[Samba] NT Account Lock Out Issue

daniel.jarboe at custserv.com daniel.jarboe at custserv.com
Wed Apr 30 18:34:40 GMT 2003


Does the samba server on your AIX box run with security = SERVER?  If
so, I remember reading something about how security = SERVER can result
in lockouts because first samba sends a bogus password that gets denied
to make sure that it is actually meaningful that the real password gets
accepted.  I think there are other issues with security = SERVER too,
and if you can swing security = DOMAIN, that is probably the way to go.

If you have security = DOMAIN using winbindd, does it happen shortly
after users change their password?

~ Daniel

On Wednesday, April 30, 2003 2:11 PM Jason Warner wrote:
> 
> I have a bunch of users with Win98 boxes and Windows 2k 
> boxes.  The users are using an emulation program called 
> Accuterm to connect to the AIX box with a Samba share.  The 
> Windows 2k boxes seem to be locked out at random.  We have 
> password encryption turned off in the Samba config file.  The 
> event logs on the domain controller never seem to log any 
> account lockout issues except for a Sambatest(servername)
> 
> In reading from several digests there is possible issue with 
> this.  I have read that windows 9x boxes need password 
> encryption turned off and that Windows Nt and up need it 
> turned on.  Samba points to our domain controller a 2k Domain 
> controller with SP3.  The users windows 2k boxes have SP1 Sp2 
> and SP3 on them.  The problem seems to occur more often then 
> the user is attempting to print.
> 
> Has anyone experienced this type of problem or know a fix?
> 
> The users receive a Mrxsmb error in there Event Log while 
> connected to the AIX box.
> 
> AIX 2.21
> Samba 5.1
> Microsoft Windows 98 and Windows 2k
> 
> 
> Jason Warner
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 
> 

-----------------------------------------------------------------------

This message is the property of Time Inc. or its affiliates. It may be
legally privileged and/or confidential and is intended only for the use
of the addressee(s). No addressee should forward, print, copy, or
otherwise reproduce this message in any manner that would allow it to be
viewed by any individual not originally listed as a recipient. If the
reader of this message is not the intended recipient, you are hereby
notified that any unauthorized disclosure, dissemination, distribution,
copying or the taking of any action in reliance on the information
herein is strictly prohibited. If you have received this communication
in error, please immediately notify the sender and delete this message.
Thank you.



More information about the samba mailing list