ClearOS Bug Tracker


View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001348ClearOSapp-samba - Windows Networkingpublic2013-09-25 23:522013-12-20 13:33
Reporterdloper 
Assigned Todloper 
PrioritylowSeverityminorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version6.4.0 
Target Version6.4.0 Beta 2Fixed in Version6.5.0 Beta 2 
Summary0001348: Samba change password facility dysfunctional
DescriptionPassword changes invoked from windows workstations fail but succeed. When a user issues a CTRL+ALT+DEL in order to change their password, Windows will report that the password change fails but it actually succeeds.
Steps To ReproduceJoin a workstation to the domain. Set up a test user and log into the workstation using the domain user account. Attempt to change the password via Ctrl+Alt+Del. Password will report failure. Log off and log back in with the password that reported failed.
Additional InformationWith this log snippet you can see that the password script executes normally, then samba tries to further change the password in LDAP.

[2013/09/25 23:37:50.386820, 3] rpc_server/samr/srv_samr_chgpasswd.c:496(chat_with_program)
  chat_with_program: Password change successful for user testuser
[2013/09/25 23:37:50.387011, 4] smbd/sec_ctx.c:214(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3
[2013/09/25 23:37:50.387092, 4] smbd/uid.c:460(push_conn_ctx)
  push_conn_ctx(102) : conn_ctx_stack_ndx = 1
[2013/09/25 23:37:50.387153, 4] smbd/sec_ctx.c:314(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3
[2013/09/25 23:37:50.387213, 5] ../libcli/security/security_token.c:53(security_token_debug)
  Security token: (NULL)
[2013/09/25 23:37:50.387291, 5] auth/token_util.c:527(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2013/09/25 23:37:50.387434, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2
[2013/09/25 23:37:50.387533, 4] passdb/pdb_ldap.c:1997(ldapsam_update_sam_account)
  ldapsam_update_sam_account: user testuser to be modified has dn: cn=Test User,ou=Users,ou=Accounts,dc=daveloper,dc=net
[2013/09/25 23:37:50.387600, 2] passdb/pdb_ldap.c:1180(init_ldap_from_sam)
  init_ldap_from_sam: Setting entry for user: testuser
[2013/09/25 23:37:50.387667, 4] smbd/sec_ctx.c:214(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3
[2013/09/25 23:37:50.387728, 4] smbd/uid.c:460(push_conn_ctx)
  push_conn_ctx(102) : conn_ctx_stack_ndx = 1
[2013/09/25 23:37:50.387788, 4] smbd/sec_ctx.c:314(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3
[2013/09/25 23:37:50.387849, 5] ../libcli/security/security_token.c:53(security_token_debug)
  Security token: (NULL)
[2013/09/25 23:37:50.387908, 5] auth/token_util.c:527(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2013/09/25 23:37:50.388019, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2
[2013/09/25 23:37:50.388094, 10] lib/smbldap.c:274(smbldap_get_single_attribute)
  smbldap_get_single_attribute: [sambaLMPassword] = [<does not exist>]
[2013/09/25 23:37:50.388171, 10] lib/smbldap.c:682(smbldap_make_mod_internal)
smbldap_make_mod: deleting attribute |sambaNTPassword| values |9BEC6D3FF69894218A7265152A896CE1|
[2013/09/25 23:37:50.388236, 10] lib/smbldap.c:698(smbldap_make_mod_internal)
  smbldap_make_mod: adding attribute |sambaNTPassword| value |E4A96A8E11203C887A6543549B9DC87F|
[2013/09/25 23:37:50.388323, 4] smbd/sec_ctx.c:214(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3
[2013/09/25 23:37:50.388385, 4] smbd/uid.c:460(push_conn_ctx)
  push_conn_ctx(102) : conn_ctx_stack_ndx = 1
[2013/09/25 23:37:50.388445, 4] smbd/sec_ctx.c:314(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3
[2013/09/25 23:37:50.388506, 5] ../libcli/security/security_token.c:53(security_token_debug)
  Security token: (NULL)
[2013/09/25 23:37:50.388566, 5] auth/token_util.c:527(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2013/09/25 23:37:50.388676, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2
[2013/09/25 23:37:50.388805, 10] lib/smbldap.c:274(smbldap_get_single_attribute)
  smbldap_get_single_attribute: [sambaPasswordHistory] = [<does not exist>]
[2013/09/25 23:37:50.388866, 10] lib/smbldap.c:698(smbldap_make_mod_internal)
  smbldap_make_mod: adding attribute |sambaPasswordHistory| value (snip)
[2013/09/25 23:37:50.388949, 10] lib/smbldap.c:682(smbldap_make_mod_internal)
  smbldap_make_mod: deleting attribute |sambaPwdLastSet| values |1380171167|
[2013/09/25 23:37:50.389015, 10] lib/smbldap.c:698(smbldap_make_mod_internal)
  smbldap_make_mod: adding attribute |sambaPwdLastSet| value |1380173870|
[2013/09/25 23:37:50.389083, 5] lib/smbldap.c:1636(smbldap_modify)
  smbldap_modify: dn => [cn=Test User,ou=Users,ou=Accounts,dc=daveloper,dc=net]
[2013/09/25 23:37:50.389614, 10] lib/smbldap.c:1656(smbldap_modify)
  Failed to modify dn: cn=Test User,ou=Users,ou=Accounts,dc=daveloper,dc=net, error: 16 (No such attribute) (modify/delete: sambaNTPassword: no such value)
[2013/09/25 23:37:50.389746, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
  pop_sec_ctx (353, 63000) - sec_ctx_stack_ndx = 1
[2013/09/25 23:37:50.389822, 5] rpc_server/samr/srv_samr_nt.c:1862(_samr_ChangePasswordUser2)
  _samr_ChangePasswordUser2: 1862
[2013/09/25 23:37:50.389884, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug)
       samr_ChangePasswordUser2: struct samr_ChangePasswordUser2
          out: struct samr_ChangePasswordUser2
              result : NT_STATUS_UNSUCCESSFUL
[2013/09/25 23:37:50.390021, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP)
  api_rpcTNP: called \samr successfully
[2013/09/25 23:37:50.390110, 4] smbd/sec_ctx.c:422(pop_sec_ctx)
  pop_sec_ctx (353, 63000) - sec_ctx_stack_ndx = 0
[2013/09/25 23:37:50.390177, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe)
  write_to_pipe: data_used = 1200
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0001028)
dloper (administrator)
2013-09-26 00:08

dn: cn=Test User,ou=Users,ou=Accounts,dc=daveloper,dc=net
uidNumber: 1008
loginShell: /sbin/nologin
gidNumber: 63000
homeDirectory: /home/testuser
clearAccountStatus: enabled
sambaSID: S-1-5-21-xxxxxxxxx-xxxxxxxxx-xxxxxxxxx-1008
sambaAcctFlags: [U ]
sambaPrimaryGroupSID: S-1-5-21-xxxxxxxxx-xxxxxxxxx-xxxxxxxxx-513
sambaDomainName: DAVELOPER
sambaBadPasswordCount: 0
sambaBadPasswordTime: 0
structuralObjectClass: inetOrgPerson
entryUUID: 74138284-9a09-1032-9c29-f7109b2414a9
creatorsName: cn=manager,ou=Internal,dc=daveloper,dc=net
createTimestamp: 20130815151650Z
memberOf: cn=allusers,ou=Groups,ou=Accounts,dc=daveloper,dc=net
memberOf: cn=domain_users,ou=Groups,ou=Accounts,dc=daveloper,dc=net
memberOf: cn=testgroup,ou=Groups,ou=Accounts,dc=daveloper,dc=net
uid: testuser
givenName: Test
sn: User
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: clearAccount
objectClass: sambaSamAccount
objectClass: zarafa-user
objectClass: clearMailAccount
cn: Test User
zarafaAccount: 0
zarafaAdmin: 0
zarafaQuotaHard: 10000
zarafaQuotaOverride: 1
zarafaQuotaWarn: 9000
zarafaQuotaSoft: 9500
mail: testuser@example.daveloper.net
userPassword:: e3NoYX1IT2RpdUQ3N05DWlIrb2ZzYUVCK0gvRVo1aDg9
clearSHAPassword: {sha}HOdiuD77NCZR+ofsaEB+H/EZ5h8=
clearSHA1Password: 1ce762b83efb342651fa87ec68407e1ff119e61f
clearMicrosoftNTPassword: E4A96A8E11203C887A6543549B9DC87F
sambaNTPassword: E4A96A8E11203C887A6543549B9DC87F
sambaPwdLastSet: 1380173870
pwdChangedTime: 20130926053750Z
entryCSN: 20130926053750.126697Z#000000#000#000000
modifiersName: cn=manager,ou=Internal,dc=daveloper,dc=net
modifyTimestamp: 20130926053750Z
(0001029)
dloper (administrator)
2013-09-26 08:52

Commenting the following line in '/etc/samba/smb.conf' seems to do the trick:

#unix password sync = Yes
(0001030)
user2
2013-09-26 11:10

Source Code Changelog
---------------------------------------------------
- Removed unix password sync [tracker 0001348]

File Changes
---------------------------------------------------
Details: http://code.clearfoundation.com/svn/revision.php?repname=ClearOS&rev=6530 [^]
U webconfig/apps/samba/trunk/deploy/smb.conf

- Issue History
Date Modified Username Field Change
2013-09-25 23:52 dloper New Issue
2013-09-25 23:52 dloper Status new => assigned
2013-09-25 23:52 dloper Assigned To => dloper
2013-09-26 00:08 dloper Note Added: 0001028
2013-09-26 08:52 dloper Note Added: 0001029
2013-09-26 11:10 user2 Checkin
2013-09-26 11:10 user2 Note Added: 0001030
2013-09-26 11:10 user2 Status assigned => resolved
2013-09-26 11:10 user2 Fixed in Version => 6.5.0 Beta 2
2013-09-26 11:10 user2 Resolution open => fixed
2013-09-26 11:11 user2 Additional Information Updated View Revisions
2013-12-20 13:33 user2 Status resolved => closed