From: Carlyle Sutphen on
Hello List.

We have a number of working ADS servers. One of out clients is not in the Kerberized domain so there users log in via NIS. Having looked at the options for enabling NIS authentication I have decided to use the smbpasswd. Now I can't get that to work.

After using smbpasswd to create two users, one created locally, in the /etc/passwd, and one that exists already in NIS. Not only can I not map the share to my XP workstation, as either user, I am unable to change the password.

I will include the failed password change and the server configuration followed by a log excerpt from the session.

Here is the location of the smbpasswd file:
# l /export/samba/var/private
total 40
drwxr-x--- 2 root system 512 Oct 09 10:17 .
drwxr-x--- 5 root system 512 Oct 07 18:13 ..
-rw------- 1 root system 8192 Oct 09 11:37 secrets.tdb
-rw------- 1 root system 325 Oct 09 09:44 smbpasswd

And:
# cat /export/samba/var/private/smbpasswd
nobody:4294967294:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[DU ]:LCT-00000000:
test:200:01FC5A6BE7BC6929AAD3B435B51404EE:0CB6948805F797BF2A82807973B89537:[U ]:LCT-4ACEE647:
zgunchr:2289386:01FC5A6BE7BC6929AAD3B435B51404EE:0CB6948805F797BF2A82807973B89537:[U ]:LCT-4ACEE9EC:

Now the failed smbpasswd session:
smbpasswd -r fracosmad3
Old SMB password:
New SMB password:
Retype new SMB password:
Could not connect to machine fracosmad3: NT_STATUS_LOGON_FAILURE
Failed to change password for test

The configuration:

[global]
security = USER
workgroup = GWG
wins server = fraeswwnp1.de.db.com,mhgeswwnp1.de.db.com
server string = GWG
dns proxy = no
encrypt passwords = yes
client ntlmv2 auth = yes
lanman auth = no
ntlm auth = no
deadtime = 5
hide dot files = yes
bind interfaces only = yes
max log size = 4096
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192
username map = /export/samba/etc/username.map
pid directory = /export/samba/var/locks
private dir = /export/samba/var/private
interfaces = 10.216.5.45
netbios name = fracosmad3
netbios aliases = GWG
log level = 3
log file = /export/samba/var/log/log.samba
nis homedir = no

[gwgro]
comment = GWG Read Only User
path = /home/gwgro
valid users = gwgro,test
read only = No
writable = yes

Log excerpt:
[2009/10/09 10:54:43, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/10/09 10:54:43, 3] smbd/sesssetup.c:reply_sesssetup_and_X(822)
wct=12 flg2=0xc801
[2009/10/09 10:54:43, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(633)
Doing spnego session setup
[2009/10/09 10:54:43, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(664)
NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[]
[2009/10/09 10:54:43, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(662)
Got user=[test] domain=[] workstation=[FRACOSMAD3] len1=24 len2=24
[2009/10/09 10:54:43, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user []\[test]@[FRACOSMAD3] with the new password interface
[2009/10/09 10:54:43, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [FRACOSMAD3]\[test]@[FRACOSMAD3]
[2009/10/09 10:54:43, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/10/09 10:54:43, 3] smbd/uid.c:push_conn_ctx(393)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/10/09 10:54:43, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/10/09 10:54:43, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2009/10/09 10:54:43, 3] smbd/uid.c:push_conn_ctx(393)
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2009/10/09 10:54:43, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2009/10/09 10:54:43, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/10/09 10:54:43, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/10/09 10:54:43, 2] libsmb/ntlm_check.c:ntlm_password_check(349)
ntlm_password_check: NTLMv1 passwords NOT PERMITTED for user test
[2009/10/09 10:54:43, 3] libsmb/ntlm_check.c:ntlm_password_check(356)
ntlm_password_check: NEITHER LanMan nor NT password supplied for user test
[2009/10/09 10:54:43, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/10/09 10:54:43, 3] smbd/uid.c:push_conn_ctx(393)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/10/09 10:54:43, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/10/09 10:54:43, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/10/09 10:54:43, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2009/10/09 10:54:43, 3] smbd/uid.c:push_conn_ctx(393)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2009/10/09 10:54:43, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2009/10/09 10:54:43, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/10/09 10:54:43, 2] auth/auth.c:check_ntlm_password(317)
check_ntlm_password: Authentication for user [test] -> [test] FAILED with error NT_STATUS_WRONG_PASSWORD
[2009/10/09 10:54:43, 3] smbd/process.c:timeout_processing(1447)
timeout_processing: End of file from client (client has disconnected).
[2009/10/09 10:54:43, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2009/10/09 10:54:43, 2] smbd/server.c:exit_server(614)
Closing connections
[2009/10/09 10:54:43, 3] smbd/connection.c:yield_connection(69)
Yielding connection to
[2009/10/09 10:54:43, 3] smbd/server.c:exit_server(655)
Server exit (normal exit)

--

Informationen (einschließlich Pflichtangaben) zu einzelnen, innerhalb der EU tätigen Gesellschaften und Zweigniederlassungen des Konzerns Deutsche Bank finden Sie unter http://www.db.com/de/content/pflichtangaben.htm. Diese E-Mail enthält vertrauliche und/ oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.

Please refer to http://www.db.com/en/content/eu_disclosures.htm for information (including mandatory corporate particulars) on selected Deutsche Bank branches and group companies registered or incorporated in the European Union. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba