[Samba] samba 3.0.11, security=server and smbpasswd as fallback not working

Ralf Gross Ralf-Lists at RalfGross.de
Wed Feb 9 08:12:11 GMT 2005

Gerald (Jerry) Carter wrote:
> Ralf Gross wrote:
>| Hi,
>| with samba 2.2.12 a user was able to connect to a share with his local
>| smbpasswd if he had no user on the password server. I updated the samba
>| server to 3.0.11 and this is not working anymore. I kept the config
>files >| and the smbpasswd file. The smb.conf man page describes old
>behavior, but >| if the password server rejects the password the
>connection gets
>| terminated with  NT_STATUS_LOGON_FAILURE.
> Fallover to the next auth method only occurs when the current
> auth method (e.g. the remote server) returns
> NT_STATUS_NOT_IMPLEMENTED I think.  This is by design.

This was changed in samba 3.x?

> You'll have better luck setting
>       'auth methods = guest sam_ignoredomain smbserver'
> But I rarely ever recommend setting the 'auth methods' parameter.
> So keep that in mind.

Great, now it seems to work as before!

> This will authenticate first against the smbpasswd and
> the fall over to server authentication if the user is
> not listed in the smbpasswd file.

I need the fallback to smbpasswd because we have some users that have no
domain account (students, doctorands...). With the fallback I can give
them a local account/password and access to shares.

> Last recommendation, you should really explore security = domain.
> security = server has been deprecated.

I would love to do this. Unfortunately samba server are not allowed to
join the domain, only window servers are allowed to be member of the
domain. This is just a workgroup server, which is in a separate workgroup
with a couple of linux machines.


More information about the samba mailing list