[Samba] Users with changed passwords can't log on remotely (but can locally)

Ed Holden eholden at mclean.harvard.edu
Wed Jan 19 19:18:33 GMT 2005 

The NT_STATUS_LOGON_FAILURE error is on the client side.  It doesn't 
appear in any of the logs.  I grep'd * for it.

:: Ed Holden
:: Administrator, Research Information Systems
:: McLean Hospital
:: Tel: (617) 855-2822
:: Web: http://research.mclean.harvard.edu/ris


Tomasz Chmielewski wrote:
> Ed Holden wrote:
> 
>> OK, Tomek, here it is.  Debug level is 7; let me know if that's OK.
>>
>> What's happening in these logs is this: I am twice connecting to DMC1, 
>> the Samba server, from a remote machine using smbclient.  First I use 
>> the username "nrladmin," which is an account that works, and I get a 
>> list of shares.  Then I connect as "oisacson," which has had its 
>> password changed, and get a "session setup failed: 
>> NT_STATUS_LOGON_FAILURE" error.  (However  on the server itself I can 
>> connect with this user to 127.0.0.1.)
> 
> 
> I don't see anything in the logs... not even NT_STATUS_LOGON_FAILURE you 
> mentioned. Is it the right log?
> 
>> Finally, here is smb.conf, minus the commented lines.
>>
>> [global]
>>
>>   workgroup = RESEARCH
>>   netbios name = DMC1
>>   server string = Neuroregeneration Samba Server %v
>>   log file = /var/log/samba/log.%m
>>   max log size = 50
>>   log level = 10
>>   map to guest = bad user
>>   security = user
>>   encrypt passwords = yes
>>   smb passwd file = /etc/samba/smbpasswd
>>   username map = /etc/samba/smbusers
>>   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>   local master = yes
>>   os level = 64
>>   domain master = no
>>   preferred master = yes
>>   dns proxy = no
>>
>> [NRL Folders]
>>   comment = NRL Data Folders
>>   browseable = yes
>>   writeable = yes
>>   path = /home/nrldata
>>   create mask = 7777
>>   directory mask = 7770
>>   fstype = Samba
>>   hide dot files = no
>>   guest ok = no
>>
>> Hope there's a clue in there somewhere.  This configuration worked 
>> fine on the old Samba server.
> 
> 
> No clue.
> What if you try and/or encrypt passwords = no and/or security = share 
> and/or remove fstype = Samba:
> 
> [NRLers]
>    comment = NRL Data Folders
>    browseable = yes
>    writeable = yes
>    path = /home/nrldata2
>    create mask = 7777
>    directory mask = 7770
>    fstype = Samba
>    hide dot files = no
>    guest ok = no
> 
> 
> Tomek


Any information, including protected health information (PHI), transmitted
 in this email is intended only for the person or entity to which it is
addressed and may contain information that is privileged, confidential and or
exempt from disclosure under applicable Federal or State law. Any review,
retransmission, dissemination or other use of or taking of any action in
reliance upon, protected health information (PHI) by persons or entities other
than the intended recipient is prohibited. If you received this email in error,
please contact the sender and delete the material from any computer.

More information about the samba mailing list