[Samba] problems password changing 2.2.5 samba PDC with openldap

Robert Stuart Robert.Stuart at qsa.qld.edu.au
Thu Jul 4 00:15:02 GMT 2002


We are running samba 2.2.5 (rebuilt RH rpm with --ldapsam), openldap
2.0.23-4 on a RedHat 7.3 box.  We also have multiple Win2k Terminal
servers.  This is a production server.  The samba server is the PDC for
the domain, storing its data in a LDAP directory.  

We are having problems with users trying to change passwords.  A single
user change change their password with no problem.  If two users on the
same terminal server (TS) change hit the button to change their password
at the same time, it takes the usual 5 seconds or so for the first
person to finish and another 5 seconds for the second to complete.  This
looks like it is serializing the password changing process.  We can live
with this.


If two people try to change their password at the same time on two
DIFFERENT TSs then the second machine locks up in a few ways.  The
password takes a long time (5 minutes order of magnitude) to bring up a
negative response and during this time, logons to the domain from this
server do NOT work.

As this is a production server, I only have debug at level 1, but the
logs for the "bad" TS contain a few copies of these lines:

[2002/07/01 18:09:52, 0] passdb/passdb.c:pdb_free_sam(210)
 pdb_free_sam: SAM_ACCOUNT was NULL
[2002/07/01 18:09:52, 1] smbd/sec_ctx.c:become_gid(80)
  WARNING: using gid -1 is a security risk
[2002/07/01 18:09:52, 1] smbd/sec_ctx.c:become_uid(53)
  WARNING: using uid -1 is a security risk

Any suggestions?

I can any other details if it will help.


Robert Stuart
Systems Administrator
Ph: 61 7 3864 0364
Fax: 61 7 3221 2553

More information about the samba mailing list