[Samba] Trying to access share on a workgroup computer locks domain account

[Miguel Duarte]

Hi,

I'm having a strange problem.
I've setup a Samba server in Active Directory without any issues. I can get
the group and user list, add ACL to the shares, etc.
If I try to access the share from a windows machine on the same domain,
everything is fine.
But when I try to access the same share from a windows machine which is not
on the domain (it's in a workgroup, for example), instead of getting the
popup asking for credentials, the user domain account gets locked (because
of failed logins).

Here's my smb.conf:

[global]
        netbios name = MACHINE
        socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
        idmap uid = 20000-30000
        winbind enum users = yes
        winbind gid = 20000-30000
        workgroup = WHATEVER
        os level = 20
        winbind enum groups = yes
        socket address = x.x.x.x
        password server = *
        preferred master = no
        winbind separator = +
        max log size = 50
        log file = /var/log/samba/log.%m
        encrypt passwords = yes
        dns proxy = no
        realm = WHATEVER
        security = ADS
        wins server = x.x.x.x
        wins proxy = no
        winbind use default domain = yes

A sample share:

[teste]
        path = /var/samba/teste
        browseable = yes
        read only = no
        inherit acls = yes
        inherit permissions = yes
        create mask = 700
        directory mask = 700
        valid users = @"DOMAIN+Domain Users"
        admin users = @"DOMAIN+Domain Admins"

Thanks in advance for any help.

Best regards,

Miguel Duarte