[Samba] Credential caching (I guess) problems
Pat Riehecky
prieheck at iwu.edu
Wed Jun 6 20:33:32 GMT 2007
I am trying to get rid of our broken domain out here. I could go on for
hours about how it was not built at all sanely...
Anyway, in the attempt to remove it so that we can start over I built a
samba box, joined it to the domain long enough to vampire the accounts
down and then booted it from the domain (since my problems with
elections went unanswered).
I have a user not on the domain trying to connect to my new server. His
box is trying to login with SPNEGO but failing because his local user
name (this particular user is named Administrator locally) is not his
domain username.
The system eventually gives up (3 attempts) and says "Account locked
out." It does this without EVER prompting for a user name and password.
How on earth do I fix that so if SPNEGO fails it tries to
(re-)authenticate the user?
samba 3.0.24-2ubuntu1.2
# testparm
[global]
display charset = UTF8
workgroup = IWU_LEARN
server string = %h server (Samba, Ubuntu)
client schannel = No
obey pam restrictions = Yes
passdb backend = tdbsam
algorithmic rid base = 10000
passwd program = /usr/bin/passwd %u
username map = /etc/samba/users.map
restrict anonymous = 2
lanman auth = No
client NTLMv2 auth = Yes
client lanman auth = No
client plaintext auth = No
log level = 1
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
smb ports = 139
min protocol = NT1
max mux = 100
max xmit = 65535
deadtime = 900
max disk size = 5240
socket options = TCP_NODELAY SO_KEEPALIVE IPTOS_LOWDELAY
IPTOS_THROUGHPUT
load printers = No
domain logons = Yes
os level = 1
lm announce = No
wins server = 192.168.132.25
lock spin count = 30
lock spin time = 15
remote announce = 192.168.132.255/IWU_LEARN
panic action = /usr/share/samba/panic-action %d
invalid users = backup, bin, daemon, dhcp, games, gnats, irc,
klog, list, lp, mail, man, news, nobody, postfix, proxy, sync, sys,
syslog, uucp, www-data, root
hosts allow = 192.168.132., 10., 172.16.1., 127.0.0.1
hosts deny = 0.0.0.0/0
ea support = Yes
map acl inherit = Yes
change notify timeout = 300
[homes]
comment = Home Directories
valid users = %S
browseable = No
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = Yes
share modes = No
[IPC$]
path = /var/empty
guest ok = Yes
[ADMIN$]
path = /var/empty
guest ok = Yes
[template]
path = /tmp
read only = No
create mask = 0775
directory mask = 0775
strict allocate = Yes
use sendfile = Yes
case sensitive = Yes
preserve case = No
hide special files = Yes
hide unreadable = Yes
hide unwriteable files = Yes
browseable = No
fstype = FAT
wide links = No
[testshare]
copy = template
More information about the samba
mailing list