is this a bug

Fulvio Corno Fulvio.Corno at
Wed Oct 15 09:38:23 GMT 1997

At 03:19 15/10/97 +1000, mfrattola at wrote:
>Am I doing something wrong? Is revalidate mutually exclusive WRT security=user
>(I read many docs, and didn't find any clue about this)?

Dear Marco,
I can confirm that this is indeed the case. I wrote a message to the list in
October '96, in which I also suggested some additions to the documentation,
that unfortunately didn't get included.
For your convenience, I copy here an excerpt of my former message.


>Dear Samba List,
>I've just finished debugging a problem with user level security, so I let you
>all know. This is for 1.16p2, but I think it's common to most Samba versions.
>The "problem": user level security does NOT work if you have revalidate=true
>in your smb.conf
>The reason: in user level security, the password is never send, except in the
>initial session setup. Revalidate=true prevents samba from re-using the
>session setup password in tree connect commands, so no service can ever be
>connected, except public ones.
>The solution: It seems to me that this is a "correct" behavior (at least a
>very consistent one), I had trouble because it isn't documented anywhere. And,
>since I had a server with revalidate=true running in share level since years,
>when I switched to user level it took me a while to figure it out.
>I propose to add the following information into DIAGNOSIS.txt, in TEST 7:
>If it says "bad password" then the likely causes are:
>...all the current cases...
>- you are running in user level security with revalidate=True
>And maybe update the "revalidate" entry in the smb.conf man page to read:
>     If "revalidate" is True  then  the  client  will  be  denied
>     automatic access as the same username. Note that this will not
>     work if the client is is user level security.

    /  Fulvio Corno <corno at>  /  Dip. Automatica e Informatica  /
   /  Tel: +39 11 564.7053            /  Politecnico di Torino          /
  /  Fax: +39 11 564.7099            / Duca degli Abruzzi 24     /
 /     /  I-10129 TORINO (Italy)         /
'============= CAD group: =================='

More information about the samba mailing list