[Samba] Password/Username not valid for SOME users

Darryl Milczarek darryl.milczarek at emsusa.com
Wed May 1 08:08:02 GMT 2002 

Samba_Version:     2.2.0a
Samba_Server_HDWR: DEC Alpha 4100
Samba_Server_OS:   Tru64 v.4.0g
PDC_Server_OS:     Windows 2000 Server sp2
Client_OS:         Windows 2000 sp2

I have two identical Alpha 4100 UNIX servers, and both are running Tru64
ver. 4.0g and each has Samba 2.2.0a installed and operating. Both have been
functioning with no configuration changes for over a year. However,
something has happened to one of the installations. While all users can
still map drives to the Samba share on one server (alpha-ems), only a few
users can map a drive to the Samba share on the other server (alpha-ems2)
and the rest of us can not. When they try, they are challenged with a
user/pass screen.

I have tried the tests in the documentation including ping from both server
and client and they succeed, but this test fails: 

# smbpasswd -j EMSPHX -r EMSINTERNET -U% 
cli_net_auth2: Error NT_STATUS_ACCESS_DENIED 
cli_nt_setup_creds: auth2 challenge failed 
modify_trust_password: unable to setup the PDC credentials to machine
EMSINTERNET. Error was : NT_STATUS_ACCESS_DENIED. 
2002/04/18 08:28:16 : change_trust_account_password: Failed to change
password for domain EMSPHX. 
Unable to join domain EMSPHX. 

If I don't put the -U% on the end, then I am again presented with the
user/pass screen. However, when I check smbstatus, I see two or 3 users
successfully attached each day (but only the same 2 or 3).

# smbstatus 
  
Samba version 2.2.0a 
Service      uid      gid      pid     machine 
---------------------------------------------- 
inv-fin      applmgr  dba       9535   tealy_gx150 (172.20.1.114) Thu Apr 18
06:35:05 2002 
inv-fin      applmgr  dba      11180   jhooper_gx150 (172.16.1.109) Thu Apr
18 08:13:55 2002 
  
No locked files 

Prior to last Thursday I could map my I: drive to the inv-fin share on
server alpha-ems2. But now, here is what happens when I try to connect from
my Windows 2000 computer using net use (which used to work just fine): 

net use i: \\alpha-ems2\inv-fin 

The password or username is invalid for \\alpha-ems2\inv-fin 
Type the password for \\alpha-ems2\inv-fin :


And here are the typical entries from the log.smbd when I try to map the
drive and fail:

[2002/05/01 07:03:14, 0] smbd/password.c:(1519)
  domain_client_validate: could not fetch trust account password for domain
EMSPHX
[2002/05/01 07:06:35, 0] lib/util_sock.c:(479)
  read_socket_data: recv failure for 4. Error = Connection reset by peer
[2002/05/01 07:16:21, 0] lib/util_sock.c:(165)
  Failed to set socket option SO_KEEPALIVE (Error Bad file number)
[2002/05/01 07:16:21, 0] lib/util_sock.c:(165)
  Failed to set socket option TCP_NODELAY (Error Socket operation on
non-socket)
[2002/05/01 07:20:19, 0] lib/util_sock.c:(1084)
  getpeername failed. Error was Invalid argument
[2002/05/01 07:20:19, 0] lib/util_sock.c:(542)
  write_socket_data: write failure. Error = Broken pipe
[2002/05/01 07:20:19, 0] lib/util_sock.c:(565)
  write_socket: Error writing 4 bytes to socket 10: ERRNO = Broken pipe
[2002/05/01 07:20:19, 0] lib/util_sock.c:(753)
  Error writing 4 bytes to client. -1. Exiting
[2002/05/01 07:46:59, 0] smbd/password.c:(1519)
  domain_client_validate: could not fetch trust account password for domain
EMSPHX
[2002/05/01 07:52:27, 0] lib/util_sock.c:(479)
  read_socket_data: recv failure for 4. Error = Connection reset by peer
[2002/05/01 07:52:55, 0] smbd/password.c:(1519)
  domain_client_validate: could not fetch trust account password for domain
EMSPHX
#


This is so strange, as just a couple of weeks ago our users NEVER had a
problem connecting to this Samba share! Now three users can connect, but the
rest of us can not!

Here are the results when I run 'smbclient' but note the fact I have to add
'-U%' at the end, otherwise I am presented with a password request, and no
password I enter will work. However, if I just hit [Enter] instead of typing
in a password, I get the message 'Anonymous login successful' and the
requested data is presented. This may be a clue as to my problems.

# smbclient -L alpha-ems2 -U%
added interface ip=172.16.1.17 bcast=172.16.255.255 nmask=255.255.0.0
Domain=[EMSPHX] OS=[Unix] Server=[Samba 2.2.0a]
 
   Sharename      Type      Comment
   ---------      ----      -------
   inv-fin        Disk      Invoice & Financial output (APPU)
   temp           Disk      Temp directory on alpha-ems2
   IPC$           IPC       IPC Service (Samba 2.2.0a)
   ADMIN$         Disk      IPC Service (Samba 2.2.0a)
 
   Server               Comment
   ---------            -------
   ALPHA-EMS2           Samba 2.2.0a
   EMSINTERNET          EMS Primary Domain Controller
 
   Workgroup            Master
   ---------            -------
   EMSPHX               EMSINTERNET

Here is the entire content of my smb.conf file on server alpha-ems2, which
has remained unchanged for over a year:

[global]
  security=domain
  workgroup=EMSPHX
  encrypt passwords=yes
  password server = EMSINTERNET PHX2K
  add user script=/usr/local/samba/bin/add_user
 
[inv-fin]
  comment = Invoice & Financial output (APPU)
  guest account = applmgr
  guest ok = yes
  path = /u07/app/appuappl/admin/reports/out
  public = yes
  read only = yes
 
[temp]
  comment = Temp directory on alpha-ems2
  guest ok = no
  path = /temp
  writeable = yes
  valid users = dmilczar ikahn dgeddes


Have you any ideas where I might look for a solution? 

Darryl Milczarek 
CIO, Equipment Maintenance Services
Phoenix, AZ
darryl.milczarek at emsusa.com

More information about the samba mailing list