Web lists-archives.com

Re: [Samba] Inconsistency with LANMAN1 and Samba 4.9





On 31.05.19 22:07, Andrew Bartlett wrote:
On Fri, 2019-05-31 at 11:40 -0700, Jeremy Allison via samba wrote:
On Fri, May 31, 2019 at 07:09:44PM +0200, Andreas Reichel wrote:
When adding me as the user with 'smbpasswd -a andreas', and entering a password,
no LANMAN hash is generated. The generated smbpasswd entry always contains 32 X as the first hash.

When I do the same with Samba 4.3.11-Ubuntu, the hash IS generated correctly.

When I manually add the hash in 4.9.4, I still cannot connect from Win 3.11 and always get access denied.

In 4.3.11, it works flawlessly, I can connect from Windows 3.11 without any problem.

Question: Is this intended? And if yes, why are there all these options still settable?
You may be running into this code in passdb:

bool pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext)
{
...
          if (!E_deshash(plaintext, new_lanman_p16)) {
                  /* E_deshash returns false for 'long' passwords (> 14
                     DOS chars).  This allows us to match Win2k, which
                     does not store a LM hash for these passwords (which
                     would reduce the effective password length to 14 */

                  if (!pdb_set_lanman_passwd (sampass, NULL, PDB_CHANGED))
                          return False;
          } else {
                  if (!pdb_set_lanman_passwd (sampass, new_lanman_p16, PDB_CHANGED))
                          return False;
          }
...

Is the password greater that 14 characters ? If so, looks like
we won't store it.
No, it has 8 characters. And I tried to enter the hash manually into the
smbpasswd, which didn't work either. It is as if samba 4.9.4 would
ignore lanman completely.
Hmmm. Sounds like a bug. Are you able to use gdb to
walk through the call stack to debug ?

If not someone here will do it, but you might have
to wait a while (log a bug at bugzilla.samba.org
so we can track it) as getting LANMAN auth working
is low priority (it's completely insecure I'm afraid).
We honour 'lanman auth' and don't store it if set, but that much has
been the same for a long time, but if the hash is being injected
manually that won't be it.

It might be further up the stack, like requirements for SPNEGO, ntlmv2
etc.

Andreas,

Can you post your smb.conf and check your logs for helpful messages?
(turn up the log level until you get some).

Thanks,

Andrew Bartlett

Hi Andrew, I have already posted my config :) As a first step, I think
we have to understand why

smbpasswd does not generate the hash on 4.9.4 but does it on 4.3.11.


The Debug output on version 4.9.4 is:

*************************************************

sudo smbpasswd -D 10 -a andreas
INFO: Current debug levels:
  all: 10
  tdb: 10
  printdrivers: 10
  lanman: 10
  smb: 10
  rpc_parse: 10
  rpc_srv: 10
  rpc_cli: 10
  passdb: 10
  sam: 10
  auth: 10
  winbind: 10
  vfs: 10
  idmap: 10
  quota: 10
  acls: 10
  locking: 10
  msdfs: 10
  dmapi: 10
  registry: 10
  scavenger: 10
  dns: 10
  ldb: 10
  tevent: 10
  auth_audit: 10
  auth_json_audit: 10
  kerberos: 10
  drs_repl: 10
  smb2: 10
  smb2_credits: 10
  dsdb_audit: 10
  dsdb_json_audit: 10
  dsdb_password_audit: 10
  dsdb_password_json_audit: 10
  dsdb_transaction_audit: 10
  dsdb_transaction_json_audit: 10
  dsdb_group_audit: 10
  dsdb_group_json_audit: 10
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
  all: 10
  tdb: 10
  printdrivers: 10
  lanman: 10
  smb: 10
  rpc_parse: 10
  rpc_srv: 10
  rpc_cli: 10
  passdb: 10
  sam: 10
  auth: 10
  winbind: 10
  vfs: 10
  idmap: 10
  quota: 10
  acls: 10
  locking: 10
  msdfs: 10
  dmapi: 10
  registry: 10
  scavenger: 10
  dns: 10
  ldb: 10
  tevent: 10
  auth_audit: 10
  auth_json_audit: 10
  kerberos: 10
  drs_repl: 10
  smb2: 10
  smb2_credits: 10
  dsdb_audit: 10
  dsdb_json_audit: 10
  dsdb_password_audit: 10
  dsdb_password_json_audit: 10
  dsdb_transaction_audit: 10
  dsdb_transaction_json_audit: 10
  dsdb_group_audit: 10
  dsdb_group_json_audit: 10
Processing section "[global]"
doing parameter workgroup = HOMEBASE
doing parameter netbios name = Orcane
doing parameter wins support = Yes
doing parameter client signing = No
doing parameter domain master = No
doing parameter lanman auth = Yes
doing parameter log file = /var/log/samba/%m.log
doing parameter max log size = 50
doing parameter name resolve order = host lmhosts wins bcast
doing parameter passdb backend = smbpasswd
doing parameter preferred master = Yes
doing parameter security = USER
doing parameter server signing = No
doing parameter server string = Orcane Cortex Gateway
doing parameter smb passwd file = /etc/samba/smbpasswd
pm_process() returned Yes
lp_servicenumber: couldn't find homes
messaging_dgm_ref: messaging_dgm_init returned Erfolg
messaging_dgm_ref: unique = 77100529419162899
Registering messaging pointer for type 2 - private_data=(nil)
Registering messaging pointer for type 9 - private_data=(nil)
Registered MSG_REQ_POOL_USAGE
Registering messaging pointer for type 11 - private_data=(nil)
Registering messaging pointer for type 12 - private_data=(nil)
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Registering messaging pointer for type 1 - private_data=(nil)
Registering messaging pointer for type 5 - private_data=(nil)
Registering messaging pointer for type 51 - private_data=(nil)
messaging_init_internal: my id: 16972
lp_load_ex: refreshing parameters
Freeing parametrics:
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
  all: 10
  tdb: 10
  printdrivers: 10
  lanman: 10
  smb: 10
  rpc_parse: 10
  rpc_srv: 10
  rpc_cli: 10
  passdb: 10
  sam: 10
  auth: 10
  winbind: 10
  vfs: 10
  idmap: 10
  quota: 10
  acls: 10
  locking: 10
  msdfs: 10
  dmapi: 10
  registry: 10
  scavenger: 10
  dns: 10
  ldb: 10
  tevent: 10
  auth_audit: 10
  auth_json_audit: 10
  kerberos: 10
  drs_repl: 10
  smb2: 10
  smb2_credits: 10
  dsdb_audit: 10
  dsdb_json_audit: 10
  dsdb_password_audit: 10
  dsdb_password_json_audit: 10
  dsdb_transaction_audit: 10
  dsdb_transaction_json_audit: 10
  dsdb_group_audit: 10
  dsdb_group_json_audit: 10
Processing section "[global]"
doing parameter workgroup = HOMEBASE
doing parameter netbios name = Orcane
doing parameter wins support = Yes
doing parameter client signing = No
doing parameter domain master = No
doing parameter lanman auth = Yes
doing parameter log file = /var/log/samba/%m.log
doing parameter max log size = 50
doing parameter name resolve order = host lmhosts wins bcast
doing parameter passdb backend = smbpasswd
doing parameter preferred master = Yes
doing parameter security = USER
doing parameter server signing = No
doing parameter server string = Orcane Cortex Gateway
doing parameter smb passwd file = /etc/samba/smbpasswd
pm_process() returned Yes
lp_servicenumber: couldn't find homes
Netbios name list:-
my_netbios_names[0]="ORCANE"
Attempting to register passdb backend samba_dsdb
Successfully added passdb backend 'samba_dsdb'
Attempting to register passdb backend samba4
Successfully added passdb backend 'samba4'
Attempting to find a passdb backend to match smbpasswd (smbpasswd)
No builtin backend found, trying to load plugin
load_module_absolute_path: Probing module '/usr/lib/samba/pdb/smbpasswd.so'
load_module_absolute_path: Module '/usr/lib/samba/pdb/smbpasswd.so' loaded
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Found pdb backend smbpasswd
pdb backend smbpasswd has a valid init
New SMB password:
Retype new SMB password:
getsampwnam (smbpasswd): search by name: andreas
startsmbfilepwent_internal: opening file /etc/samba/smbpasswd
getsmbfilepwent: end of file reached.
endsmbfilepwent_internal: closed password file.
Finding user andreas
Trying _Get_Pwnam(), username as lowercase is andreas
Get_Pwnam_internals did find user [andreas]!
pdb_set_username: setting username andreas, was
pdb_set_full_name: setting full name , was
pdb_set_domain: setting domain ORCANE, was
Home server: orcane
pdb_set_profile_path: setting profile path \\orcane\andreas\profile, was
Home server: orcane
pdb_set_homedir: setting home dir \\orcane\andreas, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
pdb_set_user_sid: setting user sid
S-1-5-21-2045757840-2064742327-2345991121-3000
pdb_set_user_sid_from_rid:
    setting user sid S-1-5-21-2045757840-2064742327-2345991121-3000
from rid 3000
pdb_set_username: setting username andreas, was andreas
startsmbfilepwent_internal: opening file /etc/samba/smbpasswd
getsmbfilepwent: end of file reached.
endsmbfilepwent_internal: closed password file.
getsampwnam (smbpasswd): search by name: andreas
startsmbfilepwent_internal: opening file /etc/samba/smbpasswd
getsmbfilepwent: LM password for user andreas invalidated
getsmbfilepwent: returning passwd entry for user andreas, uid 1000
endsmbfilepwent_internal: closed password file.
getsampwnam (smbpasswd): found by name: andreas
Finding user andreas
Trying _Get_Pwnam(), username as lowercase is andreas
Get_Pwnam_internals did find user [andreas]!
pdb_set_username: setting username andreas, was
pdb_set_full_name: setting full name , was
pdb_set_domain: setting domain ORCANE, was
Home server: orcane
pdb_set_profile_path: setting profile path \\orcane\andreas\profile, was
Home server: orcane
pdb_set_homedir: setting home dir \\orcane\andreas, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
pdb_set_user_sid: setting user sid
S-1-5-21-2045757840-2064742327-2345991121-3000
pdb_set_user_sid_from_rid:
    setting user sid S-1-5-21-2045757840-2064742327-2345991121-3000
from rid 3000
Opening cache file at /var/cache/samba/gencache.tdb
Opening cache file at /var/cache/samba/gencache_notrans.tdb
gid 1001 -> sid S-1-22-2-1001
Forcing Primary Group to 'Domain Users' for andreas
account_policy_get: name: password history, val: 0
pdb_set_username: setting username andreas, was
pdb_set_domain: setting domain ORCANE, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name , was
Home server: orcane
pdb_set_homedir: setting home dir \\orcane\andreas, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: orcane
pdb_set_profile_path: setting profile path \\orcane\andreas\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid
S-1-5-21-2045757840-2064742327-2345991121-3000
pdb_set_user_sid_from_rid:
    setting user sid S-1-5-21-2045757840-2064742327-2345991121-3000
from rid 3000
pdb_set_group_sid: setting group sid
S-1-5-21-2045757840-2064742327-2345991121-513
account_policy_get: name: password history, val: 0
mod_smbfilepwd_entry: opening file /etc/samba/smbpasswd
mod_smbfilepwd_entry: entry exists for user andreas
Added user andreas.

The resulting smbpasswd is:

andreas:1000:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:F97C....B00B..CA4F54..........11:[U
]:LCT-5CF18D52:

(I have replaced some digits because I don't want my password hash being
on a mailing list :D

The LM Hash is not generated at all.

*******************************************************

And on version 4.3.11:

root@Orcane:/# smbpasswd -D 10 -a blah
INFO: Current debug levels:
  all: 10
  tdb: 10
  printdrivers: 10
  lanman: 10
  smb: 10
  rpc_parse: 10
  rpc_srv: 10
  rpc_cli: 10
  passdb: 10
  sam: 10
  auth: 10
  winbind: 10
  vfs: 10
  idmap: 10
  quota: 10
  acls: 10
  locking: 10
  msdfs: 10
  dmapi: 10
  registry: 10
  scavenger: 10
  dns: 10
  ldb: 10
  tevent: 10
lp_load_ex: refreshing parameters
Initialising global parameters
INFO: Current debug levels:
  all: 10
  tdb: 10
  printdrivers: 10
  lanman: 10
  smb: 10
  rpc_parse: 10
  rpc_srv: 10
  rpc_cli: 10
  passdb: 10
  sam: 10
  auth: 10
  winbind: 10
  vfs: 10
  idmap: 10
  quota: 10
  acls: 10
  locking: 10
  msdfs: 10
  dmapi: 10
  registry: 10
  scavenger: 10
  dns: 10
  ldb: 10
  tevent: 10
Processing section "[global]"
doing parameter workgroup = HOMEBASE
doing parameter netbios name = Orcane
doing parameter wins support = Yes
doing parameter client signing = No
doing parameter domain master = No
doing parameter lanman auth = Yes
doing parameter log file = /var/log/samba/%m.log
doing parameter max log size = 50
doing parameter name resolve order = host lmhosts wins bcast
doing parameter passdb backend = smbpasswd
doing parameter preferred master = Yes
doing parameter security = USER
doing parameter server signing = No
doing parameter server string = Orcane Cortex Gateway
doing parameter smb passwd file = /etc/samba/smbpasswd
pm_process() returned Yes
lp_servicenumber: couldn't find homes
Netbios name list:-
my_netbios_names[0]="ORCANE"
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend wbc_sam
Successfully added passdb backend 'wbc_sam'
Attempting to register passdb backend samba_dsdb
Successfully added passdb backend 'samba_dsdb'
Attempting to register passdb backend samba4
Successfully added passdb backend 'samba4'
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend NDS_ldapsam
Successfully added passdb backend 'NDS_ldapsam'
Attempting to register passdb backend IPA_ldapsam
Successfully added passdb backend 'IPA_ldapsam'
Attempting to find a passdb backend to match smbpasswd (smbpasswd)
Found pdb backend smbpasswd
pdb backend smbpasswd has a valid init
tdb(/var/lib/samba/private/secrets.tdb): tdb_transaction_start: nesting 1
check lock order 1 for /var/lib/samba/private/secrets.tdb
lock order:  1:/var/lib/samba/private/secrets.tdb 2:<none> 3:<none>
Locking key 534543524554532F5349
Allocated locked data 0x0x5557ad174c50
Unlocking key 534543524554532F5349
release lock order 1 for /var/lib/samba/private/secrets.tdb
lock order:  1:<none> 2:<none> 3:<none>
tdb(/var/lib/samba/private/secrets.tdb): tdb_transaction_start: nesting 1
New SMB password:
Retype new SMB password:
getsampwnam (smbpasswd): search by name: blah
startsmbfilepwent_internal: opening file /etc/samba/smbpasswd
getsmbfilepwent: returning passwd entry for user andreas, uid 1000
getsmbfilepwent: skipping comment or blank line
getsmbfilepwent: end of file reached.
endsmbfilepwent_internal: closed password file.
Finding user blah
Trying _Get_Pwnam(), username as lowercase is blah
Trying _Get_Pwnam(), username as uppercase is BLAH
Checking combinations of 0 uppercase letters in blah
Get_Pwnam_internals didn't find user [blah]!
Could not find user blah and no add script defined
Failed to add entry for user blah.
root@Orcane:/# ^Cbpasswd -D 10 -a blah
root@Orcane:/# useradd -m blah
root@Orcane:/# smbpasswd -D 10 -a blah
INFO: Current debug levels:
  all: 10
  tdb: 10
  printdrivers: 10
  lanman: 10
  smb: 10
  rpc_parse: 10
  rpc_srv: 10
  rpc_cli: 10
  passdb: 10
  sam: 10
  auth: 10
  winbind: 10
  vfs: 10
  idmap: 10
  quota: 10
  acls: 10
  locking: 10
  msdfs: 10
  dmapi: 10
  registry: 10
  scavenger: 10
  dns: 10
  ldb: 10
  tevent: 10
lp_load_ex: refreshing parameters
Initialising global parameters
INFO: Current debug levels:
  all: 10
  tdb: 10
  printdrivers: 10
  lanman: 10
  smb: 10
  rpc_parse: 10
  rpc_srv: 10
  rpc_cli: 10
  passdb: 10
  sam: 10
  auth: 10
  winbind: 10
  vfs: 10
  idmap: 10
  quota: 10
  acls: 10
  locking: 10
  msdfs: 10
  dmapi: 10
  registry: 10
  scavenger: 10
  dns: 10
  ldb: 10
  tevent: 10
Processing section "[global]"
doing parameter workgroup = HOMEBASE
doing parameter netbios name = Orcane
doing parameter wins support = Yes
doing parameter client signing = No
doing parameter domain master = No
doing parameter lanman auth = Yes
doing parameter log file = /var/log/samba/%m.log
doing parameter max log size = 50
doing parameter name resolve order = host lmhosts wins bcast
doing parameter passdb backend = smbpasswd
doing parameter preferred master = Yes
doing parameter security = USER
doing parameter server signing = No
doing parameter server string = Orcane Cortex Gateway
doing parameter smb passwd file = /etc/samba/smbpasswd
pm_process() returned Yes
lp_servicenumber: couldn't find homes
Netbios name list:-
my_netbios_names[0]="ORCANE"
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend wbc_sam
Successfully added passdb backend 'wbc_sam'
Attempting to register passdb backend samba_dsdb
Successfully added passdb backend 'samba_dsdb'
Attempting to register passdb backend samba4
Successfully added passdb backend 'samba4'
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend NDS_ldapsam
Successfully added passdb backend 'NDS_ldapsam'
Attempting to register passdb backend IPA_ldapsam
Successfully added passdb backend 'IPA_ldapsam'
Attempting to find a passdb backend to match smbpasswd (smbpasswd)
Found pdb backend smbpasswd
pdb backend smbpasswd has a valid init
New SMB password:
Retype new SMB password:
getsampwnam (smbpasswd): search by name: blah
startsmbfilepwent_internal: opening file /etc/samba/smbpasswd
getsmbfilepwent: returning passwd entry for user andreas, uid 1000
getsmbfilepwent: skipping comment or blank line
getsmbfilepwent: end of file reached.
endsmbfilepwent_internal: closed password file.
Finding user blah
Trying _Get_Pwnam(), username as lowercase is blah
Get_Pwnam_internals did find user [blah]!
pdb_set_username: setting username blah, was
pdb_set_full_name: setting full name , was
pdb_set_domain: setting domain ORCANE, was
Home server: orcane
pdb_set_profile_path: setting profile path \\orcane\blah\profile, was
Home server: orcane
pdb_set_homedir: setting home dir \\orcane\blah, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
pdb_set_user_sid: setting user sid
S-1-5-21-943193812-4018541947-3038954527-3002
pdb_set_user_sid_from_rid:
    setting user sid S-1-5-21-943193812-4018541947-3038954527-3002 from
rid 3002
pdb_set_username: setting username blah, was blah
startsmbfilepwent_internal: opening file /etc/samba/smbpasswd
getsmbfilepwent: returning passwd entry for user andreas, uid 1000
getsmbfilepwent: skipping comment or blank line
getsmbfilepwent: end of file reached.
endsmbfilepwent_internal: closed password file.
getsampwnam (smbpasswd): search by name: blah
startsmbfilepwent_internal: opening file /etc/samba/smbpasswd
getsmbfilepwent: returning passwd entry for user andreas, uid 1000
getsmbfilepwent: skipping comment or blank line
getsmbfilepwent: LM password for user blah invalidated
getsmbfilepwent: returning passwd entry for user blah, uid 1001
endsmbfilepwent_internal: closed password file.
getsampwnam (smbpasswd): found by name: blah
Finding user blah
Trying _Get_Pwnam(), username as lowercase is blah
Get_Pwnam_internals did find user [blah]!
pdb_set_username: setting username blah, was
pdb_set_full_name: setting full name , was
pdb_set_domain: setting domain ORCANE, was
Home server: orcane
pdb_set_profile_path: setting profile path \\orcane\blah\profile, was
Home server: orcane
pdb_set_homedir: setting home dir \\orcane\blah, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
pdb_set_user_sid: setting user sid
S-1-5-21-943193812-4018541947-3038954527-3002
pdb_set_user_sid_from_rid:
    setting user sid S-1-5-21-943193812-4018541947-3038954527-3002 from
rid 3002
Opening cache file at /var/cache/samba/gencache.tdb
Opening cache file at /var/run/samba/gencache_notrans.tdb
gid_to_sid: winbind failed to find a sid for gid 1001
Adding cache entry with key=[IDMAP/SID2XID/S-1-22-2-1001] and
timeout=[Fri Jun  7 20:29:16 2019 UTC] (604800 seconds ahead)
Adding cache entry with key=[IDMAP/GID2SID/1001] and timeout=[Fri Jun  7
20:29:16 2019 UTC] (604799 seconds ahead)
LEGACY: gid 1001 -> sid S-1-22-2-1001
Forcing Primary Group to 'Domain Users' for blah
tdb(/var/lib/samba/account_policy.tdb): tdb_open_ex: could not open file
/var/lib/samba/account_policy.tdb: No such file or directory
Could not open tdb: No such file or directory
check lock order 1 for /var/lib/samba/account_policy.tdb
lock order:  1:/var/lib/samba/account_policy.tdb 2:<none> 3:<none>
Locking key 494E464F2F7665727369
Allocated locked data 0x0x564e841a7c30
Unlocking key 494E464F2F7665727369
release lock order 1 for /var/lib/samba/account_policy.tdb
lock order:  1:<none> 2:<none> 3:<none>
account_policy_get: tdb_fetch_uint32_t failed for type 1 (min password
length), returning 0
tdb(/var/lib/samba/account_policy.tdb): tdb_transaction_start: nesting 1
check lock order 1 for /var/lib/samba/account_policy.tdb
lock order:  1:/var/lib/samba/account_policy.tdb 2:<none> 3:<none>
Locking key 6D696E2070617373776F
Allocated locked data 0x0x564e841a9da0
Unlocking key 6D696E2070617373776F
release lock order 1 for /var/lib/samba/account_policy.tdb
lock order:  1:<none> 2:<none> 3:<none>
account_policy_set: name: min password length, value: 5
account_policy_get: tdb_fetch_uint32_t failed for type 2 (password
history), returning 0
tdb(/var/lib/samba/account_policy.tdb): tdb_transaction_start: nesting 1
check lock order 1 for /var/lib/samba/account_policy.tdb
lock order:  1:/var/lib/samba/account_policy.tdb 2:<none> 3:<none>
Locking key 70617373776F72642068
Allocated locked data 0x0x564e841a9da0
Unlocking key 70617373776F72642068
release lock order 1 for /var/lib/samba/account_policy.tdb
lock order:  1:<none> 2:<none> 3:<none>
account_policy_set: name: password history, value: 0
account_policy_get: tdb_fetch_uint32_t failed for type 3 (user must
logon to change password), returning 0
tdb(/var/lib/samba/account_policy.tdb): tdb_transaction_start: nesting 1
check lock order 1 for /var/lib/samba/account_policy.tdb
lock order:  1:/var/lib/samba/account_policy.tdb 2:<none> 3:<none>
Locking key 75736572206D75737420
Allocated locked data 0x0x564e841a9da0
Unlocking key 75736572206D75737420
release lock order 1 for /var/lib/samba/account_policy.tdb
lock order:  1:<none> 2:<none> 3:<none>
account_policy_set: name: user must logon to change password, value: 0
account_policy_get: tdb_fetch_uint32_t failed for type 4 (maximum
password age), returning 0
tdb(/var/lib/samba/account_policy.tdb): tdb_transaction_start: nesting 1
check lock order 1 for /var/lib/samba/account_policy.tdb
lock order:  1:/var/lib/samba/account_policy.tdb 2:<none> 3:<none>
Locking key 6D6178696D756D207061
Allocated locked data 0x0x564e841a9da0
Unlocking key 6D6178696D756D207061
release lock order 1 for /var/lib/samba/account_policy.tdb
lock order:  1:<none> 2:<none> 3:<none>
account_policy_set: name: maximum password age, value: -1
account_policy_get: tdb_fetch_uint32_t failed for type 5 (minimum
password age), returning 0
tdb(/var/lib/samba/account_policy.tdb): tdb_transaction_start: nesting 1
check lock order 1 for /var/lib/samba/account_policy.tdb
lock order:  1:/var/lib/samba/account_policy.tdb 2:<none> 3:<none>
Locking key 6D696E696D756D207061
Allocated locked data 0x0x564e841a9da0
Unlocking key 6D696E696D756D207061
release lock order 1 for /var/lib/samba/account_policy.tdb
lock order:  1:<none> 2:<none> 3:<none>
account_policy_set: name: minimum password age, value: 0
account_policy_get: tdb_fetch_uint32_t failed for type 6 (lockout
duration), returning 0
tdb(/var/lib/samba/account_policy.tdb): tdb_transaction_start: nesting 1
check lock order 1 for /var/lib/samba/account_policy.tdb
lock order:  1:/var/lib/samba/account_policy.tdb 2:<none> 3:<none>
Locking key 6C6F636B6F7574206475
Allocated locked data 0x0x564e841a9da0
Unlocking key 6C6F636B6F7574206475
release lock order 1 for /var/lib/samba/account_policy.tdb
lock order:  1:<none> 2:<none> 3:<none>
account_policy_set: name: lockout duration, value: 30
account_policy_get: tdb_fetch_uint32_t failed for type 7 (reset count
minutes), returning 0
tdb(/var/lib/samba/account_policy.tdb): tdb_transaction_start: nesting 1
check lock order 1 for /var/lib/samba/account_policy.tdb
lock order:  1:/var/lib/samba/account_policy.tdb 2:<none> 3:<none>
Locking key 726573657420636F756E
Allocated locked data 0x0x564e841a9da0
Unlocking key 726573657420636F756E
release lock order 1 for /var/lib/samba/account_policy.tdb
lock order:  1:<none> 2:<none> 3:<none>
account_policy_set: name: reset count minutes, value: 30
account_policy_get: tdb_fetch_uint32_t failed for type 8 (bad lockout
attempt), returning 0
tdb(/var/lib/samba/account_policy.tdb): tdb_transaction_start: nesting 1
check lock order 1 for /var/lib/samba/account_policy.tdb
lock order:  1:/var/lib/samba/account_policy.tdb 2:<none> 3:<none>
Locking key 626164206C6F636B6F75
Allocated locked data 0x0x564e841a9da0
Unlocking key 626164206C6F636B6F75
release lock order 1 for /var/lib/samba/account_policy.tdb
lock order:  1:<none> 2:<none> 3:<none>
account_policy_set: name: bad lockout attempt, value: 0
account_policy_get: tdb_fetch_uint32_t failed for type 9 (disconnect
time), returning 0
tdb(/var/lib/samba/account_policy.tdb): tdb_transaction_start: nesting 1
check lock order 1 for /var/lib/samba/account_policy.tdb
lock order:  1:/var/lib/samba/account_policy.tdb 2:<none> 3:<none>
Locking key 646973636F6E6E656374
Allocated locked data 0x0x564e841a9da0
Unlocking key 646973636F6E6E656374
release lock order 1 for /var/lib/samba/account_policy.tdb
lock order:  1:<none> 2:<none> 3:<none>
account_policy_set: name: disconnect time, value: -1
account_policy_get: tdb_fetch_uint32_t failed for type 10 (refuse
machine password change), returning 0
tdb(/var/lib/samba/account_policy.tdb): tdb_transaction_start: nesting 1
check lock order 1 for /var/lib/samba/account_policy.tdb
lock order:  1:/var/lib/samba/account_policy.tdb 2:<none> 3:<none>
Locking key 726566757365206D6163
Allocated locked data 0x0x564e841a9da0
Unlocking key 726566757365206D6163
release lock order 1 for /var/lib/samba/account_policy.tdb
lock order:  1:<none> 2:<none> 3:<none>
account_policy_set: name: refuse machine password change, value: 0
get_privileges: No privileges assigned to SID [S-1-1-0]
grant_privilege: S-1-1-0
original privilege mask: 0x0
new privilege mask:      0x0
check lock order 1 for /var/lib/samba/account_policy.tdb
lock order:  1:/var/lib/samba/account_policy.tdb 2:<none> 3:<none>
Locking key 505249565F532D312D31
Allocated locked data 0x0x564e841a9f80
Unlocking key 505249565F532D312D31
release lock order 1 for /var/lib/samba/account_policy.tdb
lock order:  1:<none> 2:<none> 3:<none>
get_privileges: No privileges assigned to SID [S-1-5-32-548]
grant_privilege: S-1-5-32-548
original privilege mask: 0x0
new privilege mask:      0x0
check lock order 1 for /var/lib/samba/account_policy.tdb
lock order:  1:/var/lib/samba/account_policy.tdb 2:<none> 3:<none>
Locking key 505249565F532D312D35
Allocated locked data 0x0x564e841a9ff0
Unlocking key 505249565F532D312D35
release lock order 1 for /var/lib/samba/account_policy.tdb
lock order:  1:<none> 2:<none> 3:<none>
get_privileges: No privileges assigned to SID [S-1-5-32-549]
grant_privilege: S-1-5-32-549
original privilege mask: 0x0
new privilege mask:      0x0
check lock order 1 for /var/lib/samba/account_policy.tdb
lock order:  1:/var/lib/samba/account_policy.tdb 2:<none> 3:<none>
Locking key 505249565F532D312D35
Allocated locked data 0x0x564e841aa080
Unlocking key 505249565F532D312D35
release lock order 1 for /var/lib/samba/account_policy.tdb
lock order:  1:<none> 2:<none> 3:<none>
get_privileges: No privileges assigned to SID [S-1-5-32-550]
grant_privilege: S-1-5-32-550
original privilege mask: 0x0
new privilege mask:      0x0
check lock order 1 for /var/lib/samba/account_policy.tdb
lock order:  1:/var/lib/samba/account_policy.tdb 2:<none> 3:<none>
Locking key 505249565F532D312D35
Allocated locked data 0x0x564e841aa180
Unlocking key 505249565F532D312D35
release lock order 1 for /var/lib/samba/account_policy.tdb
lock order:  1:<none> 2:<none> 3:<none>
get_privileges: No privileges assigned to SID [S-1-5-32-551]
grant_privilege: S-1-5-32-551
original privilege mask: 0x0
new privilege mask:      0x0
check lock order 1 for /var/lib/samba/account_policy.tdb
lock order:  1:/var/lib/samba/account_policy.tdb 2:<none> 3:<none>
Locking key 505249565F532D312D35
Allocated locked data 0x0x564e841aa280
Unlocking key 505249565F532D312D35
release lock order 1 for /var/lib/samba/account_policy.tdb
lock order:  1:<none> 2:<none> 3:<none>
get_privileges: No privileges assigned to SID [S-1-5-32-544]
grant_privilege: S-1-5-32-544
original privilege mask: 0x1ffffff0
new privilege mask:      0x1ffffff0
check lock order 1 for /var/lib/samba/account_policy.tdb
lock order:  1:/var/lib/samba/account_policy.tdb 2:<none> 3:<none>
Locking key 505249565F532D312D35
Allocated locked data 0x0x564e841aa380
Unlocking key 505249565F532D312D35
release lock order 1 for /var/lib/samba/account_policy.tdb
lock order:  1:<none> 2:<none> 3:<none>
account_policy_get: name: password history, val: 0
pdb_set_username: setting username blah, was
pdb_set_domain: setting domain ORCANE, was
pdb_set_nt_username: setting nt username , was
pdb_set_full_name: setting full name , was
Home server: orcane
pdb_set_homedir: setting home dir \\orcane\blah, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
Home server: orcane
pdb_set_profile_path: setting profile path \\orcane\blah\profile, was
pdb_set_workstations: setting workstations , was
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid
S-1-5-21-943193812-4018541947-3038954527-3002
pdb_set_user_sid_from_rid:
    setting user sid S-1-5-21-943193812-4018541947-3038954527-3002 from
rid 3002
pdb_set_group_sid: setting group sid
S-1-5-21-943193812-4018541947-3038954527-513
account_policy_get: name: password history, val: 0
mod_smbfilepwd_entry: opening file /etc/samba/smbpasswd
mod_smbfilepwd_entry: skipping comment or blank line
mod_smbfilepwd_entry: entry exists for user blah
Added user blah.

and the resulting smbpasswd with testpassword: testtest is

blah:1001:CEEB0FA9F240C200417EAF50CFAC29C3:3C99B8901B00758369F18B9DF72012C8:[U
]:LCT-5CF18E9D:

With the hash set correctly :)

*********************************************************************


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba