[Samba] security = server "random" failures

Jon Niehof jniehof at paladigm.com
Wed Jan 15 21:59:00 GMT 2003

I have a Windows 2K SP2 terminal server and a Samba 2.2.7a 
server. The Samba server uses security=server with the 2K 
terminal server as the password server. Users log in to the 
terminal server and attempt to access (always the same) 
share on the Samba box. When there are no sessions open to 
the Samba server the connection from the terminal server 
always works; subsequent connections (with the first one 
open) fail about 70% of the time.

Log snippets (one success, followed by one failure, log 
level 1).

[2003/01/15 15:57:55, 1] smbd/service.c:make_connection(636)
   tyr ( connect to service LEGAL as user test2 
(uid=1014, gid=103) (
pid 529)
[2003/01/15 15:57:56, 1] smbd/password.c:server_validate(1175)
   password server TYR.IMAGE.COM rejected the password

I found in the mailing list archives the following tidbit 
from Andrew Bartlett, dated 13 Aug 2002:
"Don't use 'security=server' when you have a real PDC. 
That's what security=domain is for.  Furthermore, due to 
bugs only (possilby) corrected in Win2k SP3 you must use 
Samba 2.2.5 or above, as the PDC will otherwise randomly 
refuse authenticaion."

Does this statement still apply to 2.2.7a? I'm loathe to 
install SP3 because of EULA concerns and, of course, 
throwing big chunks of patches into a production server.

Anything else that might make this work?

--Jon Niehof, Paladigm Inc.

More information about the samba mailing list