[SRU] Samba NT_STATUS_PASSWORD_MUST_CHANGE bug
Bug #259110 reported by
John Baker
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
samba (Ubuntu) |
Fix Released
|
Undecided
|
Chuck Short | ||
Hardy |
Fix Released
|
Undecided
|
Unassigned | ||
Intrepid |
Fix Released
|
Undecided
|
Chuck Short |
Bug Description
Binary package hint: samba
Using Ubuntu Hardy L.T.S this error comes up when connecting to Samba with security = user. My setup checks the password with LDAP, our schema contains no password expiry information and we don't have this trouble with other versions of Samba.
This note is in the changes section of the release notes for Samba 3.0.31 "BUG 5555: Don't return NT_STATUS_
It appears that this bug came up in samba version 3.0.26a the release that made it into Hardy Heron.
To post a comment you must log in.
Hi,
Thanks for the bug report. This looks like a good candidate for an SRU.
Impact: LDAP schemas for samba that contains no password expiry information gets a NT_STATUS_ PASSWORD_ MUST_CHANGE error on machine account logon. From upstream:
The net_rpc_join.c code uses a level 24 to set the password when we PASSWORD_ MUST_CHANGE error.
are joining a Samba PDC. Inside smbd we don't update the password last set
field from zero on level 24, only level 25. Thus the password last set is left
at zero on a join and subsequent auth attempts on the machine account fail with
a NT_STATUS_
I've reproduced this on 3.0.x but I think the same code is in 3.2 and this is a
blocker bug for 3.2.0.
https:/ /bugzilla. samba.org/ show_bug. cgi?id= 5555
How to reproduce:
See above.
I have attached the patch which fixes this issue. If you have any questions please feel free to ask.
Regards
chuck