xxx _update_sam_account - why is it called at logon

Paul Griffith paulg at
Thu Sep 10 08:02:31 MDT 2009


I have been trying to find a overview of the SMB protocol to help me understand when and why  update_sam_account is called.  At different times I will notice that when a users logs into our domain (NT4) I see a request to update their SAM account. Why is Windows doing this and why a logon ??? Is it trying to update the last login time ?? Is Windows playing safe and secure by updating the password hash ?

We use a custom plug-in with our Samba setup (I know no support until you can reproduce the problem with a standard Samba setup ;) ) and we normally deny accounts updates from the Windows host and when we do this, I see the following error (not all the time and not on all accounts)

check_ntlm_password:  Authentication for user [paulg] -> [paulg] FAILED with error NT_STATUS_WRONG_PASSWORD

If I try to relogin I can usually login to the host, this leads me to think it is  timing issue.

This issue reappeared after we *HAD* to add the Novell Client to our hosts.

Can anyone point me to a url to a good overview of SMB and the update_sam_account and why it does what it does!


Paul Griffith

More information about the samba-technical mailing list