2 files changed, 3 insertions, 3 deletions

diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c
index 787061602c..a3a1d2230f 100644
--- a/source4/rpc_server/samr/samr_password.c
+++ b/source4/rpc_server/samr/samr_password.c
@@ -251,7 +251,7 @@ NTSTATUS samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call,
 	const char *user_dn, *domain_dn = NULL;
 	int ret;
 	struct ldb_message **res, mod;
-	const char * const attrs[] = { "objectSid", "ntPwdHash", "unicodePwd", NULL };
+	const char * const attrs[] = { "objectSid", "ntPwdHash", "lmPwdHash", "unicodePwd", NULL };
 	const char * const dom_attrs[] = { "minPwdLength", "pwdHistoryLength", 
 					   "pwdProperties", "minPwdAge", "maxPwdAge", 
 					   NULL };
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index a4eb1de142..370f309b6c 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -1036,7 +1036,7 @@ static BOOL test_ChangePasswordUser2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 
 	encode_pw_buffer(lm_pass.data, newpass, STR_ASCII|STR_TERMINATE);
 	arcfour_crypt(lm_pass.data, old_lm_hash, 516);
-	E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
+	E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
 
 	encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
 	arcfour_crypt(nt_pass.data, old_nt_hash, 516);
@@ -1091,7 +1091,7 @@ static BOOL test_ChangePasswordUser3(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
 
 	encode_pw_buffer(lm_pass.data, newpass, STR_UNICODE);
 	arcfour_crypt(lm_pass.data, old_nt_hash, 516);
-	E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash);
+	E_old_pw_hash(new_nt_hash, old_lm_hash, lm_verifier.hash);
 
 	encode_pw_buffer(nt_pass.data, newpass, STR_UNICODE);
 	arcfour_crypt(nt_pass.data, old_nt_hash, 516);