[Samba] Problems with NT passwords on samba 2.2.8 and earlier versions.

[MacDonell, Dennis]

Hi, 

To elaborate on the password problem -
We are operating in an NT4 environment that is slowly migrating to w2k. We
have a number of unix workstations and servers that are running samba to
share their disk space to PC users. The PC password policy requires that
users change their password at monthly intervals. The samba configuration on
all the unix boxes points to an NT4 PDC server for password authentication
using the following samba configuration commands

encryptpasswords = yes
local master = no
name resolve order = wins, host
password server = <name of pdc>
protocol = NT1
security = server
username map = /usr/local/samba/etc/smbusers
workgroup = <system wide group name>

What appears to be happening is that samba is caching something about the
user's NT password at the time they initialise a samba connection. So, when
the user is forced to change their windows password, by the 1 month aging
process on the pdc, the samba connections that a user has established, start
causing illegal password entries in the pdc event log. After a number of
password failures the pdc locks the account. Things seem to get reset, when
I run a script that clears out all nmbd and smbd processes on the unix
server, the user's samba connections seem to be re-established with their
current (new) password. 

I guess one solution to this might be to run a cron job in the middle of the
night that clears out all smbd and nmbd processes running on the unix box.
However that can lead to problems if a user is running a process on their PC
that is accessing a file on a unix box. The process seems to loose track of
where it is in the file or something.

Dennis

######################################
Dennis Macdonell
Systems Administrator
National Mapping Division, Geoscience Australia
mail: PO Box 2, Belconnen, ACT 2617
email: mcdonell at auslig.gov.au
ph:  61 2 6201 4326
fax: 61 2 6201 4377
######################################