Gennady G. Marchenko
2004-Aug-04 08:32 UTC
[Samba] ldapsync, Samba LDAP bug?: win clients return error when change passwd in samba3 PDC
When I am setup external passwd change script (syncldap) for sync my smb
pass and unix pass, and change smb password on my windows client client, him
return error, but password change is successful!
It's log from samba for my windows client machine:
[2004/08/04 11:46:52, 3] smbd/chgpasswd.c:chat_with_program(424)
chat_with_program: Dochild for user g-marchenko (uid=0,gid=0) (as_root Yes)
[2004/08/04 11:46:52, 10] smbd/chgpasswd.c:dochild(217)
Invoking '/usr/local/bin/ldapsync.pl -o g-marchenko' as password
change
program.
[2004/08/04 11:46:52, 10] lib/util_sock.c:read_socket_with_timeout(263)
read_socket_with_timeout: timeout read. select timed out.
[2004/08/04 11:46:52, 100] smbd/chgpasswd.c:expect(274)
expect: expected [*New*Password*] received [New password for user
g-marchenko: ] match yes
[2004/08/04 11:46:52, 10] smbd/chgpasswd.c:expect(285)
expect: returning True
[2004/08/04 11:46:52, 100] smbd/chgpasswd.c:expect(237)
expect: sending [test2
]
[2004/08/04 11:46:52, 10] lib/util_sock.c:read_socket_with_timeout(263)
read_socket_with_timeout: timeout read. select timed out.
[2004/08/04 11:46:52, 100] smbd/chgpasswd.c:expect(274)
expect: expected [*Retype*new*password*] received [
Retype new password for user g-marchenko: ] match yes
[2004/08/04 11:46:52, 10] smbd/chgpasswd.c:expect(285)
expect: returning True
[2004/08/04 11:46:52, 100] smbd/chgpasswd.c:expect(237)
expect: sending [test2
]
[2004/08/04 11:46:52, 0] lib/util_sock.c:read_socket_with_timeout(279)
read_socket_with_timeout: timeout read. read error = Input/output error.
[2004/08/04 11:46:52, 100] smbd/chgpasswd.c:expect(274)
expect: expected [*modifying*] received [
modifying entry "uid=g-marchenko,ou=People,o=office,dc=iss,dc=ru"
] match yes
[2004/08/04 11:46:52, 10] smbd/chgpasswd.c:expect(285)
expect: returning True
[2004/08/04 11:46:52, 3] smbd/chgpasswd.c:chat_with_program(440)
chat_with_program: Password change successful for user g-marchenko
[2004/08/04 11:46:52, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
element 32 -> now CHANGED
[2004/08/04 11:46:52, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
element 31 -> now CHANGED
[2004/08/04 11:46:52, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
element 10 -> now CHANGED
[2004/08/04 11:46:52, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
element 20 -> now CHANGED
[2004/08/04 11:46:52, 10] lib/account_pol.c:account_policy_get(134)
account_policy_get: maximum password age:-1
[2004/08/04 11:46:52, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
element 9 -> now CHANGED
[2004/08/04 11:46:52, 10] lib/account_pol.c:account_policy_get(134)
account_policy_get: minimum password age:0
[2004/08/04 11:46:52, 11] passdb/pdb_get_set.c:pdb_set_init_flags(482)
element 8 -> now CHANGED
[2004/08/04 11:46:52, 4] passdb/pdb_ldap.c:ldapsam_update_sam_account(1390)
ldapsam_update_sam_account: user g-marchenko to be modified has dn:
uid=g-marchenko,ou=People,o=office,dc=iss,dc=ru
[2004/08/04 11:46:52, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 11: SET
[2004/08/04 11:46:52, 2] passdb/pdb_ldap.c:init_ldap_from_sam(769)
init_ldap_from_sam: Setting entry for user: g-marchenko
[2004/08/04 11:46:52, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 17: SET
[2004/08/04 11:46:52, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 18: SET
[2004/08/04 11:46:52, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 12: SET
[2004/08/04 11:46:52, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 22: SET
[2004/08/04 11:46:52, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
element 23: DEFAULT
[2004/08/04 11:46:52, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
element 25: DEFAULT
[2004/08/04 11:46:52, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
element 1: DEFAULT
[2004/08/04 11:46:52, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
element 3: DEFAULT
[2004/08/04 11:46:52, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
element 4: DEFAULT
[2004/08/04 11:46:52, 11] passdb/pdb_get_set.c:pdb_get_init_flags(199)
element 2: DEFAULT
[2004/08/04 11:46:52, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 5: SET
[2004/08/04 11:46:52, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 6: SET
[2004/08/04 11:46:52, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 7: SET
[2004/08/04 11:46:52, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 8: SET
[2004/08/04 11:46:52, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194)
element 8: CHANGED
[2004/08/04 11:46:52, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 9: SET
[2004/08/04 11:46:52, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194)
element 9: CHANGED
[2004/08/04 11:46:52, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 31: SET
[2004/08/04 11:46:52, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194)
element 31: CHANGED
[2004/08/04 11:46:52, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 32: SET
[2004/08/04 11:46:52, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194)
element 32: CHANGED
[2004/08/04 11:46:52, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 20: SET
[2004/08/04 11:46:52, 11] passdb/pdb_get_set.c:pdb_get_init_flags(194)
element 20: CHANGED
[2004/08/04 11:46:52, 11] passdb/pdb_get_set.c:pdb_get_init_flags(189)
element 19: SET
[2004/08/04 11:46:52, 5] lib/smbldap.c:smbldap_modify(976)
smbldap_modify: dn => [uid=g-marchenko,ou=People,o=office,dc=iss,dc=ru]
[2004/08/04 11:46:52, 11] lib/smbldap.c:smbldap_open(828)
smbldap_open: already connected to the LDAP server
[2004/08/04 11:46:52, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1217)
ldapsam_modify_entry: Failed to modify user
dnuid=g-marchenko,ou=People,o=office,dc=iss,dc=ru with: No such attribute
modify/delete: sambaLMPassword: no such value
[2004/08/04 11:46:52, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1417)
ldapsam_update_sam_account: failed to modify user with uid = g-marchenko,
error: modify/delete: sambaLMPassword: no such value (Success)
[2004/08/04 11:46:52, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 1
[2004/08/04 11:46:52, 5]
rpc_parse/parse_samr.c:init_samr_r_chgpasswd_user(7120)
init_r_chgpasswd_user
[2004/08/04 11:46:52, 5] rpc_server/srv_samr_nt.c:_samr_chgpasswd_user(1469)
_samr_chgpasswd_user: 1469
[2004/08/04 11:46:52, 5] rpc_parse/parse_prs.c:prs_debug(82)
000000 samr_io_r_chgpasswd_user
[2004/08/04 11:46:52, 5] rpc_parse/parse_prs.c:prs_ntstatus(665)
0000 status: NT_STATUS_ACCESS_DENIED
I think what Samba PDC trying to change user's password twice, first - with
passwd program (ldapsync.pl), and second - with internal functionality samba
as PDC. Second try return error, and these error receive my windows client.
How I make fix it? Or it's bug in Samba3?
Thanks for you help,
Gennady.
Andrew Bartlett
2004-Sep-02 03:31 UTC
[Samba] ldapsync, Samba LDAP bug?: win clients return error when change passwd in samba3 PDC
On Wed, 2004-08-04 at 18:32, Gennady G. Marchenko wrote:> When I am setup external passwd change script (syncldap) for sync my smb > pass and unix pass, and change smb password on my windows client client, him > return error, but password change is successful! > I think what Samba PDC trying to change user's password twice, first - with > passwd program (ldapsync.pl), and second - with internal functionality samba > as PDC. Second try return error, and these error receive my windows client.> How I make fix it? Or it's bug in Samba3?Sounds like a typical case for 'ldap password sync = yes'. This is a bug in the script, in any case, as external scripts called by Samba should not modify Samba attributes. Andrew Bartlett -- Andrew Bartlett abartlet@samba.org Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20040902/30d36d9a/attachment.bin