Carolyn Mayr
2002-Nov-18 13:44 UTC
[Samba] SUMMARY: Samba "unable to validate password" error
To sunmanagers and samba@lists readers: Thank you all so much for your help with the samba issue. Although the problem was not solved, your suggestions made it possible for us to narrow down the problem. We believe the problem are two office PCs that were recently configured with some new test software. All other PCs and user accounts work fine. I do need to upgrade samba to a newer version which I intend to do. Again, thank you all again and I have documented your suggestions below. Carolyn Mayr ====From: "Haywood, Steven" <shaywood@hurricaneseye.com Do the new users have an entry in the Sun machine's password database? (either /etc/passwd or NIS) ====From: "Dinwiddie, Ron (TIFPC)" <RDinwid@templeinland.com I have experienced this as well and have yet to find "the solution", however, I have found a workaround for my situation that you may want to use while continuing to look for a better, more permanent solution. My workaround is to create a Unix account for the Samba users - only the login id needs to match - the password doesn't. Once I've created the user account, the user is no longer prompted for a password. I've only noticed this since we upgraded Samba in the past 3 - 4 months, so it may have something to do with that. *** The only other thing that I've done in some cases is to add an entry to the smb.conf file that allows "guests" access to that shared file system: [shared_name] comment = just a comment for me path = /export/harvest_pkg_web guest ok = yes ====From sellers <sellers@oakland.edu> Have you upgraded your NT server recently. MS often adds things in that makes things like SAMBA break and you have to upgrade SAMBA as well to fix what MS breaks. *** Yes. Service Packs are essentially upgrades. For example, SP3 broke a lot of things for NT4. ====From: "Mike Stewart" <mike@powys-training.co.uk> have you created the new user accounts in Unix and also in smbpasswd ? ====From: joe.fletcher@btconnect.com Looks like your samba server has lost membership of the NT domain. May be something simple like an expired password. Check the NT server event logs for more detail on the failure. You may have to re-add the samba server to the domain. On a related note I've always found Alpha/Tru64 with it's ASU product superior to samba. Since you are an EDU site licensing is free. Worth a look if you get the chance. ====From: Alex Ranchoux <aranchoux@yahoo.com> To ensure that you do not get this authentication problem: 1-make sure usernameA exist in local /etc/passwd file 2-make sure usernameA exist in smb passwd db (file) NB:cd /samba/home/location/samba/bin then, add the usernameA with this command smbpasswd -a usernameA Note: the user will have to type its NT passwd twice. 3-make sure that both usernameA/passwd are identical on: -your NT machine -your local /etc/passwd file -you local smbpasswd db file Only then you will not get the error message while trying to access your samba share via an NT client. ====From: "Koehler, Michael" <M.Koehler@vivanco.de> Here you can see what is going wrong:>[2002/11/15 07:53:51, 1] smbd/password.c:(500) > Couldn't find user 'velazque' in smb_passwd file.The users have to be defined in the smbpasswd file, also they have been to defined as unix user!! Check first which passwd file your samba is using: root@sun02 # ./testparm|grep passwd <---- here you press enter, Carolyn!!! smb passwd file = /etc/opt/samba/private/smbpasswd <---- thats the path to the file passwd program = /bin/passwd passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No look at the file for the user velazque if the user is not in the file you can add him with the command in the ./bin -directory of your samba: ./smpasswd -a velazque enter the password for him. That must help in your situation, if there are any more question, please come back. ====From fabrice@life.net Fri Nov 15 12:53 EST 2002 've run into a similar problem before, except that in my case it hadn't worked in the past. I was using a Win2K domain, instead of NT, but this may work as well. Run: /usr/local/bin/smbpasswd -j domainanme -r ntserver -UAdministrator domainname = being your windows domain name ntserver = your windows NT server name (name should be in local /etc/hosts) You will then need to type the Windows Domain Administrator password. I hope this helps! *** I forgot to mention that in addition to that I had to set "security = DOMAIN" in /etc/smb.conf and enable password encryption. ====From: Helen Nulty <hnulty@email.unc.edu> We use the following name resolve order = lmhosts host wins bcast ...just reaching. *** We do use an LMHOSTS file. Maybe that will help? ====From: "Nuno Espirito Santo" <nfs@advancecare.com> Don't know if I'm too late or even if it's the correct answer but here it goes... I had a similar problem, although the smb server was in a suse-linux box. I had to go to our PDC, remove the smb server(linux box) from the domain, sincronize the domain and then when I issued the smbpassword command on linux it went ok. Hope it helped. ====From: "Harlan Braude" <hbraude@audible.com> Your problem is most likely not on your Samba server. It's on the PC clients - the new ones, that is. You must enable "plain text passwords" on each client. It requires a change to a registry key, which can be done using regedit. Sorry, I don't recall the name of the key right now (yeah, big help, huh! sorry), but I can get it Monday if you're not able to find it on your own. Good luck. ********************* ORIGINAL MESSAGE ********************* From: Carolyn Mayr <carolyn@usna.edu> Subject: Samba "unable to validate password" error To: sunmanagers@sunmanagers.org Date: Fri, 15 Nov 2002 09:40:54 -0500 (EST) Managers, I have an emergency and am at the end of my resources and hope you can help. I'm a samba newbie and hope you can point me to an answer. Our Samba2.0.5 server is a Sun Enterprise 450 (Solaris 7). Our PDC is an NT machine called warrior. The warrior is the smbpasswd server and the domain is CSDEPARTMENT. We've been running samba for the past 2 years with no problem. Now we are seeing a problem with new users in the CSDEPARTMENT domain when a user tries to log in from their PC to our samba server: [2002/11/15 07:53:51, 0] smbd/password.c:(1470) domain_client_validate: unable to validate password for user velazque in domain CSDEPARTMENT to Domain controller WARRIOR. Error was code 0. [2002/11/15 07:53:51, 1] smbd/password.c:(500) Couldn't find user 'velazque' in smb_passwd file. [2002/11/15 07:53:51, 1] smbd/password.c:(500) Couldn't find user 'velazque' in smb_passwd file. [2002/11/15 07:53:51, 1] smbd/reply.c:(925) Rejecting user 'velazque': authentication failed [2002/11/15 07:53:51, 1] smbd/server.c:(641) smbd version 2.0.7 started. I don't know what is causing this. I reviewed my smb.conf file using the Samba Unleashed book and according to the book, it's correct. I thought maybe the problem was with the PDC credentials so I tried this: #/opt/samba/bin/smbpasswd -j CSDEPARTMENT -r warrior cli_net_auth2: Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds: auth2 challenge failed modify_trust_password: unable to setup the PDC credentials to machine WARRIOR. Error was : NT_STATUS_ACCESS_DENIED. 2002/11/15 09:34:55 : change_trust_account_password: Failed to change password for domain CSDEPARTMENT. Unable to join domain CSDEPARTMENT. Could this be why I'm having the user validation problem? BTW, we do have an /etc/opt/samba/private directory with some old files: -rw-r--r-- 1 root root 40 Aug 17 2000 MACHINE.SID -rw------- 1 root root 127 Apr 30 2001 smbpasswd -rw-r--r-- 1 root other 25 Aug 18 2000 smbpasswd.junk Please help!!!! =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-Carolyn A. Mayr (UNIX System Administrator) Voice: (410) 293-6808 (sec-6800) Computer Science Department, DivMath&Sci Email: carolyn@usna.edu 572 Holloway Road, Chauvenet Hall, Stop 9F FAX: (410) 293-2686 U.S. Naval Academy WWW: http://www.cs.usna.edu Annapolis, MD 21402-5002 USNA: (410) 293-1000 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=