[Samba] old CIFS mount causes account lockout in AD when password changed

Paul Raines raines at nmr.mgh.harvard.edu
Tue Dec 15 21:02:53 UTC 2020

We had a user whose account in AD was locked out due to bad auth limit after 
changing his password. The AD team would unlock it but it would get 
immediately locked up again in a few minutes

Eventually we got someone who could read the logs to find out the bad auth 
errors were coming from one of the central storage servers.  But no
one could track it any further than that.

We eventually found the user has made a mount.cifs mount on a Linux
box just doing

   mount.cifs //server/share /mnt/tmp -o user=ADuser,domain=ADdomain

that was still mounted.  As soon as we unmounted it the bad auth errors
to AD went away and the account stayed unlocked in AD

Is the cifs module caching the password and re-using it to reconnect if
the connection is cut?  Is there anyway to prevent that or limit the

More information about the samba mailing list