Problems authenticating with Win2k account that has sIDHistory set

Jason Haar Jason.Haar at
Mon Jul 3 00:34:55 GMT 2000

On Sat, Jun 17, 2000 at 12:17:12AM +1000, Ray Frush wrote:
> We observed the same problem and reported it to Samba-Technical in late April. 
> We've also characterized the problem to discover that it has multiple failure
> modes depending on how many Global Groups with SID History a user belongs to.
> A short term workaround we're using is to lower the security mode to "server"
> and set the "password Server" parameter to a stable, low use server.  Not ideal,
> but it's working for a few hundred users here.

I have been hit by the same problem (Win2000 trusted domain [with
SIDhistory] accessing Samba 2.0.7) and have found a more usable workaround
until the so-called "buffer overrun" is fixed. 

Use pwdump.exe (on Samba site - don't know where) to generate local
smbpasswd file. When the NT auth calls fail, Samba falls back on looking up
via smbpasswd if it exits.

Works for me :-)


Jason Haar

Unix/Network Specialist, Trimble NZ
Phone: +64 3 9635 377 Fax: +64 3 9635 417

More information about the samba-technical mailing list