[Samba] Users with changed passwords can connect locally,
but not remotely
Ed Holden
eholden at mclean.harvard.edu
Fri Jan 14 16:59:19 GMT 2005
Hi. I've just run into a very strange problem with a Samba server. I'm
running version 3.0.2a, which came with Yellow Dog Linux (a Mac that
originally ran OS X server, but that I like better with Samba).
I migrated a complete Samba configuration from an old server, including
the entire /etc/samba directory and all user accounts, making sure that
the UIDs all matched (and, while we're on the subject of continuity, I
even made sure that the new server had the old server's local SID in the
secrets.tdb database, and that the users' SIDs matched the machine SID).
At first, no clients were aware that anything had changed.
However, I changed the passwords of two users and now they can't connect
with either the old or new passwords. I even changed them back, with no
success. Oddly, they can both connect fine from the server itself when
I do this:
smbclient -L 127.0.0.1 -U username
Password:
...
All the services are listed normally. But when I issue the same command
from a remote machine, it fails:
smbclient -L servername -U username
Password:
session setup failed: NT_STATUS_LOGON_FAILURE
- It's not a firewall issue, because I can indeed connect. And users
who are still using their original passwords can connect fine.
- It's not a conflict with the old server, because the old server is not
running Samba and has a new IP address.
- It's not that I'm connecting to the wrong machine, because I tried
stopping Samba, and then I couldn't even connect form the remote host.
So this really is a case of Samba rejecting a login for a remote machine
but allowing the same login locally - but only for users with changed
passwords. Anyone ever seen anything like this?
Thanks in advance,
Ed
--
:: Ed Holden
:: Administrator, Research Information Systems
:: McLean Hospital
:: Tel: (617) 855-2822
:: Web: http://research.mclean.harvard.edu/ris
Any information, including protected health information (PHI), transmitted
in this email is intended only for the person or entity to which it is
addressed and may contain information that is privileged, confidential and or
exempt from disclosure under applicable Federal or State law. Any review,
retransmission, dissemination or other use of or taking of any action in
reliance upon, protected health information (PHI) by persons or entities other
than the intended recipient is prohibited. If you received this email in error,
please contact the sender and delete the material from any computer.
More information about the samba
mailing list