[Samba] Users with changed passwords can connect locally, but not remotely

Ed Holden eholden at mclean.harvard.edu
Fri Jan 14 16:59:19 GMT 2005


Hi.  I've just run into a very strange problem with a Samba server.  I'm 
running version 3.0.2a, which came with Yellow Dog Linux (a Mac that 
originally ran OS X server, but that I like better with Samba).

I migrated a complete Samba configuration from an old server, including 
the entire /etc/samba directory and all user accounts, making sure that 
the UIDs all matched (and, while we're on the subject of continuity, I 
even made sure that the new server had the old server's local SID in the 
secrets.tdb database, and that the users' SIDs matched the machine SID). 
  At first, no clients were aware that anything had changed.

However, I changed the passwords of two users and now they can't connect 
with either the old or new passwords.  I even changed them back, with no 
success.  Oddly, they can both connect fine from the server itself when 
I do this:

  smbclient -L 127.0.0.1 -U username
  Password:
  ...

All the services are listed normally.  But when I issue the same command 
from a remote machine, it fails:

  smbclient -L servername -U username
  Password:
  session setup failed: NT_STATUS_LOGON_FAILURE


- It's not a firewall issue, because I can indeed connect.  And users 
who are still using their original passwords can connect fine.

- It's not a conflict with the old server, because the old server is not 
running Samba and has a new IP address.

- It's not that I'm connecting to the wrong machine, because I tried 
stopping Samba, and then I couldn't even connect form the remote host.

So this really is a case of Samba rejecting a login for a remote machine 
but allowing the same login locally - but only for users with changed 
passwords.  Anyone ever seen anything like this?

Thanks in advance,
Ed


-- 

:: Ed Holden
:: Administrator, Research Information Systems
:: McLean Hospital
:: Tel: (617) 855-2822
:: Web: http://research.mclean.harvard.edu/ris


Any information, including protected health information (PHI), transmitted
 in this email is intended only for the person or entity to which it is
addressed and may contain information that is privileged, confidential and or
exempt from disclosure under applicable Federal or State law. Any review,
retransmission, dissemination or other use of or taking of any action in
reliance upon, protected health information (PHI) by persons or entities other
than the intended recipient is prohibited. If you received this email in error,
please contact the sender and delete the material from any computer.


More information about the samba mailing list