security=server has many failings (was: Re: [Samba] Any help will
be great. THX.)
Andrew Bartlett
abartlet at samba.org
Tue Feb 17 10:38:32 GMT 2004
On Tue, 2004-02-17 at 09:30, reza.rafiee at GEORGESINC.COM wrote:
> I've just installed Samba 2.2.3a on AIX 5.2. We're using a NT password
> server to authenticate username/password. Our NT guru's are complaining
> that there're seeing several authentication failures events with an account
> called "sambatest" which is not a valid userid on our site. It looks like
> some type of polling that Samba is doing.
>
> This is part of the errors they are seeing:
>
> Logon Failure:
> Reason: Unknown user name or bad password
> User Name: sambatestHOSTNAME
> Domain: OURDOMAIN
>
> In my smb.conf file I'm using:
>
> security = SERVER
>
> How can we stop these errors from occurring?
>
>
> We are getting a login screen to login to the network and when we try we get
> the same message over and over.
Some versions of NT are prone to allowing any user to log in, no matter
what the password. This is fine for NT, as it knows the user is just a
guest, but we can't tell, so 'security=server' fails.
So we check, and clock up the bad logins.
Instead, you should set 'security=domain' and join the domain per the
documentation (smbpasswd -j -Uadministrator -r PDC should do that)
This uses the native NT logon protocols, which don't suffer from this
kind of bug.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040217/181566c7/attachment.bin
More information about the samba
mailing list