[Samba] SUMMARY: Samba "unable to validate password" error

Carolyn Mayr carolyn at usna.navy.MIL
Mon Nov 18 13:44:00 GMT 2002


To sunmanagers and samba at lists readers:

Thank you all so much for your help with the samba issue.  Although the
problem was not solved, your suggestions made it possible for us to
narrow down the problem.  We believe the problem are two office PCs
that were recently configured with some new test software.  All other
PCs and user accounts work fine.  I do need to upgrade samba to a
newer version which I intend to do.  Again, thank you all again and
I have documented your suggestions below.
					Carolyn Mayr


====From: "Haywood, Steven" <shaywood at hurricaneseye.com
Do the new users have an entry in the Sun machine's password database?
(either /etc/passwd or NIS)

====From: "Dinwiddie, Ron (TIFPC)" <RDinwid at templeinland.com
I have experienced this as well and have yet to find "the solution",
however, I have found a workaround for my situation that you may want to use
while continuing to look for a better, more permanent solution.  My
workaround is to create a Unix account for the Samba users - only the login
id needs to match - the password doesn't.  Once I've created the user
account, the user is no longer prompted for a password.  I've only noticed
this since we upgraded Samba in the past 3 - 4 months, so it may have
something to do with that.

***
The only other thing that I've done in some cases is to add an entry to the
smb.conf file that allows "guests" access to that shared file system:

[shared_name]
        comment = just a comment for me
        path = /export/harvest_pkg_web
        guest ok = yes


====From sellers <sellers at oakland.edu>
Have you upgraded your NT server recently.  MS often adds things in  
that makes things like SAMBA break and you have to upgrade SAMBA as  
well to fix what MS breaks.

***
Yes. Service Packs are essentially upgrades.  For example, SP3 broke a  
lot of things for NT4.


====From: "Mike Stewart" <mike at powys-training.co.uk>
have you created the new user accounts in Unix and also in smbpasswd ?


====From: joe.fletcher at btconnect.com
Looks like your samba server has lost membership of 
the NT domain. May be something simple like an  
expired password. Check the NT server event logs for 
more detail on the failure. You may have to re-add the 
samba server to the domain.

On a related note I've always found Alpha/Tru64 with 
it's ASU product superior to samba. Since you are an 
EDU site licensing is free. 

Worth a look if you get the chance.


====From: Alex Ranchoux <aranchoux at yahoo.com>

To ensure that you do not get this authentication problem:
 
1-make sure usernameA exist in local /etc/passwd file

2-make sure usernameA exist in smb passwd db (file)
NB:cd /samba/home/location/samba/bin
     then, add the usernameA with this command
     smbpasswd -a usernameA  
Note: the user will have to type its NT passwd twice.                       
                             
3-make sure that both usernameA/passwd are identical on:                          
-your NT machine             
-your local /etc/passwd file 
-you local smbpasswd db file 
                             
Only then you will not get the error message while
trying to access your samba share via an NT client.


====From: "Koehler, Michael" <M.Koehler at vivanco.de>
Here you can see what is going wrong:

>[2002/11/15 07:53:51, 1] smbd/password.c:(500)
>    Couldn't find user 'velazque' in smb_passwd file.

The users have to be defined in the smbpasswd file, also they have been to
defined as unix user!!

Check first which passwd file your samba is using:

root at sun02 # ./testparm|grep passwd
                        <---- here you press enter, Carolyn!!!
        smb passwd file = /etc/opt/samba/private/smbpasswd     <---- thats
the path to the file
        passwd program = /bin/passwd
        passwd chat = *new*password* %n\n *new*password* %n\n *changed*
        passwd chat debug = No

look at the file for the user velazque

if the user is not in the file you can add him with the command in the ./bin
-directory of your samba:

./smpasswd -a velazque

enter the password for him.    
                               
That must help in your situation, if there are any more question, please
come back.      


====From fabrice at life.net Fri Nov 15 12:53 EST 2002

've run into a similar problem before, except that in my case it hadn't 
worked in the past. I was using a Win2K domain, instead of NT, but this may 
work as well. Run:

/usr/local/bin/smbpasswd -j domainanme -r ntserver -UAdministrator

domainname = being your windows domain name
ntserver = your windows NT server name (name should be in local /etc/hosts)

You will then need to type the Windows Domain Administrator password.

I hope this helps!

***
I forgot to mention that in addition to that I had to set "security = 
DOMAIN" in /etc/smb.conf and enable password encryption.


====From: Helen Nulty <hnulty at email.unc.edu>
We use the following

name resolve order = lmhosts host wins bcast

...just reaching.

***
We do use an LMHOSTS file.  Maybe that will help?


====From: "Nuno Espirito Santo" <nfs at advancecare.com>
        Don't know if I'm too late or even if it's the correct answer but
here it goes...
        I had a similar problem, although the smb server was in a suse-linux
box. I had to go to our PDC, remove the smb server(linux box) from the
domain, sincronize the domain and then when I issued the smbpassword command
on linux it went ok.
        Hope it helped.


====From: "Harlan Braude" <hbraude at audible.com>
Your problem is most likely not on your Samba server. It's on the PC
clients - the new ones, that is.

You must enable "plain text passwords" on each client. It requires a change
to a registry key, which can be done using regedit.

Sorry, I don't recall the name of the key right now (yeah, big help, huh!
sorry), but I can get it Monday if you're not able to find it on your own.

Good luck.



********************* ORIGINAL MESSAGE ********************* 

From: Carolyn Mayr <carolyn at usna.edu>
Subject: Samba "unable to validate password" error
To: sunmanagers at sunmanagers.org
Date: Fri, 15 Nov 2002 09:40:54 -0500 (EST)

Managers,

I have an emergency and am at the end of my resources and hope you can help.
I'm a samba newbie and hope you can point me to an answer.

Our Samba2.0.5 server is a Sun Enterprise 450 (Solaris 7).  Our PDC
is an NT machine called warrior.  The warrior is the smbpasswd server
and the domain is CSDEPARTMENT.

We've been running samba for the past 2 years with no problem.  Now we
are seeing a problem with new users in the CSDEPARTMENT domain when a 
user tries to log in from their PC to our samba server:

  [2002/11/15 07:53:51, 0] smbd/password.c:(1470)
    domain_client_validate: unable to validate password for user velazque in 
domain CSDEPARTMENT to Domain controller WARRIOR. Error was code 0.
  [2002/11/15 07:53:51, 1] smbd/password.c:(500)
    Couldn't find user 'velazque' in smb_passwd file.
  [2002/11/15 07:53:51, 1] smbd/password.c:(500)
    Couldn't find user 'velazque' in smb_passwd file.
  [2002/11/15 07:53:51, 1] smbd/reply.c:(925)
    Rejecting user 'velazque': authentication failed
  [2002/11/15 07:53:51, 1] smbd/server.c:(641)
    smbd version 2.0.7 started.


I don't know what is causing this.  I reviewed my smb.conf file using the
Samba Unleashed book and according to the book, it's correct.  

I thought maybe the problem was with the PDC credentials so I tried this:

#/opt/samba/bin/smbpasswd -j CSDEPARTMENT -r warrior

   cli_net_auth2: Error NT_STATUS_ACCESS_DENIED
   cli_nt_setup_creds: auth2 challenge failed
   modify_trust_password: unable to setup the PDC credentials to machine 
WARRIOR.   Error was : NT_STATUS_ACCESS_DENIED.
   2002/11/15 09:34:55 : change_trust_account_password: Failed to change         
password for domain CSDEPARTMENT.
   Unable to join domain CSDEPARTMENT.

Could this be why I'm having the user validation problem?  BTW, we do have
an /etc/opt/samba/private directory with some old files:

-rw-r--r--   1 root     root          40 Aug 17  2000 MACHINE.SID
-rw-------   1 root     root         127 Apr 30  2001 smbpasswd
-rw-r--r--   1 root     other         25 Aug 18  2000 smbpasswd.junk


Please help!!!!

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Carolyn A. Mayr (UNIX System Administrator)  Voice: (410) 293-6808 (sec-6800)
Computer Science Department, DivMath&Sci     Email: carolyn at usna.edu     
572 Holloway Road, Chauvenet Hall, Stop 9F   FAX:   (410) 293-2686
U.S. Naval Academy                           WWW:   http://www.cs.usna.edu
Annapolis, MD  21402-5002                    USNA:  (410) 293-1000
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=




More information about the samba mailing list