[Samba] Users with changed passwords can't log on remotely (but can
locally)
Ed Holden
eholden at mclean.harvard.edu
Tue Jan 18 14:41:25 GMT 2005
(I submitted this last week, but hopefully someone who knows the
intricacies of secrets.tdb and machine migrations will read this ...)
I migrated a complete Samba configuration from an old server to a new
one, including the entire /etc/samba directory and all user accounts.
At first, no clients were aware that anything had changed. But when I
changed the passwords of two users they suddenly couldn't connect.
Doesn't matter whether it's the old or new password - Samba rejects it
as invalid. I even tried to change the passwords back to what they
were, with no success. Oddly, they can both connect fine from the
server itself when I do this:
smbclient -L 127.0.0.1 -U username
Password:
...
But when I issue the same command from a remote machine, it fails:
smbclient -L servername.domain.com -U username
Password:
session setup failed: NT_STATUS_LOGON_FAILURE
Local OK, remote bad. It boggles the mind. Here are some things I've
tried:
- I made sure that the UIDs all match.
- I made sure that the new server has the old server's local SID, and
that the users' SIDs matched the machine SID.
- I disabled the firewall.
- I made sure the old server is off.
So this really is a case of Samba rejecting a login for a remote machine
but allowing the same login locally - but only for users with changed
passwords. It's version 3.0.2a, which came with Yellow Dog Linux.
I'm guessing it's something in the secrets.tdb database, though when I
delete the database and Samba recreates it, the problems are not solved.
Anyone ever seen anything like this?
Thanks in advance,
Ed
--
:: Ed Holden
:: Administrator, Research Information Systems
:: McLean Hospital
:: Tel: (617) 855-2822
:: Web: http://research.mclean.harvard.edu/ris
Any information, including protected health information (PHI), transmitted
in this email is intended only for the person or entity to which it is
addressed and may contain information that is privileged, confidential and or
exempt from disclosure under applicable Federal or State law. Any review,
retransmission, dissemination or other use of or taking of any action in
reliance upon, protected health information (PHI) by persons or entities other
than the intended recipient is prohibited. If you received this email in error,
please contact the sender and delete the material from any computer.
More information about the samba
mailing list