smbpasswd produces INCORRECT sambaNTPasswd hash on ppc (yellowdog
4.0 on xserve G5)
cbelite at ydl.net
cbelite at ydl.net
Sat Nov 20 08:58:11 MST 2004
I'm trying to configure an Xserve G5 as a primary domain controller for a bunch
of windows workstations, and I'm running into an odd problem. Smbpasswd
generates the wrong hash! How is this possible? If I run smbpasswd testuser1,
set the password to 123456, it sets the hash to
CAE238A01BFF98AB2A465882B20D01B7. Doing the same on a redhat machine on i386
architecture gives 32ED87BDB5FDC5E9CBA88547376818D4 as the hash. Because of this
I can connect from the Xserve to itself using smbclient, but I cannot connect to
it from the redhat box, or from a windows XP computer. If I set the hash to the
correct value using Crypt::SmbHash, then I can connect from the windows box, and
from the redhat box, but from the Xserve to itself I cannot connect. Which
doesnt seem like a big deal, but I'm trying to use it as a domain controller,
and I can't add any computers to the domain using the add machine script.
Here are the commands I'm running, and the results:
On the redhat (intel) server:
smbpasswd testuser2 (enter 123456)
results in the entry:
dn: uid=testuser2,ou=Users,dc=allstate,dc=network
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: testuser2
sn: testuser2
uid: testuser2
uidNumber: 1006
gidNumber: 513
homeDirectory: /home/testuser2
loginShell: /bin/bash
gecos: System User
description: System User
sambaSID: S-1-5-21-813279244-2815909583-2512609307-3012
sambaPrimaryGroupSID: S-1-5-21-813279244-2815909583-2512609307-513
displayName: System User
sambaPwdMustChange: 2147483647
sambaAcctFlags: [U ]
sambaPwdCanChange: 1100885825
sambaLMPassword: 44EFCE164AB921CAAAD3B435B51404EE
sambaNTPassword: 32ED87BDB5FDC5E9CBA88547376818D4
running smbpasswd testuser1 and entering 123456 on the Xserve gives:
dn: uid=testuser1,ou=Users,dc=allstate,dc=network
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: testuser1
sn: testuser1
uid: testuser1
uidNumber: 1000
gidNumber: 513
homeDirectory: /home/testuser1
loginShell: /bin/bash
gecos: System User
description: System User
sambaSID: S-1-5-21-471028381-1047030085-1551032810-3000
sambaPrimaryGroupSID: S-1-5-21-471028381-1047030085-1551032810-513
displayName: System User
sambaPasswordHistory: 00000000000000000000000000000000000000000000000000000000
00000000
sambaLMPassword: 44EFCE164AB921CAAAD3B435B51404EE
sambaPwdCanChange: 1100920198
sambaPwdMustChange: 2147483647
sambaNTPassword: CAE238A01BFF98AB2A465882B20D01B7
sambaPwdLastSet: 1100920198
sambaAcctFlags: [U ]
userPassword:: e1NNRDV9Z09tN08zWjJ6TEpOQUNvdDVYN0FQTCs2NWM0PQ==
smb.conf follows:
# Global parameters
[global]
workgroup = allstate
netbios name = PDC-SMB3
#interfaces = 192.168.5.11
username map = /etc/samba/smbusers
#admin users= @"Domain Admins"
server string = Samba Server %v
security = user
encrypt passwords = Yes
min passwd length = 3
obey pam restrictions = No
#unix password sync = Yes
#passwd program = /usr/local/sbin/smbldap-passwd -u %u
#passwd chat = "Changing password for*\nNew password*" %n\n "*Retype
new password*" %n\n"
ldap passwd sync = Yes
log level = 20
syslog = 0
log file = /var/log/samba/log.%m
max log size = 100000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
Dos charset = 850
Unix charset = ISO8859-1
logon script = logon.bat
logon drive = H:
logon home =
logon path =
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes
passdb backend = ldapsam:ldap://127.0.0.1/
# passdb backend = ldapsam:"ldap://127.0.0.1/ ldap://slave.idealx.com"
# ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))
#ldap admin dn = cn=samba,ou=DSA,dc=allstate,dc=network
ldap admin dn =cn=Manager,dc=allstate,dc=network
ldap suffix = dc=allstate,dc=network
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Users
ldap ssl = off
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
ldap delete dn = Yes
#delete user script = /usr/local/sbin/smbldap-userdel "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
#delete group script = /usr/local/sbin/smbldap-groupdel "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script =
/usr/local/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
# printers configuration
printer admin = @"Print Operators"
load printers = Yes
create mask = 0640
directory mask = 0750
nt acl support = No
printing = cups
printcap name = cups
deadtime = 10
guest account = nobody
#map to guest = Bad User
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
show add printer wizard = yes
; to maintain capital letters in shortcuts in any of the
profile folders:
preserve case = yes
short preserve case = yes
case sensitive = no
[homes]
comment = repertoire de %U, %u
read only = No
create mask = 0644
directory mask = 0775
browseable = No
[netlogon]
path = /home/netlogon/
browseable = No
read only = yes
[profiles]
path = /home/profiles
read only = no
create mask = 0600
directory mask = 0700
browseable = No
guest ok = Yes
profile acls = yes
csc policy = disable
# next line is a great way to secure the profiles
force user = %U
# next line allows administrator to access all profiles
valid users = %U @"Domain Admins"
--------------------------------------------
http://YDL.net - The online community for Yellow Dog Linux users
More information about the yellowdog-general
mailing list