > > Charles > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba-- Open WebMail Project (http://openwebmail.org)