User domain accounts getting locked out from Win95 machines

Vogle, Brian bvogle at ENERGY.TWC.com
Fri Feb 26 18:55:28 GMT 1999


We're currently running SAMBA 2.0.0 on Solaris.  See below for our smb.conf,
smb.conf.%L, and log file.  We're running a mix of Win95 and NT client
workstations.  Users connecting from NT don't have any problems, but users
connecting from Win95 machines have their NT network accounts locked out
every couple of hours.  

Due to audit/security reasons, our NT domain accounts are setup to lock
after three failed attempts.

The Win95 usrs are able to connect fine, but then all of a sudden they are
being prompted for a password for IPC$, and when we check we see that their
NT domain accounts are locked. out.

We're using "security = server", and are pointing to our NT domain PDC
(GROUCHO in the smb.conf below).

I plan on rolling out 2.0.2 this weekend, and am hoping that this will fix
it.

###########################################################################3

Here is the smb.conf...


;======================= Global Settings
=====================================
[global]

; netbios name = Name that is advertised in the browse list to Windows
clients
   netbios name = midasdev
   netbios aliases = midastest

; workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4
   workgroup = WES

; volume = used to emulate a CDRom label (can be set on a per share basis)
   volume = Samba 

; printing = BSD or SYSV or AIX, etc.
   printing = bsd
   printcap name = /etc/printcap
   load printers = yes

; Uncomment this if you want a guest account
;  guest account = pcguest
   log file = /apps/samba/var/samba-log.%m
; Put a capping on the size of the log files (in Kb)
   max log size = 50

; Options for handling file name case sensitivity and / or preservation
; Case Sensitivity breaks many WfW and Win95 apps
    case sensitive = no
    short preserve case = yes
    preserve case = yes

; Security and file integrity related options
   lock directory = /apps/samba/var/lock
   locking = yes
   strict locking = yes
;   fake oplocks = yes
   share modes = yes
; Security modes: USER uses Unix username/passwd, SHARE uses WfW type
passwords
;        SERVER uses a Windows NT Server to provide authentication services
   security = server
   password server = groucho
; Enable Encrypted Passwords
   encrypt passwords = yes
; Set Location of smbpasswd file
   smb passwd file = /apps/samba/private/smbpasswd
; Set WINS Server IP Address
   wins server = 151.142.55.15

; Performance Related Options
; Before setting socket options read the smb.conf man page!!
;   socket options = TCP_NODELAY 

;============================ Share Declarations
==============================

; include specific config files for midasdev and midastest
   include = /apps/samba/lib/smb.conf.%m
   include = /apps/samba/lib/smb.conf.%L

[tmp]
   comment = Temporary Files
   path = /tmp
   read only = no
;   public = yes

#########################################################################3

Here is the smb.conf.%L (in this case smb.conf.midasdev)...

;======================= Global Settings
=====================================
[global]

; comment is the equivalent of the NT Description field
   comment = Midas Development with SAMBA


;============================ Share Declarations
==============================

[data]
   comment = Midas Dev Data Area
   path = /midasdev/dev/data
   force create mode = 0666
   writeable = yes

[archive]
   comment = Midas Dev Archvie Area
   path = /midasdev/dev/archive
   read only = yes

[log]
   comment = Midas Dev Log Area
   path = /midasdev/dev/log
   read only = yes

############################################################################
###3

Here is the log file for a win95 machine that is trying to connect.
Previous to this section, the machine was able to connect and get validated
without any problems.

[1999/02/26 11:59:31, 3] smbd/server.c:(431)
  Server exit (normal exit)
  doing parameter include = /apps/samba/lib/smb.conf.%L
[1999/02/26 11:59:31, 3] param/params.c:(538)
  params.c:pm_process() - Processing configuration file
"/apps/samba/lib/smb.conf.midastest"
[1999/02/26 11:59:31, 3] param/loadparm.c:(2165)
  Processing section "[global]"
  doing parameter comment = Midas Stage/Test with SAMBA
[1999/02/26 11:59:31, 2] param/loadparm.c:(2182)
  Processing section "[data]"
  doing parameter comment = Midas Test Data Area
  doing parameter path = /midasdev/test/data
  doing parameter force create mode = 0666
  doing parameter writeable = yes
[1999/02/26 11:59:31, 2] param/loadparm.c:(2182)
  Processing section "[archive]"
  doing parameter comment = Midas Test Archvie Area
  doing parameter path = /midasdev/test/archive
  doing parameter read only = yes
[1999/02/26 11:59:31, 2] param/loadparm.c:(2182)
  Processing section "[log]"
  doing parameter comment = Midas Test Log Area
  doing parameter path = /midasdev/test/log
  doing parameter read only = yes
[1999/02/26 11:59:31, 2] param/loadparm.c:(2182)
  Processing section "[tmp]"
  doing parameter comment = Temporary Files
  doing parameter path = /tmp
  doing parameter read only = no
[1999/02/26 11:59:31, 3] param/loadparm.c:(2504)
  pm_process() returned Yes
[1999/02/26 11:59:31, 3] param/loadparm.c:(1478)
  adding IPC service
[1999/02/26 11:59:32, 3] smbd/process.c:(565)
  Transaction 1 of length 158
[1999/02/26 11:59:32, 3] smbd/process.c:(402)
  switch message SMBnegprot (pid 16023)
[1999/02/26 11:59:32, 3] smbd/negprot.c:(332)
  Requested protocol [PC NETWORK PROGRAM 1.0]
[1999/02/26 11:59:32, 3] smbd/negprot.c:(332)
  Requested protocol [MICROSOFT NETWORKS 3.0]
[1999/02/26 11:59:32, 3] smbd/negprot.c:(332)
  Requested protocol [DOS LM1.2X002]
[1999/02/26 11:59:32, 3] smbd/negprot.c:(332)
  Requested protocol [DOS LANMAN2.1]
[1999/02/26 11:59:32, 3] smbd/negprot.c:(332)
  Requested protocol [Windows for Workgroups 3.1a]
[1999/02/26 11:59:32, 3] smbd/negprot.c:(332)
  Requested protocol [NT LM 0.12]
[1999/02/26 11:59:32, 3] libsmb/namequery.c:(546)
  resolve_name: Attempting lmhosts lookup for name GROUCHO<0x20>
[1999/02/26 11:59:32, 4] libsmb/namequery.c:(338)
  startlmhosts: Can't open lmhosts file /apps/samba/lib/lmhosts. Error was
No such file or directory
[1999/02/26 11:59:32, 3] libsmb/namequery.c:(574)
  resolve_name: Attempting host lookup for name GROUCHO<0x20>
[1999/02/26 11:59:32, 3] lib/util_sock.c:(707)
  Connecting to 151.142.55.15 at port 139
[1999/02/26 11:59:32, 3] smbd/password.c:(990)
  connected to password server GROUCHO
[1999/02/26 11:59:32, 3] smbd/password.c:(1018)
  got session
[1999/02/26 11:59:32, 3] smbd/password.c:(1033)
  password server OK
[1999/02/26 11:59:32, 3] smbd/negprot.c:(185)
  using password server validation
[1999/02/26 11:59:32, 3] smbd/negprot.c:(409)
  Selected protocol NT LM 0.12
[1999/02/26 11:59:32, 3] smbd/process.c:(565)
  Transaction 2 of length 162
[1999/02/26 11:59:32, 3] smbd/process.c:(402)
  switch message SMBsesssetupX (pid 16023)
[1999/02/26 11:59:32, 3] smbd/reply.c:(675)
  Domain=[WES]  NativeOS=[Windows 4.0] NativeLanMan=[Windows 4.0]
[1999/02/26 11:59:32, 3] smbd/reply.c:(679)
  sesssetupX:name=[BVOGLE]
[1999/02/26 11:59:38, 1] smbd/password.c:(1121)
  password server GROUCHO rejected the password
[1999/02/26 11:59:38, 4] passdb/smbpass.c:(140)
  getsmbfilepwent: end of file reached
[1999/02/26 11:59:38, 3] smbd/password.c:(494)
  Couldn't find user bvogle in smb_passwd file.
[1999/02/26 11:59:38, 3] smbd/error.c:(138)
  error packet at line 781 cmd=115 (SMBsesssetupX) eclass=2 ecode=2
[1999/02/26 11:59:38, 3] smbd/process.c:(565)
  Transaction 3 of length 162
[1999/02/26 11:59:38, 3] smbd/process.c:(402)
  switch message SMBsesssetupX (pid 16023)
[1999/02/26 11:59:38, 3] smbd/reply.c:(675)
  Domain=[WES]  NativeOS=[Windows 4.0] NativeLanMan=[Windows 4.0]
[1999/02/26 11:59:38, 3] smbd/reply.c:(679)
  sesssetupX:name=[BVOGLE]
[1999/02/26 11:59:41, 1] smbd/password.c:(1121)
  password server GROUCHO rejected the password
[1999/02/26 11:59:41, 4] passdb/smbpass.c:(140)
  getsmbfilepwent: end of file reached
[1999/02/26 11:59:41, 3] smbd/password.c:(494)
  Couldn't find user bvogle in smb_passwd file.
[1999/02/26 11:59:41, 3] smbd/error.c:(138)
  error packet at line 781 cmd=115 (SMBsesssetupX) eclass=2 ecode=2
[1999/02/26 11:59:41, 3] smbd/process.c:(565)
  Transaction 4 of length 162
[1999/02/26 11:59:41, 3] smbd/process.c:(402)
  switch message SMBsesssetupX (pid 16023)
[1999/02/26 11:59:41, 3] smbd/reply.c:(675)
  Domain=[WES]  NativeOS=[Windows 4.0] NativeLanMan=[Windows 4.0]
[1999/02/26 11:59:41, 3] smbd/reply.c:(679)
  sesssetupX:name=[BVOGLE]
[1999/02/26 11:59:41, 1] smbd/password.c:(1121)
  password server GROUCHO rejected the password
[1999/02/26 11:59:41, 4] passdb/smbpass.c:(140)
  getsmbfilepwent: end of file reached
[1999/02/26 11:59:41, 3] smbd/password.c:(494)
  Couldn't find user bvogle in smb_passwd file.
[1999/02/26 11:59:41, 3] smbd/error.c:(138)
  error packet at line 781 cmd=115 (SMBsesssetupX) eclass=2 ecode=2
[1999/02/26 11:59:41, 3] smbd/process.c:(565)
  Transaction 5 of length 162
[1999/02/26 11:59:41, 3] smbd/process.c:(402)
  switch message SMBsesssetupX (pid 16023)
[1999/02/26 11:59:41, 3] smbd/reply.c:(675)
  Domain=[WES]  NativeOS=[Windows 4.0] NativeLanMan=[Windows 4.0]
[1999/02/26 11:59:41, 3] smbd/reply.c:(679)
  sesssetupX:name=[BVOGLE]
[1999/02/26 11:59:41, 1] smbd/password.c:(1121)
  password server GROUCHO rejected the password
[1999/02/26 11:59:41, 4] passdb/smbpass.c:(140)
  getsmbfilepwent: end of file reached
[1999/02/26 11:59:41, 3] smbd/password.c:(494)
  Couldn't find user bvogle in smb_passwd file.
[1999/02/26 11:59:41, 3] smbd/error.c:(138)
  error packet at line 781 cmd=115 (SMBsesssetupX) eclass=2 ecode=2
[1999/02/26 11:59:41, 3] smbd/process.c:(755)
  end of file from client
[1999/02/26 11:59:41, 2] smbd/server.c:(406)
  Closing connections
[1999/02/26 11:59:41, 3] smbd/server.c:(431)
  Server exit (normal exit)
[1999/02/26 12:00:22, 3] lib/doscalls.c:(327)
  dos_ChDir to /apps/samba/lib
[1999/02/26 12:02:01, 3] smbd/process.c:(565)
  Transaction 10 of length 39
[1999/02/26 12:02:01, 3] smbd/process.c:(402)
  switch message SMBtdis (pid 16021)
[1999/02/26 12:02:01, 1] smbd/service.c:(514)
  bvlap2 (172.18.181.10) closed connection to service archive
[1999/02/26 12:02:01, 3] smbd/connection.c:(40)
  Yielding connection to archive
[1999/02/26 12:02:01, 3] smbd/connection.c:(40)
  Yielding connection to STATUS.
[1999/02/26 12:02:01, 3] smbd/connection.c:(105)
  Yield successful
[1999/02/26 12:02:01, 3] smbd/process.c:(755)
  end of file from client
[1999/02/26 12:02:01, 2] smbd/server.c:(406)
  Closing connections
[1999/02/26 12:02:01, 3] smbd/server.c:(431)
  Server exit (normal exit)

############################################################################
###3

I know this is a lot to stick in an email, but I'd appreciate any help that
anyone can offer.

Thanks,

--Brian Vogle
  Network Administrator
  Williams Energy Marketing & Trading
  bvogle at energy.twc.com


More information about the samba mailing list