samba - May 2019 - ldapsam cannot find NT password hash

Hello!

I've been digging at this one for several days now, and haven't been
able to figure out what's going on. Google searches haven't been
particularly helpful, so maybe I am searching the wrong words.

My LDAP server has the proper schema, and I have an attribute for my
user: https://imgur.com/VRbM7s9 (yeah I know the password hash is there,
but I don't care, because this won't exist)

It shows up in pdbedit -L

root at freenas[~]# pdbedit -L
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
lp_load_ex: refreshing parameters
Initialising global parameters
Processing section "[global]"
smbldap_search_domain_info: Searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=NOSGOTH))]
StartTLS issued: using a TLS connection
smbldap_open_connection: connection opened
ldap_connect_system: successful connection to the LDAP server
smbldap_search_paged: base => [dc=dark,dc=kow,dc=is], filter =>
[(&(uid=*)(objectclass=sambaSamAccount))],scope => [2], pagesize =>
[1000]
smbldap_search_paged: search was successful
nobody:65534:Unprivileged user
init_sam_from_ldap: Entry found for user: Administrator
Administrator:90000002:Administrator
init_sam_from_ldap: Entry found for user: dkowis
dkowis:10001:David
init_sam_from_ldap: Entry found for user: butts
butts:90000004:butts <-- this one

However, the NtPassword hash does not show up in pdbedit -L -vw

init_sam_from_ldap: Entry found for user: butts
---------------
Unix username:        butts
NT username:          butts
Account Flags:        [U          ]
User SID:             S-1-5-21-3154784271-1170687896-3522057148-1005
Primary Group SID:    S-1-5-21-3154784271-1170687896-3522057148-513
Full Name:            butts
Home Directory:       \\freenas\butts
HomeDir Drive:
Logon Script:
Profile Path:         \\freenas\butts\profile
Domain:               NOSGOTH
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          never
Kickoff time:         never
Password last set:    0
Password can change:  0
Password must change: 0
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
LM hash             : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
NT hash             : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX


All authentication attempts either from windows or from linux smbclient
result in NT_STATUS_WRONG_PASSWORD
Logs: https://hastebin.com/cexudifino.js (ignore the silly extensions)

I'm very confused as to what's going on. When I debug my LDAP server, I
never see a query to load the NT password hash, but I do see attribute
requests for all the other elements here.

I'm hoping that this is a simple configuration problem, but I'm not
sure.

Running on FreeNAS 11 and my smb.conf (via testparm -v) is here
https://termbin.com/v748

Thanks in advance for your help!

--
David Kowis

On 25/05/2019 19:29, David Kowis via samba wrote:
> Hello!
>
> Running on FreeNAS 11 and my smb.conf (via testparm -v) is here
> https://termbin.com/v748
Do you want try again posting the smb.conf, but this time run 'testparm'
without the '-v' or better still 'cat /path/to/your/smb.conf'

Rowland

Certainly: https://termbin.com/wr68

Thanks again!

On 5/25/19 2:16 PM, Rowland penny via samba wrote:
> On 25/05/2019 19:29, David Kowis via samba wrote:
>> Hello!
>>
>> Running on FreeNAS 11 and my smb.conf (via testparm -v) is here
>> https://termbin.com/v748
> 
> Do you want try again posting the smb.conf, but this time run
'testparm'
> without the '-v' or better still 'cat
/path/to/your/smb.conf'
> 
> Rowland
> 
> 
>