sudden loss of password validation

David Baird dbaird at qualcomm.com
Tue Aug 24 15:19:33 GMT 1999


My configuration:
 Solaris 2.6, Samba 2.0.5a
 Windows NT 4.0 PDC
smb.conf:
 security = server
 password server = XXXX-PDC
 encrypt passwords = yes
 invalid users = @root, @bin, @sys, @admin
 socket options = IPTOS_LOWDELAY TCP_NODELAY
 domain master = no
 local master = no
 preferred master = no
 os level = 0
 win support = no
 wins server = xxx.xxx.xx.xx
 getwd cache = yes

The problem: Strangely, the PDC rejects user password challenges from Samba.
The user account gets locked. After unlocking the account, everything is
back to normal. This happens several times a day to different users and from
different Samba servers. All Samba servers have the same [global]
configuration.

Is this a Samba problem? Is samba perhaps not passing along the correct
password? If I add the user and password to smbpasswd, then the challenge
fails on the PDC, but works for Samba, and all is well. However, I cannot
maintain a smbpasswd entry for all NT Domain users. I want the Windows NT
4.0 PDC to maintain security.

We did not have this problem with Samba 1.9.18p7.

Here is a log of the error:

[1999/08/24 16:14:25, 1] smbd/password.c:server_validate(1131)
  password server XXXX-PDC rejected the password
[1999/08/24 16:14:25, 1] smbd/password.c:pass_check_smb(504)
  Couldn't find user 'dbaird' in smb_passwd file.
[1999/08/24 16:14:25, 2] smbd/reply.c:reply_sesssetup_and_X(830)
  NT Password did not match for user 'dbaird' ! Defaulting to Lanman
[1999/08/24 16:14:25, 1] smbd/password.c:pass_check_smb(504)
  Couldn't find user 'dbaird' in smb_passwd file.
[1999/08/24 16:14:49, 1] smbd/password.c:server_validate(1131)
  password server XXXX-PDC rejected the password
[1999/08/24 16:14:49, 1] smbd/password.c:pass_check_smb(504)
  Couldn't find user 'dbaird' in smb_passwd file.
[1999/08/24 16:14:49, 2] smbd/reply.c:reply_sesssetup_and_X(830)
  NT Password did not match for user 'dbaird' ! Defaulting to Lanman
[1999/08/24 16:14:49, 1] smbd/password.c:pass_check_smb(504)
  Couldn't find user 'dbaird' in smb_passwd file.

----------------------------------------------
D a v i d   B a i r d
Qualcomm Israel
phone: +972-4-8506652     fax: +972-4-8506510
----------------------------------------------



More information about the samba-technical mailing list