Anonymous | Login | 2024-11-21 01:36 MST |
Main | My View | View Issues | Change Log | Roadmap | Repositories |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||
0001348 | ClearOS | app-samba - Windows Networking | public | 2013-09-25 23:52 | 2013-12-20 13:33 | ||||
Reporter | dloper | ||||||||
Assigned To | dloper | ||||||||
Priority | low | Severity | minor | Reproducibility | always | ||||
Status | closed | Resolution | fixed | ||||||
Platform | OS | OS Version | |||||||
Product Version | 6.4.0 | ||||||||
Target Version | 6.4.0 Beta 2 | Fixed in Version | 6.5.0 Beta 2 | ||||||
Summary | 0001348: Samba change password facility dysfunctional | ||||||||
Description | Password changes invoked from windows workstations fail but succeed. When a user issues a CTRL+ALT+DEL in order to change their password, Windows will report that the password change fails but it actually succeeds. | ||||||||
Steps To Reproduce | Join a workstation to the domain. Set up a test user and log into the workstation using the domain user account. Attempt to change the password via Ctrl+Alt+Del. Password will report failure. Log off and log back in with the password that reported failed. | ||||||||
Additional Information | With this log snippet you can see that the password script executes normally, then samba tries to further change the password in LDAP. [2013/09/25 23:37:50.386820, 3] rpc_server/samr/srv_samr_chgpasswd.c:496(chat_with_program) chat_with_program: Password change successful for user testuser [2013/09/25 23:37:50.387011, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/09/25 23:37:50.387092, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(102) : conn_ctx_stack_ndx = 1 [2013/09/25 23:37:50.387153, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/09/25 23:37:50.387213, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/09/25 23:37:50.387291, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/09/25 23:37:50.387434, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/09/25 23:37:50.387533, 4] passdb/pdb_ldap.c:1997(ldapsam_update_sam_account) ldapsam_update_sam_account: user testuser to be modified has dn: cn=Test User,ou=Users,ou=Accounts,dc=daveloper,dc=net [2013/09/25 23:37:50.387600, 2] passdb/pdb_ldap.c:1180(init_ldap_from_sam) init_ldap_from_sam: Setting entry for user: testuser [2013/09/25 23:37:50.387667, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/09/25 23:37:50.387728, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(102) : conn_ctx_stack_ndx = 1 [2013/09/25 23:37:50.387788, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/09/25 23:37:50.387849, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/09/25 23:37:50.387908, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/09/25 23:37:50.388019, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/09/25 23:37:50.388094, 10] lib/smbldap.c:274(smbldap_get_single_attribute) smbldap_get_single_attribute: [sambaLMPassword] = [<does not exist>] [2013/09/25 23:37:50.388171, 10] lib/smbldap.c:682(smbldap_make_mod_internal) smbldap_make_mod: deleting attribute |sambaNTPassword| values |9BEC6D3FF69894218A7265152A896CE1| [2013/09/25 23:37:50.388236, 10] lib/smbldap.c:698(smbldap_make_mod_internal) smbldap_make_mod: adding attribute |sambaNTPassword| value |E4A96A8E11203C887A6543549B9DC87F| [2013/09/25 23:37:50.388323, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2013/09/25 23:37:50.388385, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(102) : conn_ctx_stack_ndx = 1 [2013/09/25 23:37:50.388445, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2013/09/25 23:37:50.388506, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2013/09/25 23:37:50.388566, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2013/09/25 23:37:50.388676, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2013/09/25 23:37:50.388805, 10] lib/smbldap.c:274(smbldap_get_single_attribute) smbldap_get_single_attribute: [sambaPasswordHistory] = [<does not exist>] [2013/09/25 23:37:50.388866, 10] lib/smbldap.c:698(smbldap_make_mod_internal) smbldap_make_mod: adding attribute |sambaPasswordHistory| value (snip) [2013/09/25 23:37:50.388949, 10] lib/smbldap.c:682(smbldap_make_mod_internal) smbldap_make_mod: deleting attribute |sambaPwdLastSet| values |1380171167| [2013/09/25 23:37:50.389015, 10] lib/smbldap.c:698(smbldap_make_mod_internal) smbldap_make_mod: adding attribute |sambaPwdLastSet| value |1380173870| [2013/09/25 23:37:50.389083, 5] lib/smbldap.c:1636(smbldap_modify) smbldap_modify: dn => [cn=Test User,ou=Users,ou=Accounts,dc=daveloper,dc=net] [2013/09/25 23:37:50.389614, 10] lib/smbldap.c:1656(smbldap_modify) Failed to modify dn: cn=Test User,ou=Users,ou=Accounts,dc=daveloper,dc=net, error: 16 (No such attribute) (modify/delete: sambaNTPassword: no such value) [2013/09/25 23:37:50.389746, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (353, 63000) - sec_ctx_stack_ndx = 1 [2013/09/25 23:37:50.389822, 5] rpc_server/samr/srv_samr_nt.c:1862(_samr_ChangePasswordUser2) _samr_ChangePasswordUser2: 1862 [2013/09/25 23:37:50.389884, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) samr_ChangePasswordUser2: struct samr_ChangePasswordUser2 out: struct samr_ChangePasswordUser2 result : NT_STATUS_UNSUCCESSFUL [2013/09/25 23:37:50.390021, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \samr successfully [2013/09/25 23:37:50.390110, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (353, 63000) - sec_ctx_stack_ndx = 0 [2013/09/25 23:37:50.390177, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 1200 | ||||||||
Tags | No tags attached. | ||||||||
Attached Files | |||||||||
Notes | |
(0001028) dloper (administrator) 2013-09-26 00:08 |
dn: cn=Test User,ou=Users,ou=Accounts,dc=daveloper,dc=net uidNumber: 1008 loginShell: /sbin/nologin gidNumber: 63000 homeDirectory: /home/testuser clearAccountStatus: enabled sambaSID: S-1-5-21-xxxxxxxxx-xxxxxxxxx-xxxxxxxxx-1008 sambaAcctFlags: [U ] sambaPrimaryGroupSID: S-1-5-21-xxxxxxxxx-xxxxxxxxx-xxxxxxxxx-513 sambaDomainName: DAVELOPER sambaBadPasswordCount: 0 sambaBadPasswordTime: 0 structuralObjectClass: inetOrgPerson entryUUID: 74138284-9a09-1032-9c29-f7109b2414a9 creatorsName: cn=manager,ou=Internal,dc=daveloper,dc=net createTimestamp: 20130815151650Z memberOf: cn=allusers,ou=Groups,ou=Accounts,dc=daveloper,dc=net memberOf: cn=domain_users,ou=Groups,ou=Accounts,dc=daveloper,dc=net memberOf: cn=testgroup,ou=Groups,ou=Accounts,dc=daveloper,dc=net uid: testuser givenName: Test sn: User objectClass: top objectClass: posixAccount objectClass: shadowAccount objectClass: inetOrgPerson objectClass: clearAccount objectClass: sambaSamAccount objectClass: zarafa-user objectClass: clearMailAccount cn: Test User zarafaAccount: 0 zarafaAdmin: 0 zarafaQuotaHard: 10000 zarafaQuotaOverride: 1 zarafaQuotaWarn: 9000 zarafaQuotaSoft: 9500 mail: testuser@example.daveloper.net userPassword:: e3NoYX1IT2RpdUQ3N05DWlIrb2ZzYUVCK0gvRVo1aDg9 clearSHAPassword: {sha}HOdiuD77NCZR+ofsaEB+H/EZ5h8= clearSHA1Password: 1ce762b83efb342651fa87ec68407e1ff119e61f clearMicrosoftNTPassword: E4A96A8E11203C887A6543549B9DC87F sambaNTPassword: E4A96A8E11203C887A6543549B9DC87F sambaPwdLastSet: 1380173870 pwdChangedTime: 20130926053750Z entryCSN: 20130926053750.126697Z#000000#000#000000 modifiersName: cn=manager,ou=Internal,dc=daveloper,dc=net modifyTimestamp: 20130926053750Z |
(0001029) dloper (administrator) 2013-09-26 08:52 |
Commenting the following line in '/etc/samba/smb.conf' seems to do the trick: #unix password sync = Yes |
(0001030) user2 2013-09-26 11:10 |
Source Code Changelog --------------------------------------------------- - Removed unix password sync [tracker 0001348] File Changes --------------------------------------------------- Details: http://code.clearfoundation.com/svn/revision.php?repname=ClearOS&rev=6530 [^] U webconfig/apps/samba/trunk/deploy/smb.conf |
Issue History | |||
Date Modified | Username | Field | Change |
2013-09-25 23:52 | dloper | New Issue | |
2013-09-25 23:52 | dloper | Status | new => assigned |
2013-09-25 23:52 | dloper | Assigned To | => dloper |
2013-09-26 00:08 | dloper | Note Added: 0001028 | |
2013-09-26 08:52 | dloper | Note Added: 0001029 | |
2013-09-26 11:10 | user2 | Checkin | |
2013-09-26 11:10 | user2 | Note Added: 0001030 | |
2013-09-26 11:10 | user2 | Status | assigned => resolved |
2013-09-26 11:10 | user2 | Fixed in Version | => 6.5.0 Beta 2 |
2013-09-26 11:10 | user2 | Resolution | open => fixed |
2013-09-26 11:11 | user2 | Additional Information Updated | View Revisions |
2013-12-20 13:33 | user2 | Status | resolved => closed |