[Samba] security = server "random" failures
Jon Niehof
jniehof at paladigm.com
Wed Jan 15 21:59:00 GMT 2003
I have a Windows 2K SP2 terminal server and a Samba 2.2.7a
server. The Samba server uses security=server with the 2K
terminal server as the password server. Users log in to the
terminal server and attempt to access (always the same)
share on the Samba box. When there are no sessions open to
the Samba server the connection from the terminal server
always works; subsequent connections (with the first one
open) fail about 70% of the time.
Log snippets (one success, followed by one failure, log
level 1).
[2003/01/15 15:57:55, 1] smbd/service.c:make_connection(636)
tyr (192.168.2.6) connect to service LEGAL as user test2
(uid=1014, gid=103) (
pid 529)
[2003/01/15 15:57:56, 1] smbd/password.c:server_validate(1175)
password server TYR.IMAGE.COM rejected the password
I found in the mailing list archives the following tidbit
from Andrew Bartlett, dated 13 Aug 2002:
"Don't use 'security=server' when you have a real PDC.
That's what security=domain is for. Furthermore, due to
bugs only (possilby) corrected in Win2k SP3 you must use
Samba 2.2.5 or above, as the PDC will otherwise randomly
refuse authenticaion."
Does this statement still apply to 2.2.7a? I'm loathe to
install SP3 because of EULA concerns and, of course,
throwing big chunks of patches into a production server.
Anything else that might make this work?
--Jon Niehof, Paladigm Inc.
More information about the samba
mailing list