Hi Rainer,
there is a problem in 1.9.18p8 that prevents the use of "security
server". Jeremy fixed this and the fix will be in 1.9.18p9. In the
meanwhile, here's the patch you need to use:
--- samba-1.9.18p8.orig/source/reply.c
+++ samba-1.9.18p8/source/reply.c
@@ -409,6 +409,7 @@
pstring smb_ntpasswd;
BOOL valid_nt_password = False;
pstring user;
+ pstring orig_user;
BOOL guest=False;
BOOL computer_id=False;
static BOOL done_sesssetup = False;
@@ -587,6 +588,14 @@
reload_services(True);
/*
+ * Save the username before mapping. We will use
+ * the original username sent to us for security=server
+ * checking.
+ */
+
+ pstrcpy( orig_user, user);
+
+ /*
* Pass the user through the NT -> unix user mapping
* function.
*/
@@ -609,7 +618,8 @@
guest = True;
if (!guest && !(lp_security() == SEC_SERVER &&
- server_validate(user, domain,
+ /* Check with orig_user for security=server. */
+ server_validate(orig_user, domain,
smb_apasswd, smb_apasslen,
smb_ntpasswd, smb_ntpasslen)) &&
!check_hosts_equiv(user))
Apply this, recompile, and everything should be fine.
rainer.von-bongartz@db.com wrote:>
> We are using samba with a NT4.0 Primary Domain Controller as a samba
password
> server.
>
> Logon validation on the primary domain controller works fine, the NT
machine
> validates the user password.
>
> BUT: On the NT PDC the event log shows numerous entries saying:
> Unknown user or wrong password
>
> Did anybody experience this too ????
>
> Rainer von Bongartz
> /D/I/L/
> rainer.von-bongartz@dil.de
>
>
>
>
--
Eloy A. Paris
Information Technology Department
Rockwell Automation Venezuela
Telephone: +58-2-9432311 Fax: +58-2-9431645