Vogle, Brian
1999-Feb-26 18:55 UTC
User domain accounts getting locked out from Win95 machines
We're currently running SAMBA 2.0.0 on Solaris. See below for our smb.conf, smb.conf.%L, and log file. We're running a mix of Win95 and NT client workstations. Users connecting from NT don't have any problems, but users connecting from Win95 machines have their NT network accounts locked out every couple of hours. Due to audit/security reasons, our NT domain accounts are setup to lock after three failed attempts. The Win95 usrs are able to connect fine, but then all of a sudden they are being prompted for a password for IPC$, and when we check we see that their NT domain accounts are locked. out. We're using "security = server", and are pointing to our NT domain PDC (GROUCHO in the smb.conf below). I plan on rolling out 2.0.2 this weekend, and am hoping that this will fix it. ###########################################################################3 Here is the smb.conf... ;======================= Global Settings ====================================[global] ; netbios name = Name that is advertised in the browse list to Windows clients netbios name = midasdev netbios aliases = midastest ; workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4 workgroup = WES ; volume = used to emulate a CDRom label (can be set on a per share basis) volume = Samba ; printing = BSD or SYSV or AIX, etc. printing = bsd printcap name = /etc/printcap load printers = yes ; Uncomment this if you want a guest account ; guest account = pcguest log file = /apps/samba/var/samba-log.%m ; Put a capping on the size of the log files (in Kb) max log size = 50 ; Options for handling file name case sensitivity and / or preservation ; Case Sensitivity breaks many WfW and Win95 apps case sensitive = no short preserve case = yes preserve case = yes ; Security and file integrity related options lock directory = /apps/samba/var/lock locking = yes strict locking = yes ; fake oplocks = yes share modes = yes ; Security modes: USER uses Unix username/passwd, SHARE uses WfW type passwords ; SERVER uses a Windows NT Server to provide authentication services security = server password server = groucho ; Enable Encrypted Passwords encrypt passwords = yes ; Set Location of smbpasswd file smb passwd file = /apps/samba/private/smbpasswd ; Set WINS Server IP Address wins server = 151.142.55.15 ; Performance Related Options ; Before setting socket options read the smb.conf man page!! ; socket options = TCP_NODELAY ;============================ Share Declarations ============================= ; include specific config files for midasdev and midastest include = /apps/samba/lib/smb.conf.%m include = /apps/samba/lib/smb.conf.%L [tmp] comment = Temporary Files path = /tmp read only = no ; public = yes #########################################################################3 Here is the smb.conf.%L (in this case smb.conf.midasdev)... ;======================= Global Settings ====================================[global] ; comment is the equivalent of the NT Description field comment = Midas Development with SAMBA ;============================ Share Declarations ============================= [data] comment = Midas Dev Data Area path = /midasdev/dev/data force create mode = 0666 writeable = yes [archive] comment = Midas Dev Archvie Area path = /midasdev/dev/archive read only = yes [log] comment = Midas Dev Log Area path = /midasdev/dev/log read only = yes ############################################################################ ###3 Here is the log file for a win95 machine that is trying to connect. Previous to this section, the machine was able to connect and get validated without any problems. [1999/02/26 11:59:31, 3] smbd/server.c:(431) Server exit (normal exit) doing parameter include = /apps/samba/lib/smb.conf.%L [1999/02/26 11:59:31, 3] param/params.c:(538) params.c:pm_process() - Processing configuration file "/apps/samba/lib/smb.conf.midastest" [1999/02/26 11:59:31, 3] param/loadparm.c:(2165) Processing section "[global]" doing parameter comment = Midas Stage/Test with SAMBA [1999/02/26 11:59:31, 2] param/loadparm.c:(2182) Processing section "[data]" doing parameter comment = Midas Test Data Area doing parameter path = /midasdev/test/data doing parameter force create mode = 0666 doing parameter writeable = yes [1999/02/26 11:59:31, 2] param/loadparm.c:(2182) Processing section "[archive]" doing parameter comment = Midas Test Archvie Area doing parameter path = /midasdev/test/archive doing parameter read only = yes [1999/02/26 11:59:31, 2] param/loadparm.c:(2182) Processing section "[log]" doing parameter comment = Midas Test Log Area doing parameter path = /midasdev/test/log doing parameter read only = yes [1999/02/26 11:59:31, 2] param/loadparm.c:(2182) Processing section "[tmp]" doing parameter comment = Temporary Files doing parameter path = /tmp doing parameter read only = no [1999/02/26 11:59:31, 3] param/loadparm.c:(2504) pm_process() returned Yes [1999/02/26 11:59:31, 3] param/loadparm.c:(1478) adding IPC service [1999/02/26 11:59:32, 3] smbd/process.c:(565) Transaction 1 of length 158 [1999/02/26 11:59:32, 3] smbd/process.c:(402) switch message SMBnegprot (pid 16023) [1999/02/26 11:59:32, 3] smbd/negprot.c:(332) Requested protocol [PC NETWORK PROGRAM 1.0] [1999/02/26 11:59:32, 3] smbd/negprot.c:(332) Requested protocol [MICROSOFT NETWORKS 3.0] [1999/02/26 11:59:32, 3] smbd/negprot.c:(332) Requested protocol [DOS LM1.2X002] [1999/02/26 11:59:32, 3] smbd/negprot.c:(332) Requested protocol [DOS LANMAN2.1] [1999/02/26 11:59:32, 3] smbd/negprot.c:(332) Requested protocol [Windows for Workgroups 3.1a] [1999/02/26 11:59:32, 3] smbd/negprot.c:(332) Requested protocol [NT LM 0.12] [1999/02/26 11:59:32, 3] libsmb/namequery.c:(546) resolve_name: Attempting lmhosts lookup for name GROUCHO<0x20> [1999/02/26 11:59:32, 4] libsmb/namequery.c:(338) startlmhosts: Can't open lmhosts file /apps/samba/lib/lmhosts. Error was No such file or directory [1999/02/26 11:59:32, 3] libsmb/namequery.c:(574) resolve_name: Attempting host lookup for name GROUCHO<0x20> [1999/02/26 11:59:32, 3] lib/util_sock.c:(707) Connecting to 151.142.55.15 at port 139 [1999/02/26 11:59:32, 3] smbd/password.c:(990) connected to password server GROUCHO [1999/02/26 11:59:32, 3] smbd/password.c:(1018) got session [1999/02/26 11:59:32, 3] smbd/password.c:(1033) password server OK [1999/02/26 11:59:32, 3] smbd/negprot.c:(185) using password server validation [1999/02/26 11:59:32, 3] smbd/negprot.c:(409) Selected protocol NT LM 0.12 [1999/02/26 11:59:32, 3] smbd/process.c:(565) Transaction 2 of length 162 [1999/02/26 11:59:32, 3] smbd/process.c:(402) switch message SMBsesssetupX (pid 16023) [1999/02/26 11:59:32, 3] smbd/reply.c:(675) Domain=[WES] NativeOS=[Windows 4.0] NativeLanMan=[Windows 4.0] [1999/02/26 11:59:32, 3] smbd/reply.c:(679) sesssetupX:name=[BVOGLE] [1999/02/26 11:59:38, 1] smbd/password.c:(1121) password server GROUCHO rejected the password [1999/02/26 11:59:38, 4] passdb/smbpass.c:(140) getsmbfilepwent: end of file reached [1999/02/26 11:59:38, 3] smbd/password.c:(494) Couldn't find user bvogle in smb_passwd file. [1999/02/26 11:59:38, 3] smbd/error.c:(138) error packet at line 781 cmd=115 (SMBsesssetupX) eclass=2 ecode=2 [1999/02/26 11:59:38, 3] smbd/process.c:(565) Transaction 3 of length 162 [1999/02/26 11:59:38, 3] smbd/process.c:(402) switch message SMBsesssetupX (pid 16023) [1999/02/26 11:59:38, 3] smbd/reply.c:(675) Domain=[WES] NativeOS=[Windows 4.0] NativeLanMan=[Windows 4.0] [1999/02/26 11:59:38, 3] smbd/reply.c:(679) sesssetupX:name=[BVOGLE] [1999/02/26 11:59:41, 1] smbd/password.c:(1121) password server GROUCHO rejected the password [1999/02/26 11:59:41, 4] passdb/smbpass.c:(140) getsmbfilepwent: end of file reached [1999/02/26 11:59:41, 3] smbd/password.c:(494) Couldn't find user bvogle in smb_passwd file. [1999/02/26 11:59:41, 3] smbd/error.c:(138) error packet at line 781 cmd=115 (SMBsesssetupX) eclass=2 ecode=2 [1999/02/26 11:59:41, 3] smbd/process.c:(565) Transaction 4 of length 162 [1999/02/26 11:59:41, 3] smbd/process.c:(402) switch message SMBsesssetupX (pid 16023) [1999/02/26 11:59:41, 3] smbd/reply.c:(675) Domain=[WES] NativeOS=[Windows 4.0] NativeLanMan=[Windows 4.0] [1999/02/26 11:59:41, 3] smbd/reply.c:(679) sesssetupX:name=[BVOGLE] [1999/02/26 11:59:41, 1] smbd/password.c:(1121) password server GROUCHO rejected the password [1999/02/26 11:59:41, 4] passdb/smbpass.c:(140) getsmbfilepwent: end of file reached [1999/02/26 11:59:41, 3] smbd/password.c:(494) Couldn't find user bvogle in smb_passwd file. [1999/02/26 11:59:41, 3] smbd/error.c:(138) error packet at line 781 cmd=115 (SMBsesssetupX) eclass=2 ecode=2 [1999/02/26 11:59:41, 3] smbd/process.c:(565) Transaction 5 of length 162 [1999/02/26 11:59:41, 3] smbd/process.c:(402) switch message SMBsesssetupX (pid 16023) [1999/02/26 11:59:41, 3] smbd/reply.c:(675) Domain=[WES] NativeOS=[Windows 4.0] NativeLanMan=[Windows 4.0] [1999/02/26 11:59:41, 3] smbd/reply.c:(679) sesssetupX:name=[BVOGLE] [1999/02/26 11:59:41, 1] smbd/password.c:(1121) password server GROUCHO rejected the password [1999/02/26 11:59:41, 4] passdb/smbpass.c:(140) getsmbfilepwent: end of file reached [1999/02/26 11:59:41, 3] smbd/password.c:(494) Couldn't find user bvogle in smb_passwd file. [1999/02/26 11:59:41, 3] smbd/error.c:(138) error packet at line 781 cmd=115 (SMBsesssetupX) eclass=2 ecode=2 [1999/02/26 11:59:41, 3] smbd/process.c:(755) end of file from client [1999/02/26 11:59:41, 2] smbd/server.c:(406) Closing connections [1999/02/26 11:59:41, 3] smbd/server.c:(431) Server exit (normal exit) [1999/02/26 12:00:22, 3] lib/doscalls.c:(327) dos_ChDir to /apps/samba/lib [1999/02/26 12:02:01, 3] smbd/process.c:(565) Transaction 10 of length 39 [1999/02/26 12:02:01, 3] smbd/process.c:(402) switch message SMBtdis (pid 16021) [1999/02/26 12:02:01, 1] smbd/service.c:(514) bvlap2 (172.18.181.10) closed connection to service archive [1999/02/26 12:02:01, 3] smbd/connection.c:(40) Yielding connection to archive [1999/02/26 12:02:01, 3] smbd/connection.c:(40) Yielding connection to STATUS. [1999/02/26 12:02:01, 3] smbd/connection.c:(105) Yield successful [1999/02/26 12:02:01, 3] smbd/process.c:(755) end of file from client [1999/02/26 12:02:01, 2] smbd/server.c:(406) Closing connections [1999/02/26 12:02:01, 3] smbd/server.c:(431) Server exit (normal exit) ############################################################################ ###3 I know this is a lot to stick in an email, but I'd appreciate any help that anyone can offer. Thanks, --Brian Vogle Network Administrator Williams Energy Marketing & Trading bvogle@energy.twc.com