[Solved] Samba - Change passwd from client with ctrl + alt + del
Hello,
I got a very strange issue using samba. From a Windows 7 client that joined the domain, i want to change a user password. Here is what i am doing exactly :
Loging into the domain account, with username and password.
Pressing ctrl + alt + del
Clic on Change password menu
Enter old password and 2 times new password.
Then the result depend. If i proccess that on a virtual machine where windows 7 is installed, that work perfectly, the GUI say that the password is successfully updated and the password is updated for real.
But if i try on my real windows 7 on my laptop, or on my friend laptop (both windows 7), that won't work and display that error message :
Code:
The system has detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you.
Additionnals informations : My friend tested it on samba : 3.5.5(compiled) 4.1.17(apt-get) and a 4.5.5 (compiled and personnal jail managment). I tedted by myself on a fresh install of 4.5.5 (compiled).
The amazing thing is that with the same user i can change the password from the virtual machine but from the real machine.
The virtual machine is not up to date.
I'm looking for a solution since yesterday, i can't find anything then i need your help.
Thank you in advance ! =)
EDIT :
I solved it at least, the problem was from Microsoft Windows update.
There are 3 recent security updates that cause the issue :
KB3175024
KB3172605
KB3167679
Just uninstall them as a temporary workaround.
It seems the issue appear only on NT4 PDC, then upgrading to AD DC would fix it.
Microsoft propose also a workaround solution but i didnt got it : https://support.microsoft.com/en-us/kb/3167679
Hmmmmm........I'm not a Debian expert but I know that Samba on Debian (like most other O/S's) uses it's own password management and doesn't use the Unix/Linux password (eg, /etc/passwd or /etc/shadow).
So having installed Samba you need to set up Samba credentials for the Samba user (which must also pre-exist as a Linux user). Once Samba is installed, the Samba password for a user can be set automatically by the sysadmin resetting the Linux password for a user even if you set the password to what it is already. The password is then hashed within the Samba management system.
If you don't get answers on this forum I would suggest you (or I) get an admin or moderator to move this thread to the specialist Debian forum.
Having said that, this forum "UNIX for Beginners Questions and Answers" isn't listing the moderators at the bottom of the web page (which forums usually do). However, if need be, we can post to the mod comms forum to get somebody with the necessary clout to move your thread.
I'm pretty sure it's not about Debian, the issue appear from a samba that i compile myself.
I think you didnt really got the way i want to change the user password.
When you hit "Ctrl + Alt + Del" from windows client, you can select the option "Change password".
When i'm doing that from my virtual machine, that work 100%.
When i'm doing that from my real machine, that don't work at all.
Are you trying to change the password for the same user from both routes? Or for different users?
The point I am making is this.
You have a Unix system with a user on it with his Unix login password.
You then install Samba.
You then configure this user to use Samba.
Samba will NOT use the Unix login password for this user so at this point the user still cannot user Samba. (**)
The Samba password (although normally set the same as the Unix password) needs to be set.
However, at this point the Unix O/S knows that this user is also a Samba user so if the sysadmin resets that user's password, the system sets the user's Samba password at the same time too.
At this point the user can access using Samba.
So if the user tries to change password via Samba at this point (**), it will produce a security error.
Samba passwords are usually (depending on the exact Samba implementation) hashed in a 'smbpasswd' or 'smbpassword' file on the Unix system somewhere. You can look in there and see whether hashed passwords exist and for which users.
Yes, I know that this doesn't feel like a Debian problem but just perhaps it is. I cannot think of why one Samba client would behave differently to another from a security point of view.
Have an issue with a user or root changing the user's passwd.
We run the passwd command and a complex passwd is entered a message is displayed,
"passwd is based on a dictionary word."
We do have a dictionary file and I know for a fact the complex passwd is not in the list. This happens on a... (3 Replies)
Hi
I am new to samba & I need to configure samba client on Solaris 10 machine where I need to mount/share window folder (Window 2008 machine is configured as samba server).
I am following below mention link to mount this window's folder.
... (7 Replies)
bash-3.00# passwd sami
New Password:
Re-enter new Password:
Dec 14 00:07:43 hack passwd: passwdutil: crypt_gensalt Invalid argument
passwd: Unexpected failure. Password database unchanged.
Permission denied
i got this error while i am change the user(sami) passwd. (3 Replies)
I am looking for a Samba Client for a redhat 4 installation.
I can't find it anywhere on the web. Does anyone have a link where i can find a working version ?
This is my version:
Red Hat Enterprise Linux AS release 4 (Nahant Update 7)
/usr/bin/file: ELF 32-bit LSB executable, Intel... (5 Replies)
I'm new in ncurses. I'd like to ask one question.
Do you know whether ncurses supports Alt or Ctrl combination keys?
Our application wants to get response when inputting Alt or Ctrl combination keys by keyboard in one linux c project.
I try one testing on ncurses, it seems ncurses doesn't... (3 Replies)
Hi,
We are currently in the process to move the user authentication for our AIX clients to a Windows 2003 server to authenticate them against the active directory entries.
What we have so far:
- NIS master server on Windows 2003 Server with the unix-subsystem installed -> This is managing... (1 Reply)
I booted up Sun V240 server with boot cdrom -s using the Sun Operating System CD. I now am at the # prompt and su - root . The system will not allow me to set password for root. Get following error:
# passwd
New Password: xxxxxxxx
Re-enter new Password: xxxxxxxx
passwd: Unexpected failure. ... (4 Replies)
I have a samba server node and I want to mount the samba (CIFS) shares from a second (client) unix machine.
However, the unix mount command requires I specify the name of the share. What if I don't know the name of the share?
How can I enumerate all the shares from the samba client machine?
... (1 Reply)
I wrote a ksh script for Helpdesk. I need to know how to disable ctrl-c,ctrl-z,ctrl-d..... so that helpdesk would not be able to get to system prompt :confused: (6 Replies)
I have this NCurses utility that prompts for user input and takes action appropriately, I changed the default action for the three finger'd salute to run this utility instead of restarting the system.
This is a problem:
Printing to stdout happens immediately, but before anything else (such as... (0 Replies)
09-21-2016
[Solved] Samba - Change passwd from client with ctrl + alt + del
