W2K makes too many authentication attempts
epl at unimelb.edu.au
Tue Oct 23 18:37:02 GMT 2001
I'm wondering whether anyone has previously observed the following
behaviour of W2K and whether there are any workarounds client-side or
server-side. Win9x and WinNT does not seem to be affected.
If you use Windows Explorer's location bar or the "Start|Run..."
dialog box, W2K makes multiple authentication attempts to the remote
SMB server (checked using tcpdump). These authentication attempts occur
in real-time as the user types the SMB address and BEFORE the user has
completed the entry by pressing <enter> or similar.
Therefore, if the W2K client does not have the user's password
cached (eg the Samba server's password is different from the local
W2K password), this results in many authentication attempts. If at the
same time, the Samba server has the facility to lock a user's account
when there are too many concurrent failed login attempts, the userB
account would be prematurely locked before the user has a chance to
type in the correct password.
Under Tru64, there's a custom patch that implements account-locking
for Samba (where this behaviour was verified). Under Linux, there is a
PAM module called pam_tally which I couldn't get working. I suspect
there are similar PAM modules for Solaris and FreeBSD.
Has this W2K behaviour been previously noted and are there any
More information about the samba