Lieven Van Acker
2005-Jan-19 17:22 UTC
[Samba] Problems with smbpasswd: any local changes are discarted after connection request
Hi,
Can anybody confirm the following problem:
Sequence:
bash-2.05# grep ankerpos /usr/samba.moonrock/private/smbpasswd
ankerpos:921:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U
]:LCT-0
bash-2.05# /usr/samba.moonrock/bin/smbpasswd -c /usr/samba.moonrock/lib/smb.conf
ankerpos
New SMB password:
Retype new SMB password:
bash-2.05# grep ankerpos /usr/samba.moonrock/private/smbpasswd
ankerpos:921:4CD849F7C109C5D7B85EBEA904A749B9:1CC6D72446271E9697044BC68DB72678:[U
]:LCT-0
bash-2.05# smbclient -L moonrock.admin -U ankerpos
Password:
session setup failed: NT_STATUS_LOGON_FAILURE
bash-2.05# grep ankerpos /usr/samba.moonrock/private/smbpasswd
ankerpos:921:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U
]:LCT-0
smbd.conf (global section):
[global]
printing = sysv
printcap name = /etc/printcap
load printers = yes
guest account = nobody
workgroup = WFW
os level = 33
encrypt passwords = yes
security = user
preserve case = yes
hosts allow = .....
log file = /var/samba.moonrock/log/smb/log.%m
log level = 3
max log size = 500
deadtime = 120
dfree command=/usr/samba.moonrock/bin/dfree
server string # character set = utf-8
unix charset = UTF8
# dos charset = cp850
socket address = ....
interfaces = ce0
bind interfaces only = yes
pid directory = /var/samba.moonrock/run
passdb backend = smbpasswd:/usr/samba.moonrock/private/smbpasswd
log.moonrock:
[2005/01/19 18:02:31, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[WFW]\[ankerpos]@[MOONROCK] with the new password interface
[2005/01/19 18:02:31, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [MOONROCK]\[ankerpos]@[MOONROCK]
[2005/01/19 18:02:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/01/19 18:02:31, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/01/19 18:02:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/01/19 18:02:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2005/01/19 18:02:31, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2005/01/19 18:02:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2005/01/19 18:02:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/01/19 18:02:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/01/19 18:02:31, 3] libsmb/ntlm_check.c:ntlm_password_check(189)
ntlm_password_check: NO NT password stored for user ankerpos.
[2005/01/19 18:02:31, 3] libsmb/ntlm_check.c:ntlm_password_check(356)
ntlm_password_check: NEITHER LanMan nor NT password supplied for user ankerpos
[2005/01/19 18:02:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/01/19 18:02:31, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/01/19 18:02:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/01/19 18:02:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/01/19 18:02:31, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [ankerpos] -> [ankerpos]
FAILED
with error NT_STATUS_WRONG_PASSWORD
[2005/01/19 18:02:31, 3] smbd/process.c:timeout_processing(1335)
timeout_processing: End of file from client (client has disconnected).
[2005/01/19 18:02:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/01/19 18:02:31, 2] smbd/server.c:exit_server(577)
Closing connections
[2005/01/19 18:02:31, 3] smbd/connection.c:yield_connection(69)
Yielding connection to
[2005/01/19 18:02:31, 3] smbd/server.c:exit_server(620)
Server exit (normal exit)
[2005/01/19 18:05:32, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[WFW]\[ankerpos]@[MOONROCK] with the new password interface
[2005/01/19 18:05:32, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [MOONROCK]\[ankerpos]@[MOONROCK]
[2005/01/19 18:05:32, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/01/19 18:05:32, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/01/19 18:05:32, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/01/19 18:05:32, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2005/01/19 18:05:32, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2005/01/19 18:05:32, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2005/01/19 18:05:32, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/01/19 18:05:32, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/01/19 18:05:32, 3] libsmb/ntlm_check.c:ntlm_password_check(189)
ntlm_password_check: NO NT password stored for user ankerpos.
[2005/01/19 18:05:32, 3] libsmb/ntlm_check.c:ntlm_password_check(356)
ntlm_password_check: NEITHER LanMan nor NT password supplied for user ankerpos
[2005/01/19 18:05:32, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/01/19 18:05:32, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/01/19 18:05:32, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/01/19 18:05:32, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/01/19 18:05:32, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [ankerpos] -> [ankerpos]
FAILED
with error NT_STATUS_WRONG_PASSWORD
[2005/01/19 18:05:32, 3] smbd/process.c:timeout_processing(1335)
timeout_processing: End of file from client (client has disconnected).
[2005/01/19 18:05:32, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/01/19 18:05:32, 2] smbd/server.c:exit_server(577)
Closing connections
[2005/01/19 18:05:32, 3] smbd/connection.c:yield_connection(69)
Yielding connection to
[2005/01/19 18:05:32, 3] smbd/server.c:exit_server(620)
Server exit (normal exit)
--
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Lieven Van Acker e-mail: Lieven.VanAcker@UGent.be
Directie ICT, Afdeling Infrastructuur
Groep Systemen tel: +32 9 264 4732
Universiteit Gent fax: +32 9 264 4994
Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Lieven Van Acker
2005-Jan-19 18:41 UTC
[Samba] Problems with smbpasswd: any local changes are discarted after connection request
This issue was by design (see release notes of 3.0.2a), since the LCT field is used to grant a user access. Point is LCT-X should != LCT-0. Regards Lieven Op wo, 19-01-2005 te 18:22 +0100, schreef Lieven Van Acker:> Hi, > > Can anybody confirm the following problem: > > Sequence: > > bash-2.05# grep ankerpos /usr/samba.moonrock/private/smbpasswd > ankerpos:921:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U > ]:LCT-0 > > bash-2.05# /usr/samba.moonrock/bin/smbpasswd -c /usr/samba.moonrock/lib/smb.conf > ankerpos > New SMB password: > > Retype new SMB password: > > bash-2.05# grep ankerpos /usr/samba.moonrock/private/smbpasswd > ankerpos:921:4CD849F7C109C5D7B85EBEA904A749B9:1CC6D72446271E9697044BC68DB72678:[U > ]:LCT-0 > > bash-2.05# smbclient -L moonrock.admin -U ankerpos > Password: > > session setup failed: NT_STATUS_LOGON_FAILURE > bash-2.05# grep ankerpos /usr/samba.moonrock/private/smbpasswd > ankerpos:921:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U > ]:LCT-0 > > smbd.conf (global section): > > [global] > printing = sysv > printcap name = /etc/printcap > load printers = yes > guest account = nobody > workgroup = WFW > os level = 33 > encrypt passwords = yes > security = user > preserve case = yes > hosts allow = ..... > log file = /var/samba.moonrock/log/smb/log.%m > log level = 3 > max log size = 500 > deadtime = 120 > dfree command=/usr/samba.moonrock/bin/dfree > server string > # character set = utf-8 > unix charset = UTF8 > # dos charset = cp850 > socket address = .... > interfaces = ce0 > bind interfaces only = yes > pid directory = /var/samba.moonrock/run > passdb backend = smbpasswd:/usr/samba.moonrock/private/smbpasswd > > > log.moonrock: > > [2005/01/19 18:02:31, 3] auth/auth.c:check_ntlm_password(219) > check_ntlm_password: Checking password for unmapped user > [WFW]\[ankerpos]@[MOONROCK] with the new password interface > [2005/01/19 18:02:31, 3] auth/auth.c:check_ntlm_password(222) > check_ntlm_password: mapped user is: [MOONROCK]\[ankerpos]@[MOONROCK] > [2005/01/19 18:02:31, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 > [2005/01/19 18:02:31, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 > [2005/01/19 18:02:31, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > [2005/01/19 18:02:31, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 > [2005/01/19 18:02:31, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 > [2005/01/19 18:02:31, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 > [2005/01/19 18:02:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 > [2005/01/19 18:02:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2005/01/19 18:02:31, 3] libsmb/ntlm_check.c:ntlm_password_check(189) > ntlm_password_check: NO NT password stored for user ankerpos. > [2005/01/19 18:02:31, 3] libsmb/ntlm_check.c:ntlm_password_check(356) > ntlm_password_check: NEITHER LanMan nor NT password supplied for user ankerpos > [2005/01/19 18:02:31, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 > [2005/01/19 18:02:31, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 > [2005/01/19 18:02:31, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > [2005/01/19 18:02:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2005/01/19 18:02:31, 2] auth/auth.c:check_ntlm_password(312) > check_ntlm_password: Authentication for user [ankerpos] -> [ankerpos] FAILED > with error NT_STATUS_WRONG_PASSWORD > [2005/01/19 18:02:31, 3] smbd/process.c:timeout_processing(1335) > timeout_processing: End of file from client (client has disconnected). > [2005/01/19 18:02:31, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2005/01/19 18:02:31, 2] smbd/server.c:exit_server(577) > Closing connections > [2005/01/19 18:02:31, 3] smbd/connection.c:yield_connection(69) > Yielding connection to > [2005/01/19 18:02:31, 3] smbd/server.c:exit_server(620) > Server exit (normal exit) > [2005/01/19 18:05:32, 3] auth/auth.c:check_ntlm_password(219) > check_ntlm_password: Checking password for unmapped user > [WFW]\[ankerpos]@[MOONROCK] with the new password interface > [2005/01/19 18:05:32, 3] auth/auth.c:check_ntlm_password(222) > check_ntlm_password: mapped user is: [MOONROCK]\[ankerpos]@[MOONROCK] > [2005/01/19 18:05:32, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 > [2005/01/19 18:05:32, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 > [2005/01/19 18:05:32, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > [2005/01/19 18:05:32, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 > [2005/01/19 18:05:32, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 > [2005/01/19 18:05:32, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 > [2005/01/19 18:05:32, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 > [2005/01/19 18:05:32, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2005/01/19 18:05:32, 3] libsmb/ntlm_check.c:ntlm_password_check(189) > ntlm_password_check: NO NT password stored for user ankerpos. > [2005/01/19 18:05:32, 3] libsmb/ntlm_check.c:ntlm_password_check(356) > ntlm_password_check: NEITHER LanMan nor NT password supplied for user ankerpos > [2005/01/19 18:05:32, 3] smbd/sec_ctx.c:push_sec_ctx(256) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 > [2005/01/19 18:05:32, 3] smbd/uid.c:push_conn_ctx(365) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 > [2005/01/19 18:05:32, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > [2005/01/19 18:05:32, 3] smbd/sec_ctx.c:pop_sec_ctx(386) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2005/01/19 18:05:32, 2] auth/auth.c:check_ntlm_password(312) > check_ntlm_password: Authentication for user [ankerpos] -> [ankerpos] FAILED > with error NT_STATUS_WRONG_PASSWORD > [2005/01/19 18:05:32, 3] smbd/process.c:timeout_processing(1335) > timeout_processing: End of file from client (client has disconnected). > [2005/01/19 18:05:32, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2005/01/19 18:05:32, 2] smbd/server.c:exit_server(577) > Closing connections > [2005/01/19 18:05:32, 3] smbd/connection.c:yield_connection(69) > Yielding connection to > [2005/01/19 18:05:32, 3] smbd/server.c:exit_server(620) > Server exit (normal exit) > > > > > > -- > -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- > Lieven Van Acker e-mail: Lieven.VanAcker@UGent.be > Directie ICT, Afdeling Infrastructuur > Groep Systemen tel: +32 9 264 4732 > Universiteit Gent fax: +32 9 264 4994 > Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be > -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- >-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Lieven Van Acker e-mail: Lieven.VanAcker@UGent.be Directie ICT, Afdeling Infrastructuur Groep Systemen tel: +32 9 264 4732 Universiteit Gent fax: +32 9 264 4994 Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Reasonably Related Threads
- samba bad password count reset between logins (not loaded from login_cache.tdb)
- Operation not permitted mounting samba-share via cifs
- nmblookup - windows 7 does not respond
- Samba 3.0.9 not authenticating completely
- samba 3.0.2a-Debian +ldapsam +smbldap-tools 3.0rc4-1= newly created users can't log in