security=server has many failings (was: Re: [Samba] Any help will be great. THX.)

Andrew Bartlett abartlet at
Tue Feb 17 10:38:32 GMT 2004

On Tue, 2004-02-17 at 09:30, reza.rafiee at GEORGESINC.COM wrote:
> I've just installed Samba 2.2.3a on AIX 5.2.  We're using a NT password
> server to authenticate username/password.  Our NT guru's are complaining 
> that there're seeing several authentication failures events with an account 
> called "sambatest" which is not a valid userid on our site.  It looks like 
> some type of polling that Samba is doing.
> This is part of the errors they are seeing:
> Logon Failure:
> 	Reason:	Unknown user name or bad password
> 	User Name:	sambatestHOSTNAME
> 	Domain:	OURDOMAIN
> In my smb.conf file I'm using:
> security = SERVER
> How can we stop these errors from occurring?
> We are getting a login screen to login to the network and when we try we get
> the same message over and over.

Some versions of NT are prone to allowing any user to log in, no matter
what the password.  This is fine for NT, as it knows the user is just a
guest, but we can't tell, so 'security=server' fails.  

So we check, and clock up the bad logins.

Instead, you should set 'security=domain' and join the domain per the
documentation (smbpasswd -j -Uadministrator -r PDC should do that)

This uses the native NT logon protocols, which don't suffer from this
kind of bug.

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba mailing list