Date: Mon, 2 Jun 2003 15:18:13 +0200 (CEST) From: Przemyslaw Plaskowicki <plex@iavmb.pl> To: FreeBSD-gnats-submit@FreeBSD.org Cc: Przemyslaw Plaskowicki <plex@iavmb.pl> Subject: ports/52859: Samba 2.2.8a (2.2.8)- broken support for password changing via CTRL-ALT-DEL on Windows client Message-ID: <20030602131813.92D5B3284D74@grasshopper.iavmb.pl> Resent-Message-ID: <200306021320.h52DKHSQ077229@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 52859 >Category: ports >Synopsis: Samba 2.2.8a (2.2.8)- broken support for password changing via CTRL-ALT-DEL on Windows client >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Jun 02 06:20:16 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Przemyslaw Plaskowicki >Release: FreeBSD 4.5-RELEASE-p25 i386 >Organization: IAVMB >Environment: Samba 2.2.8a System: FreeBSD grasshopper.iavmb.pl 4.5-RELEASE-p25 FreeBSD 4.5-RELEASE-p25 #4: Tue Mar 4 14:32:24 CET 2003 plex@grasshopper.iavmb.pl:/usr/obj/usr/src/sys/SMPKERNEL-QUOTA i386 Also reported on 4.6, 4.7 and 4.8 as see below. >Description: It is possible to change password via CTRL-ALT-DEL combination on Windows 2000 client machine. Changed password is passed by Samba to program or script defined by 'passwd program' parameter in smb.conf which should de facto chang password. That program is normally run with root privileges. However normally samba process does not run with root privilege. In order to change password samba need to swich back to root. That does not work in 2.2.8a, Windows return error message and logs are containing following lines: [2003/06/02 14:48:03, 1, effective(0, 0), real(0, 0)] rpc_server/srv_pipe.c:api_pipe_ntlms sp_verify(366) api_pipe_ntlmssp_verify: User PLEX-WIN2K\plex from machine PLEX-WIN2K failed authentication on named pipe samr. [2003/06/02 14:48:03, 0, effective(65534, 65534), real(0, 65534)] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,65534) now set to (65534,65534) uid=(0,65534) [2003/06/02 14:48:03, 0, effective(65534, 65534), real(0, 65534)] lib/util.c:smb_panic(1094) PANIC: failed to set gid [2003/06/02 14:48:03, 0, effective(65534, 65534), real(0, 65534)] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,65534) now set to (65534,65534) uid=(0,65534) [2003/06/02 14:48:03, 0, effective(65534, 65534), real(0, 65534)] lib/util.c:smb_panic(1094) PANIC: failed to set gid /var/messages states: Jun 2 14:48:03 grasshopper /kernel: pid 8690 (smbd), uid 65534: exited on signal 6 Jun 2 14:48:03 grasshopper /kernel: pid 11791 (smbd), uid 65534: exited on signal 6 This bug was also reported by these users: http://groups.google.com/groups?selm=16e27602.0303181027.67d96b05%40posting.google.com [...] This is running on a FreeBSD 4.6-RELEASE box. [...] [2003/03/17 13:53:07, 3] smbd/sec_ctx.c:get_current_groups(172) get_current_groups: user is in 5 groups: 1005, 1005, 0, 1010, 1015 [2003/03/17 13:53:07, 3] smbd/sec_ctx.c:pop_sec_ctx(436) pop_sec_ctx (1001, 1005) - sec_ctx_stack_ndx = 0 [2003/03/17 13:53:07, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,1005) now set to (1005,1005) uid=(0,1001) [2003/03/17 13:53:07, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid [...] http://groups.google.com/groups?selm=20030413114009%245af7%40gated-at.bofh.it [...] i have running samba 2.2.8a from the ports on the system: FreeBSD bingo.ru 4.7-STABLE FreeBSD 4.7-STABLE #2: Tue Mar 25 20:30:51 YEKT 2003 root@bingo.ru:/usr/obj/usr/src/sys/bingo i386 [...] my samba is primary domain controller for my microsoft network with windowzes. all was well, but from some time my users cannot change their passwords in domain. windows reports about domain is not available and the smbd writes to log: === cut === [2003/04/13 16:39:39, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666) [2003/04/13 16:39:39, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid [2003/04/13 16:39:39, 0] smbd/password.c:domain_client_validate(1558) domain_client_validate: could not fetch trust account password for domain BINGO [2003/04/13 16:39:39, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666) [2003/04/13 16:39:39, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid [2003/04/13 16:39:39, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048) [2003/04/13 16:39:39, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid [2003/04/13 16:39:39, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048) [2003/04/13 16:39:39, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid [2003/04/13 16:39:39, 0] smbd/password.c:domain_client_validate(1558) domain_client_validate: could not fetch trust account password for domain BINGO [2003/04/13 16:39:40, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666) [2003/04/13 16:39:40, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid [2003/04/13 16:39:40, 0] smbd/password.c:domain_client_validate(1558) domain_client_validate: could not fetch trust account password for domain BINGO [2003/04/13 16:39:40, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666) [2003/04/13 16:39:40, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid [2003/04/13 16:39:40, 0] smbd/password.c:domain_client_validate(1558) domain_client_validate: could not fetch trust account password for domain BINGO [2003/04/13 16:39:40, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048) [2003/04/13 16:39:40, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid [2003/04/13 16:39:40, 0] smbd/password.c:domain_client_validate(1558) domain_client_validate: could not fetch trust account password for domain BINGO [2003/04/13 16:39:40, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048) [2003/04/13 16:39:40, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid [2003/04/13 16:39:40, 0] smbd/password.c:domain_client_validate(1558) domain_client_validate: could not fetch trust account password for domain BINGO [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666) [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid [2003/04/13 16:40:06, 0] smbd/password.c:domain_client_validate(1558) domain_client_validate: could not fetch trust account password for domain BINGO [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666) [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048) [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048) [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid [2003/04/13 16:40:06, 0] smbd/password.c:domain_client_validate(1558) domain_client_validate: could not fetch trust account password for domain BINGO [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666) [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid [2003/04/13 16:40:06, 0] smbd/password.c:domain_client_validate(1558) domain_client_validate: could not fetch trust account password for domain BINGO [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,1666) now set to (1666,1666) uid=(0,1666) [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048) [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid [2003/04/13 16:40:06, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,31) now set to (31,31) uid=(0,2048) [2003/04/13 16:40:06, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid [2003/04/13 16:40:06, 0] smbd/password.c:domain_client_validate(1558) domain_client_validate: could not fetch trust account password for domain BINGO [...] http://groups.google.pl/groups?selm=20030527141013%2444c1%40gated-at.bofh.it Hi, samba 2.2.8 is working on my FreeBSD 4.8 - server. Samba is the PDC and almost everything is working fine. When a user wants to change his own samba password, he presses CTRL_ALT_Delete in windows and clicks on "Change Password". After entering the passwords, windows shows a popup which says that it isn't possible to change the password because the domain is not available. On the console these errors appear (many times): /kernel: pid 94755 (smbd), uid 1010: exited on signal 6 /kernel: pid 94756 (smbd), uid 65534: exited on signal 6 in /var/log/log.[PCname] these errors appear: [2003/05/27 14:55:08, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,1001) now set to (1001,1001) uid=(0,1001) [2003/05/27 14:55:08, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid [...] My apologies for excessive quoting, but I find these posts relevant to problem. >How-To-Repeat: Try to change password using CTRL-ALT-DEL combination on Windows 2000 and samba 2.2.8a. >Fix: Not known. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030602131813.92D5B3284D74>