[Samba] Re: Win2k TS authentication probs / pw changing probs

Andrew Bartlett abartlet at samba.org
Fri Jul 12 20:47:45 GMT 2002


Robert Stuart wrote:
> 
> Hi,
> 
> We are having problems with clients changing their passwords from Win2k
> Terminal Servers against a Samba PDC.  It works fine if the machine only
> has few users on it (ie when testing at 6pm after almost everyone is
> gone - I find it difficult to break).
> 
> I'm guessing there is some sort of race condition or resource locking
> going on that prevents it happening properly.

Probably resource locking.  If its a busy server, it is possible that
the smbpasswd file is always locked.  smbpasswd locking is messy - I
would suggest a move to ldap or tdbsam.  Hmm, if you are already using
LDAP then this probably isn't the problem.

> As I didn't get any responses to my previous email re this, I'm getting
> desparate and going to look at the source :-)
> 
> Can someone (perhaps Andrew Bartlett) give me a general run down on how
> pw changing happens?

- User requests password change
- password change is authenticated (they prove they knew the old
password)
- new password is read, unix password sync is done (and that can be even
worse locking wise)
- smbpasswd/tdbsam/ldap (whatever you use for your passdb) is updated. 
This may also require locks.

> Starter question: w.t.? are the *user_info_* and other simliar
> functions/structures about?

In 2.2?  I can't even remember then being there - you are going to have
to point out exactly what you are talking about.

> Config:
> Rh7.3 with rebuilt 2.2.5 rpm for ldapsam support and smbd/conn.c
> modified MAX_CONNECTIONS param.  openldap 2.0.23 with dbm backend, Win2K
> SP2 with Citrix.

There really should not be locking issues with this - you will need to
dig a bit deeper I think.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net




More information about the samba mailing list