[Samba] Some accounts getting locked after server upgrade

Matt Ingram mingram at cbnco.com
Tue Oct 31 15:28:51 GMT 2006 

We just migrated to a new file server.  The new server is running SuSE 
Enterprise 10  which is has samba-3.0.22-13.16 from the old server which 
was running SUSE 8.2 w/ samba-2.2.8a-234 with no problems.  This setup 
is not running domains just straight samba with the accounts managed 
locally.   Some of our users smbpasswd entries keep getting reset.

Here's a before:

jblow:302:489CB325237BB5C4AAD3B435B51404EE:3C3BDEF880C5F5546061368FE831EC51:[UX         
]:LCT-00000000:

and after (we think) the users authenticates again the entry is changed 
to this:

samba.log shows this 4 times:
[2006/10/31 10:09:22, 2] smbd/sesssetup.c:setup_new_vc_session(772)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old resources.
[2006/10/31 10:09:22, 2] smbd/sesssetup.c:setup_new_vc_session(772)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old resources.
[2006/10/31 10:09:23, 2] auth/auth.c:check_ntlm_password(317)
  check_ntlm_password:  Authentication for user [jblow] -> [jblow] 
FAILED with error NT_STATUS_WRONG_PASSWORD

then the smbpasswd has this:

jblow:302:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[DUX         
]:LCT-00000000:



smb.conf looks like this:
[global]
        #client code page = 437
        workgroup = WORKGROUP
        netbios name = SERVER
        admin users = @ntadmin
        keepalive = 30
        encrypt passwords = Yes
        map to guest = Bad User
        log level = 2
        log file = /var/log/samba/samba.log
        announce version = 24
        time server = Yes
        deadtime = 30
        printing = cups
        printcap name = cups
        printcap cache time = 750
        cups options = raw
        use client driver = Yes
        os level = 34
        preferred master = True
        local master = True
        wins server = 192.168.0.25
        read only = No
        domain master = True
        kernel oplocks = No
        remote browse sync = 192.168.0.25

[jblow]
        path = /usr/local/share/people/%u
        read only = No
        create mask = 0600
        directory mask = 0700
        locking = No

/etc/passwd
jblow:x:313:100:Joe Blow:/usr/share/kickout:/bin/false

/etc/shadow
jblow:$2a$10$VY7nr/rYY3bn8bbExzU./O4ZWTrUM17CGe96S8kpIlwPziAO7ZLO6:13451:0:99999:7:::



any ideas... ?

-- 
Matt Ingram
Intermediate Unix Administrator, IS
Canadian Bank Note Company, Limited
\m/

More information about the samba mailing list