[Samba] Users with changed passwords can't log on remotely (but can locally)

Ed Holden eholden at mclean.harvard.edu
Tue Jan 18 14:41:25 GMT 2005

(I submitted this last week, but hopefully someone who knows the 
intricacies of secrets.tdb and machine migrations will read this ...)

I migrated a complete Samba configuration from an old server to a new 
one, including the entire /etc/samba directory and all user accounts. 
At first, no clients were aware that anything had changed.  But when I 
changed the passwords of two users they suddenly couldn't connect. 
Doesn't matter whether it's the old or new password - Samba rejects it 
as invalid.  I even tried to change the passwords back to what they 
were, with no success.  Oddly, they can both connect fine from the 
server itself when I do this:

  smbclient -L -U username

But when I issue the same command from a remote machine, it fails:

  smbclient -L servername.domain.com -U username
  session setup failed: NT_STATUS_LOGON_FAILURE

Local OK, remote bad.  It boggles the mind.  Here are some things I've 

- I made sure that the UIDs all match.

- I made sure that the new server has the old server's local SID, and 
that the users' SIDs matched the machine SID.

- I disabled the firewall.

- I made sure the old server is off.

So this really is a case of Samba rejecting a login for a remote machine 
but allowing the same login locally - but only for users with changed 
passwords.  It's version 3.0.2a, which came with Yellow Dog Linux. 
I'm guessing it's something in the secrets.tdb database, though when I 
delete the database and Samba recreates it, the problems are not solved. 
  Anyone ever seen anything like this?

Thanks in advance,


:: Ed Holden
:: Administrator, Research Information Systems
:: McLean Hospital
:: Tel: (617) 855-2822
:: Web: http://research.mclean.harvard.edu/ris

Any information, including protected health information (PHI), transmitted
 in this email is intended only for the person or entity to which it is
addressed and may contain information that is privileged, confidential and or
exempt from disclosure under applicable Federal or State law. Any review,
retransmission, dissemination or other use of or taking of any action in
reliance upon, protected health information (PHI) by persons or entities other
than the intended recipient is prohibited. If you received this email in error,
please contact the sender and delete the material from any computer.

More information about the samba mailing list