Win clients misbehave when security=server

Yuval Hager yuval at
Sun Nov 4 15:19:02 GMT 2001


I am encountering weird and inconsistent problems when using
security=server. I haven't found an exact way to recreate the problem yet,
but I have the feeling that it is inherent in the design of security=server
mode in samba.

At the start, the windows client has a network drive mapped on the samba
server, and it can connect and work perfectly.
After restarting the samba server, or logging out and back in in the windows
client, strange things start to happen. The samba server refuses to accept
the user, prompting continously for a "correct" username and password
(mainly on Win2K clients).

An examination of the logs and tcpdumps shows that the windows client
sometimes sends a tconx transaction (instead of the usual
negprot+sesssetupx), and samba fails because the cli struct was not filled
properly (null passwords are not allowed). Sometimes the windows client
sends a sesssetupx with incorrect challenge response, and sometimes it sends
negprot+sesssetupx, but ignores the new challenge, rather sending an "old"
response (access denied from the password server)
Since samba redirects all of the requests directly to the authentication
server, I have the feeling that having samba in the middle of the windows
client and the authentication server somewhat takes their caches out of

I've gone through many newsgroups posts and I see that many people are
having problems with security=server, but noone seemed to have pinpointed
the problem.

After reading these posts and part of the samba code (and lots of network
dumps) I am starting to think that there is no solution to the problem with
security=server and I must change to security=domain...

Please let me know what you think,


-------------- next part --------------
HTML attachment scrubbed and removed

More information about the samba-technical mailing list