Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Samba - Change passwd from client with ctrl + alt + del
Top Forums UNIX for Beginners Questions & Answers Samba - Change passwd from client with ctrl + alt + del Post 302981982 by hicksd8 on Thursday 22nd of September 2016 04:52:34 AM
Old 09-22-2016
Are you trying to change the password for the same user from both routes? Or for different users?

The point I am making is this.
You have a Unix system with a user on it with his Unix login password.
You then install Samba.
You then configure this user to use Samba.
Samba will NOT use the Unix login password for this user so at this point the user still cannot user Samba. (**)
The Samba password (although normally set the same as the Unix password) needs to be set.
However, at this point the Unix O/S knows that this user is also a Samba user so if the sysadmin resets that user's password, the system sets the user's Samba password at the same time too.
At this point the user can access using Samba.

So if the user tries to change password via Samba at this point (**), it will produce a security error.

Samba passwords are usually (depending on the exact Samba implementation) hashed in a 'smbpasswd' or 'smbpassword' file on the Unix system somewhere. You can look in there and see whether hashed passwords exist and for which users.

Yes, I know that this doesn't feel like a Debian problem but just perhaps it is. I cannot think of why one Samba client would behave differently to another from a security point of view.

Please do post back your progress.
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Python+Linux: CTRL-ALT-DEL Ncurses Utility

I have this NCurses utility that prompts for user input and takes action appropriately, I changed the default action for the three finger'd salute to run this utility instead of restarting the system. This is a problem: Printing to stdout happens immediately, but before anything else (such as... (0 Replies)
Discussion started by: thmnetwork
0 Replies

2. AIX

Disable ctrl-c,ctrl-d,ctrl-d in ksh script

I wrote a ksh script for Helpdesk. I need to know how to disable ctrl-c,ctrl-z,ctrl-d..... so that helpdesk would not be able to get to system prompt :confused: (6 Replies)
Discussion started by: wtofu
6 Replies

3. IP Networking

How to enumerate samba shares with client

I have a samba server node and I want to mount the samba (CIFS) shares from a second (client) unix machine. However, the unix mount command requires I specify the name of the share. What if I don't know the name of the share? How can I enumerate all the shares from the samba client machine? ... (1 Reply)
Discussion started by: siegfried
1 Replies

4. UNIX for Dummies Questions & Answers

Need to change root passwd

I booted up Sun V240 server with boot cdrom -s using the Sun Operating System CD. I now am at the # prompt and su - root . The system will not allow me to set password for root. Get following error: # passwd New Password: xxxxxxxx Re-enter new Password: xxxxxxxx passwd: Unexpected failure. ... (4 Replies)
Discussion started by: mayewil
4 Replies

5. AIX

new password not available on nis client for up to 10 minutes after yppush passwd

Hi, We are currently in the process to move the user authentication for our AIX clients to a Windows 2003 server to authenticate them against the active directory entries. What we have so far: - NIS master server on Windows 2003 Server with the unix-subsystem installed -> This is managing... (1 Reply)
Discussion started by: candyflip2000
1 Replies

6. Programming

Do you know whether ncurses supports Alt or Ctrl combination keys

I'm new in ncurses. I'd like to ask one question. Do you know whether ncurses supports Alt or Ctrl combination keys? Our application wants to get response when inputting Alt or Ctrl combination keys by keyboard in one linux c project. I try one testing on ncurses, it seems ncurses doesn't... (3 Replies)
Discussion started by: liuyan03
3 Replies

7. Red Hat

Samba Client for RHEL 4

I am looking for a Samba Client for a redhat 4 installation. I can't find it anywhere on the web. Does anyone have a link where i can find a working version ? This is my version: Red Hat Enterprise Linux AS release 4 (Nahant Update 7) /usr/bin/file: ELF 32-bit LSB executable, Intel... (5 Replies)
Discussion started by: guidovans
5 Replies

8. Solaris

Unable to change the passwd

bash-3.00# passwd sami New Password: Re-enter new Password: Dec 14 00:07:43 hack passwd: passwdutil: crypt_gensalt Invalid argument passwd: Unexpected failure. Password database unchanged. Permission denied i got this error while i am change the user(sami) passwd. (3 Replies)
Discussion started by: samiulla
3 Replies

9. Solaris

Not able to find samba client service in Solaris 10

Hi I am new to samba & I need to configure samba client on Solaris 10 machine where I need to mount/share window folder (Window 2008 machine is configured as samba server). I am following below mention link to mount this window's folder. ... (7 Replies)
Discussion started by: sb200
7 Replies

10. Solaris

Can't change users passwd

Have an issue with a user or root changing the user's passwd. We run the passwd command and a complex passwd is entered a message is displayed, "passwd is based on a dictionary word." We do have a dictionary file and I know for a fact the complex passwd is not in the list. This happens on a... (3 Replies)
Discussion started by: solizkewl
3 Replies

LEARN ABOUT SUSE

smbpasswd

SMBPASSWD(5)						   File Formats and Conventions 					      SMBPASSWD(5)

NAME

       smbpasswd - The Samba encrypted password file

SYNOPSIS

       smbpasswd

DESCRIPTION

       This tool is part of the samba(7) suite.

       smbpasswd is the Samba encrypted password file. It contains the username, Unix user id and the SMB hashed passwords of the user, as well as
       account flag information and the time the password was last changed. This file format has been evolving with Samba and has had several
       different formats in the past.

FILE FORMAT

       The format of the smbpasswd file used by Samba 2.2 is very similar to the familiar Unix passwd(5) file. It is an ASCII file containing one
       line for each user. Each field ithin each line is separated from the next by a colon. Any entry beginning with '#' is ignored. The
       smbpasswd file contains the following information for each user:

       name
	   This is the user name. It must be a name that already exists in the standard UNIX passwd file.

       uid
	   This is the UNIX uid. It must match the uid field for the same user entry in the standard UNIX passwd file. If this does not match then
	   Samba will refuse to recognize this smbpasswd file entry as being valid for a user.

       Lanman Password Hash
	   This is the LANMAN hash of the user's password, encoded as 32 hex digits. The LANMAN hash is created by DES encrypting a well known
	   string with the user's password as the DES key. This is the same password used by Windows 95/98 machines. Note that this password hash
	   is regarded as weak as it is vulnerable to dictionary attacks and if two users choose the same password this entry will be identical
	   (i.e. the password is not "salted" as the UNIX password is). If the user has a null password this field will contain the characters "NO
	   PASSWORD" as the start of the hex string. If the hex string is equal to 32 'X' characters then the user's account is marked as disabled
	   and the user will not be able to log onto the Samba server.

	   WARNING !!  Note that, due to the challenge-response nature of the SMB/CIFS authentication protocol, anyone with a knowledge of this
	   password hash will be able to impersonate the user on the network. For this reason these hashes are known as plain text equivalents and
	   must NOT be made available to anyone but the root user. To protect these passwords the smbpasswd file is placed in a directory with
	   read and traverse access only to the root user and the smbpasswd file itself must be set to be read/write only by root, with no other
	   access.

       NT Password Hash
	   This is the Windows NT hash of the user's password, encoded as 32 hex digits. The Windows NT hash is created by taking the user's
	   password as represented in 16-bit, little-endian UNICODE and then applying the MD4 (internet rfc1321) hashing algorithm to it.

	   This password hash is considered more secure than the LANMAN Password Hash as it preserves the case of the password and uses a much
	   higher quality hashing algorithm. However, it is still the case that if two users choose the same password this entry will be identical
	   (i.e. the password is not "salted" as the UNIX password is).

	   WARNING !!. Note that, due to the challenge-response nature of the SMB/CIFS authentication protocol, anyone with a knowledge of this
	   password hash will be able to impersonate the user on the network. For this reason these hashes are known as plain text equivalents and
	   must NOT be made available to anyone but the root user. To protect these passwords the smbpasswd file is placed in a directory with
	   read and traverse access only to the root user and the smbpasswd file itself must be set to be read/write only by root, with no other
	   access.

       Account Flags
	   This section contains flags that describe the attributes of the users account. This field is bracketed by '[' and ']' characters and is
	   always 13 characters in length (including the '[' and ']' characters). The contents of this field may be any of the following
	   characters:

	   o   U - This means this is a "User" account, i.e. an ordinary user.

	   o   N - This means the account has no password (the passwords in the fields LANMAN Password Hash and NT Password Hash are ignored).
	       Note that this will only allow users to log on with no password if the
		null passwords parameter is set in the smb.conf(5) config file.

	   o   D - This means the account is disabled and no SMB/CIFS logins will be allowed for this user.

	   o   X - This means the password does not expire.

	   o   W - This means this account is a "Workstation Trust" account. This kind of account is used in the Samba PDC code stream to allow
	       Windows NT Workstations and Servers to join a Domain hosted by a Samba PDC.

	   Other flags may be added as the code is extended in future. The rest of this field space is filled in with spaces. For further
	   information regarding the flags that are supported please refer to the man page for the pdbedit command.

       Last Change Time
	   This field consists of the time the account was last modified. It consists of the characters 'LCT-' (standing for "Last Change Time")
	   followed by a numeric encoding of the UNIX time in seconds since the epoch (1970) that the last change was made.

       All other colon separated fields are ignored at this time.

VERSION

       This man page is correct for version 3 of the Samba suite.

SEE ALSO

       smbpasswd(8), Samba(7), and the Internet RFC1321 for details on the MD4 algorithm.

AUTHOR

       The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open
       Source project similar to the way the Linux kernel is developed.

       The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another excellent piece of Open
       Source software, available at ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to
       DocBook for Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.

Samba 3.5							    06/18/2010							      SMBPASSWD(5)
All times are GMT -4. The time now is 02:20 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy