Charles Hamel
2003-Dec-12 18:44 UTC
[Samba] incorrect password length when joining domain, need help
Hi
I just re-initiated by ldap sam database using smbldap-populate.pl, modified
the Administrator account (uid/gid=0). I can join the domain from a Samba
2.2.7 linux machine, it creates the machine account etc... The problem happens
with Windows 2000 SP2, It tells me wrong user/password. Here is the samba
error : decode_pw_buffer: incorrect password length (-2118884061).
Here is the full log :
Attempting administrator password change (level 23) for user workstation$
[2003/12/12 13:25:57, 0] libsmb/smbencrypt.c:decode_pw_buffer(501)
decode_pw_buffer: incorrect password length (-2118884061).
[2003/12/12 13:25:57, 0] libsmb/smbencrypt.c:decode_pw_buffer(502)
decode_pw_buffer: check that 'encrypt passwords = yes'
[2003/12/12 13:25:57, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 samr_io_r_set_userinfo
[2003/12/12 13:25:57, 5] rpc_parse/parse_prs.c:prs_ntstatus(665)
0000 status: NT_STATUS_ACCESS_DENIED
[2003/12/12 13:25:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(1549)
api_rpcTNP: called samr successfully
Here is my smb.conf file
[global]
#### ADD SCRIPTS
add machine script = /usr/local/samba/share/smbldap-useradd.pl -w "%u"
add user script = /usr/local/samba/share/smbldap-useradd.pl "%u"
delete user script = /usr/local/samba/share/smbldap-userdel.pl "%u"
add group script = /usr/local/samba/share/smbldap-groupadd.pl "%g"
delete group script = /usr/local/samba/share/smbldap-groupdel.pl "%g"
add user to group script = /usr/local/samba/share/smbldap-groupmod.pl -m
"%u" "%g"
delete user from group script = /usr/local/samba/share/smbldap-groupmod.pl -x
"%u" "%g"
set primary group script = /usr/local/samba/share/smbldap-usermod.pl -G
"%g" "%u"
null passwords = yes
#unix charset = UTF-8
passdb backend = ldapsam:ldap://localhost/
ldap suffix = o=smb,dc=qc,dc=ca
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap admin dn = cn=root,o=smb,dc=qc,dc=ca
guest account = nobody
workgroup = LINUX
netbios name = PDC
comment = Server
security = user
encrypt passwords = yes
logon script = scripts\%U.bat
domain logons = Yes
os level = 255
preferred master = Yes
domain master = Yes
#hosts allow = 192.168.0.0/255.255.255.0
share modes = No
wins support = Yes
[homes]
path=/home/domainusers
read only = No
create mask = 0700
directory mask = 0700
locking = No
oplocks = No
[netlogon]
path = /usr/local/samba/netlogon
locking = no
read only = yes
[profiles]
path = /home/domainusers/profiles
read only = no
writeable = yes
create mask = 0600
directory mask = 0700
Here is the LDIF entry of Administrator :
dn: uid=Administrator,ou=Users,o=smb,dc=qc,dc=ca
cn: Administrator
sn: Administrator
objectClass: inetOrgPerson
objectClass: sambaSAMAccount
objectClass: posixAccount
uid: Administrator
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaHomePath: \\PDC\homes
sambaHomeDrive: U:
sambaProfilePath: \\PDC\profiles\
loginShell: /bin/false
gecos: Netbios Domain Administrator
sambaSID: S-1-5-21-3655003630-1527190663-3647191254-1000
sambaPrimaryGroupSID: S-1-5-21-3655003630-1527190663-3647191254-1001
uidNumber: 0
gidNumber: 0
homeDirectory: /
sambaLMPassword: XXXXXXXXXXXXXXXXXXXXXXXXXX (removed)
sambaAcctFlags: [U]
sambaNTPassword: XXXXXXXXXXXXXXXXXXXXXXXXXX (removed)
sambaPwdLastSet: 1071185436
sambaPwdMustChange: 1075073436
userPassword:: XXXXXXXXXXXXXXXXXXXXXXXXXX (removed)
I am running Samba 3.0.1rc1 on Redhat 9.0
Please help me
Thank you
Charles
Charles Hamel
2003-Dec-12 20:38 UTC
[Samba] incorrect password length when joining domain, need help
I fixed my problem, This problem started to appear with 3.0.1rc1 ( maybe pre3 too ). I installed RC2 and it did not fix the problem, 3.0.0 works fine! Charles On Fri, 12 Dec 2003 14:01:51 -0500, Charles Hamel wrote> Hi > > I just re-initiated by ldap sam database using smbldap-populate.pl, modified > the Administrator account (uid/gid=0). I can join the domain from a Samba > > 2.2.7 linux machine, it creates the machine account etc... The > problem happens with Windows 2000 SP2, It tells me wrong > user/password. Here is the samba error : decode_pw_buffer: incorrect > password length (-2118884061). > > Here is the full log : > > Attempting administrator password change (level 23) for user workstation$ > [2003/12/12 13:25:57, 0] libsmb/smbencrypt.c:decode_pw_buffer(501) > decode_pw_buffer: incorrect password length (-2118884061). > [2003/12/12 13:25:57, 0] libsmb/smbencrypt.c:decode_pw_buffer(502) > decode_pw_buffer: check that 'encrypt passwords = yes' > [2003/12/12 13:25:57, 5] rpc_parse/parse_prs.c:prs_debug(82) > 000000 samr_io_r_set_userinfo > [2003/12/12 13:25:57, 5] rpc_parse/parse_prs.c:prs_ntstatus(665) > 0000 status: NT_STATUS_ACCESS_DENIED > [2003/12/12 13:25:57, 5] rpc_server/srv_pipe.c:api_rpcTNP(1549) > api_rpcTNP: called samr successfully > > Here is my smb.conf file > [global] > > #### ADD SCRIPTS > add machine script = /usr/local/samba/share/smbldap-useradd.pl -w > "%u" add user script = /usr/local/samba/share/smbldap-useradd.pl > "%u" delete user script = /usr/local/samba/share/smbldap-userdel.pl "%u" > add group script = /usr/local/samba/share/smbldap-groupadd.pl "%g" > delete group script = /usr/local/samba/share/smbldap-groupdel.pl "%g" > add user to group script = /usr/local/samba/share/smbldap- > groupmod.pl -m "%u" "%g" delete user from group script = > /usr/local/samba/share/smbldap-groupmod.pl -x "%u" "%g" set primary > group script = /usr/local/samba/share/smbldap-usermod.pl -G "%g" "%u" > > null passwords = yes > #unix charset = UTF-8 > passdb backend = ldapsam:ldap://localhost/ > ldap suffix = o=smb,dc=qc,dc=ca > ldap machine suffix = ou=Computers > ldap user suffix = ou=Users > ldap group suffix = ou=Groups > ldap admin dn = cn=root,o=smb,dc=qc,dc=ca > guest account = nobody > workgroup = LINUX > netbios name = PDC > comment = Server > security = user > encrypt passwords = yes > logon script = scripts\%U.bat > domain logons = Yes > os level = 255 > preferred master = Yes > domain master = Yes > #hosts allow = 192.168.0.0/255.255.255.0 > share modes = No > wins support = Yes > [homes] > path=/home/domainusers > read only = No > create mask = 0700 > directory mask = 0700 > locking = No > oplocks = No > > [netlogon] > path = /usr/local/samba/netlogon > locking = no > read only = yes > > [profiles] > path = /home/domainusers/profiles > read only = no > writeable = yes > create mask = 0600 > directory mask = 0700 > > Here is the LDIF entry of Administrator : > > dn: uid=Administrator,ou=Users,o=smb,dc=qc,dc=ca > cn: Administrator > sn: Administrator > objectClass: inetOrgPerson > objectClass: sambaSAMAccount > objectClass: posixAccount > uid: Administrator > sambaLogonTime: 0 > sambaLogoffTime: 2147483647 > sambaKickoffTime: 2147483647 > sambaPwdCanChange: 0 > sambaHomePath: \\PDC\homes > sambaHomeDrive: U: > sambaProfilePath: \\PDC\profiles\ > loginShell: /bin/false > gecos: Netbios Domain Administrator > sambaSID: S-1-5-21-3655003630-1527190663-3647191254-1000 > sambaPrimaryGroupSID: S-1-5-21-3655003630-1527190663-3647191254-1001 > uidNumber: 0 > gidNumber: 0 > homeDirectory: / > sambaLMPassword: XXXXXXXXXXXXXXXXXXXXXXXXXX (removed) > sambaAcctFlags: [U] > sambaNTPassword: XXXXXXXXXXXXXXXXXXXXXXXXXX (removed) > sambaPwdLastSet: 1071185436 > sambaPwdMustChange: 1075073436 > userPassword:: XXXXXXXXXXXXXXXXXXXXXXXXXX (removed) > > I am running Samba 3.0.1rc1 on Redhat 9.0 > > Please help me > > Thank you > > Charles > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba-- Open WebMail Project (http://openwebmail.org)