[Samba] security = server "random" failures
abartlet at samba.org
Thu Jan 16 21:51:00 GMT 2003
On Thu, 2003-01-16 at 08:58, Jon Niehof wrote:
> I have a Windows 2K SP2 terminal server and a Samba 2.2.7a
> server. The Samba server uses security=server with the 2K
> terminal server as the password server. Users log in to the
> terminal server and attempt to access (always the same)
> share on the Samba box. When there are no sessions open to
> the Samba server the connection from the terminal server
> always works; subsequent connections (with the first one
> open) fail about 70% of the time.
Sounds about standard for security=server. It's not a nice hack. Make
sure nothing is timing out the connection.
> Log snippets (one success, followed by one failure, log
> level 1).
> [2003/01/15 15:57:55, 1] smbd/service.c:make_connection(636)
> tyr (192.168.2.6) connect to service LEGAL as user test2
> (uid=1014, gid=103) (
> pid 529)
> [2003/01/15 15:57:56, 1] smbd/password.c:server_validate(1175)
> password server TYR.IMAGE.COM rejected the password
> I found in the mailing list archives the following tidbit
> from Andrew Bartlett, dated 13 Aug 2002:
> "Don't use 'security=server' when you have a real PDC.
> That's what security=domain is for. Furthermore, due to
> bugs only (possilby) corrected in Win2k SP3 you must use
> Samba 2.2.5 or above, as the PDC will otherwise randomly
> refuse authenticaion."
> Does this statement still apply to 2.2.7a? I'm loathe to
> install SP3 because of EULA concerns and, of course,
> throwing big chunks of patches into a production server.
> Anything else that might make this work?
Samba 3.0 includes more protections for security=server, but it is still
fundamentally flawed. Why can't you use 'security=domain'?
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20030116/17206fa3/attachment.bin
More information about the samba