Security = domain: wrong error code on login failure?

Nelson, John P. NelsonJP at genrad.com
Mon Mar 15 17:28:49 GMT 1999 

I just started using security=domain (samba 2.0.3, clients NT4 service pack
3).  I've noticed a very strange behavior of NT 4 when interacting with the
security=domain server.

When users log in with normal NT domain accounts, everything is fine.  But
we sometimes have users log in to NT with a local account, then they connect
to a network share using the "Connect as" facility to supply a network
identify.  The initial connection works as expected:  the problem occurs
when the user logs out, then logs in again using the same (non-domain, i.e.
local) NT account.

When logging back in, NT displays the usual "Restoring Network Connections"
popup, and as expected, the connection to the samba server fails (because no
network password has been supplied).  The standard "Enter Network Password"
popup is displayed.

-------------------
Enter Network Password
Incorrect password for computername\sharename
You last connected to this computer as domainname\username
Password:
-------------------

Now, here's where the odd behavior is.  With an NT server (or samba using
security=server), I can hit the "cancel" button if I don't want to connect
the network drive in this session - NT displays a dialog describing the
error, and an optional checkbox which says "do not try to restore this
connection in the future".  If I don't check the "don't restore" checkbox,
then NT will not successfully complete the login:  it continuously pops up
the same "Enter Network Password" dialog, above.  The only thing that can
break you out of the loop is either supplying the correct password, or
hitting CTL-ALT-DEL and logging out (and even then, you have to explicitly
kill EXPLORER.EXE, because it doesn't shut down properly on it's own).

Apparently, each time I click on CANCEL, it does some form of connection
attempt anyway.  The first time I played with this, my NT domain account was
locked out because I had too many bad login attempts!

This is definitely NOT the behavior I get when I use NT servers (or even
security=server).  I'm guessing (and I'll admit that it's a guess) that
samba is not passing back the error code that NT expects, and NT somehow
believes that it MUST restore this connection before proceeding.

Please let me know if there is any more information that I can supply to
help diagnose the problem.

  - john nelson

More information about the samba mailing list