Marshall Herington
2005-Feb-23 18:58 UTC
[Samba] pdbedit -Lw reports "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" for password
I've searched google and the samba archives to no avail (appologies if
I've missed something), so I will ask the community directly:
I am trying to convert a fully populated smbpasswd file to the tdbsam backend:
# pdbedit -i smbpasswd:./smbpasswd -e tdbsam:./passdb.tdb
This seems to work, on the surface, but upon inspection I find that
# pdbedit -Lw username
username:1234:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[DU
]:LCT-00000000:
or somesuch. username does exist in /etc/passwd and /etc/shadow, but
is not allowed shell access.
So, two problems; the NT/samba passwords are not being migrated, and
the accounts are all being set to disabled (user and workstation
accounts). This is on a RedHat 3.0ES running samba 3.0.9-1.3E.2.
I've also built and installed in /usr/local/samba the very latest
3.0.11. Both versions (using correct absolute paths to the binaries)
produce the same result. Any insight on what is happening or what I
might be doing wrong would be greatly appreciated.
Marshall
My smb.conf contains the following:
[global]
netbios name = SERVER
workgroup = HQ
server string = HQ File Server
wins server = 192.168.1.253
os level = 40
preferred master = yes
domain master = yes
domain logons = yes
local master = yes
encrypt passwords = yes
security = user
log level = 3
log file = /var/log/samba/%m.log
max log size = 150
logon path logon home logon drive = T:
logon script = scripts\logon.bat
printing = cups
printcap = cups
show add printer wizard = Yes
printer admin = root
passdb backend = tdbsam, smbpasswd
username map = /etc/smbusers
map acl inherit = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*Password* %n\n *Retype*new*password* %n\n
*Passwd*successfully*
add user script = /usr/sbin/useradd -d /svrhome/user/%u -m %u
delete user script = /usr/sbin/userdel -r %u
; add group script = /usr/sbin/groupadd %g
add group script = /etc/samba/smbgrpadd.sh %g
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/usermod -G %g %u
add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null -g 515 -M %u
guest account = nobody
admin users = root
Andrew Bartlett
2005-Feb-24 00:43 UTC
[Samba] pdbedit -Lw reports "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" for password
On Wed, 2005-02-23 at 13:57 -0500, Marshall Herington wrote:> I've searched google and the samba archives to no avail (appologies if > I've missed something), so I will ask the community directly: > > I am trying to convert a fully populated smbpasswd file to the tdbsam backend: > > # pdbedit -i smbpasswd:./smbpasswd -e tdbsam:./passdb.tdb > > This seems to work, on the surface, but upon inspection I find that > > # pdbedit -Lw username > > username:1234:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[DU > ]:LCT-00000000:The LCT-00000 is the giveaway - this is an invalid last-change-time, and Samba uses this as a key to disable the account, and wipe the password. See the Samba 3.0.2a release notes. Grab your copy of emacs, and if these accounts really should have passwords, just set the LCT value to anything other than 0 (ie 1). Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20050224/465ac73a/attachment.bin