Vogle, Brian
1999-Feb-26 18:55 UTC
User domain accounts getting locked out from Win95 machines
We're currently running SAMBA 2.0.0 on Solaris. See below for our smb.conf,
smb.conf.%L, and log file. We're running a mix of Win95 and NT client
workstations. Users connecting from NT don't have any problems, but users
connecting from Win95 machines have their NT network accounts locked out
every couple of hours.
Due to audit/security reasons, our NT domain accounts are setup to lock
after three failed attempts.
The Win95 usrs are able to connect fine, but then all of a sudden they are
being prompted for a password for IPC$, and when we check we see that their
NT domain accounts are locked. out.
We're using "security = server", and are pointing to our NT domain
PDC
(GROUCHO in the smb.conf below).
I plan on rolling out 2.0.2 this weekend, and am hoping that this will fix
it.
###########################################################################3
Here is the smb.conf...
;======================= Global Settings
====================================[global]
; netbios name = Name that is advertised in the browse list to Windows
clients
netbios name = midasdev
netbios aliases = midastest
; workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4
workgroup = WES
; volume = used to emulate a CDRom label (can be set on a per share basis)
volume = Samba
; printing = BSD or SYSV or AIX, etc.
printing = bsd
printcap name = /etc/printcap
load printers = yes
; Uncomment this if you want a guest account
; guest account = pcguest
log file = /apps/samba/var/samba-log.%m
; Put a capping on the size of the log files (in Kb)
max log size = 50
; Options for handling file name case sensitivity and / or preservation
; Case Sensitivity breaks many WfW and Win95 apps
case sensitive = no
short preserve case = yes
preserve case = yes
; Security and file integrity related options
lock directory = /apps/samba/var/lock
locking = yes
strict locking = yes
; fake oplocks = yes
share modes = yes
; Security modes: USER uses Unix username/passwd, SHARE uses WfW type
passwords
; SERVER uses a Windows NT Server to provide authentication services
security = server
password server = groucho
; Enable Encrypted Passwords
encrypt passwords = yes
; Set Location of smbpasswd file
smb passwd file = /apps/samba/private/smbpasswd
; Set WINS Server IP Address
wins server = 151.142.55.15
; Performance Related Options
; Before setting socket options read the smb.conf man page!!
; socket options = TCP_NODELAY
;============================ Share Declarations
=============================
; include specific config files for midasdev and midastest
include = /apps/samba/lib/smb.conf.%m
include = /apps/samba/lib/smb.conf.%L
[tmp]
comment = Temporary Files
path = /tmp
read only = no
; public = yes
#########################################################################3
Here is the smb.conf.%L (in this case smb.conf.midasdev)...
;======================= Global Settings
====================================[global]
; comment is the equivalent of the NT Description field
comment = Midas Development with SAMBA
;============================ Share Declarations
=============================
[data]
comment = Midas Dev Data Area
path = /midasdev/dev/data
force create mode = 0666
writeable = yes
[archive]
comment = Midas Dev Archvie Area
path = /midasdev/dev/archive
read only = yes
[log]
comment = Midas Dev Log Area
path = /midasdev/dev/log
read only = yes
############################################################################
###3
Here is the log file for a win95 machine that is trying to connect.
Previous to this section, the machine was able to connect and get validated
without any problems.
[1999/02/26 11:59:31, 3] smbd/server.c:(431)
Server exit (normal exit)
doing parameter include = /apps/samba/lib/smb.conf.%L
[1999/02/26 11:59:31, 3] param/params.c:(538)
params.c:pm_process() - Processing configuration file
"/apps/samba/lib/smb.conf.midastest"
[1999/02/26 11:59:31, 3] param/loadparm.c:(2165)
Processing section "[global]"
doing parameter comment = Midas Stage/Test with SAMBA
[1999/02/26 11:59:31, 2] param/loadparm.c:(2182)
Processing section "[data]"
doing parameter comment = Midas Test Data Area
doing parameter path = /midasdev/test/data
doing parameter force create mode = 0666
doing parameter writeable = yes
[1999/02/26 11:59:31, 2] param/loadparm.c:(2182)
Processing section "[archive]"
doing parameter comment = Midas Test Archvie Area
doing parameter path = /midasdev/test/archive
doing parameter read only = yes
[1999/02/26 11:59:31, 2] param/loadparm.c:(2182)
Processing section "[log]"
doing parameter comment = Midas Test Log Area
doing parameter path = /midasdev/test/log
doing parameter read only = yes
[1999/02/26 11:59:31, 2] param/loadparm.c:(2182)
Processing section "[tmp]"
doing parameter comment = Temporary Files
doing parameter path = /tmp
doing parameter read only = no
[1999/02/26 11:59:31, 3] param/loadparm.c:(2504)
pm_process() returned Yes
[1999/02/26 11:59:31, 3] param/loadparm.c:(1478)
adding IPC service
[1999/02/26 11:59:32, 3] smbd/process.c:(565)
Transaction 1 of length 158
[1999/02/26 11:59:32, 3] smbd/process.c:(402)
switch message SMBnegprot (pid 16023)
[1999/02/26 11:59:32, 3] smbd/negprot.c:(332)
Requested protocol [PC NETWORK PROGRAM 1.0]
[1999/02/26 11:59:32, 3] smbd/negprot.c:(332)
Requested protocol [MICROSOFT NETWORKS 3.0]
[1999/02/26 11:59:32, 3] smbd/negprot.c:(332)
Requested protocol [DOS LM1.2X002]
[1999/02/26 11:59:32, 3] smbd/negprot.c:(332)
Requested protocol [DOS LANMAN2.1]
[1999/02/26 11:59:32, 3] smbd/negprot.c:(332)
Requested protocol [Windows for Workgroups 3.1a]
[1999/02/26 11:59:32, 3] smbd/negprot.c:(332)
Requested protocol [NT LM 0.12]
[1999/02/26 11:59:32, 3] libsmb/namequery.c:(546)
resolve_name: Attempting lmhosts lookup for name GROUCHO<0x20>
[1999/02/26 11:59:32, 4] libsmb/namequery.c:(338)
startlmhosts: Can't open lmhosts file /apps/samba/lib/lmhosts. Error was
No such file or directory
[1999/02/26 11:59:32, 3] libsmb/namequery.c:(574)
resolve_name: Attempting host lookup for name GROUCHO<0x20>
[1999/02/26 11:59:32, 3] lib/util_sock.c:(707)
Connecting to 151.142.55.15 at port 139
[1999/02/26 11:59:32, 3] smbd/password.c:(990)
connected to password server GROUCHO
[1999/02/26 11:59:32, 3] smbd/password.c:(1018)
got session
[1999/02/26 11:59:32, 3] smbd/password.c:(1033)
password server OK
[1999/02/26 11:59:32, 3] smbd/negprot.c:(185)
using password server validation
[1999/02/26 11:59:32, 3] smbd/negprot.c:(409)
Selected protocol NT LM 0.12
[1999/02/26 11:59:32, 3] smbd/process.c:(565)
Transaction 2 of length 162
[1999/02/26 11:59:32, 3] smbd/process.c:(402)
switch message SMBsesssetupX (pid 16023)
[1999/02/26 11:59:32, 3] smbd/reply.c:(675)
Domain=[WES] NativeOS=[Windows 4.0] NativeLanMan=[Windows 4.0]
[1999/02/26 11:59:32, 3] smbd/reply.c:(679)
sesssetupX:name=[BVOGLE]
[1999/02/26 11:59:38, 1] smbd/password.c:(1121)
password server GROUCHO rejected the password
[1999/02/26 11:59:38, 4] passdb/smbpass.c:(140)
getsmbfilepwent: end of file reached
[1999/02/26 11:59:38, 3] smbd/password.c:(494)
Couldn't find user bvogle in smb_passwd file.
[1999/02/26 11:59:38, 3] smbd/error.c:(138)
error packet at line 781 cmd=115 (SMBsesssetupX) eclass=2 ecode=2
[1999/02/26 11:59:38, 3] smbd/process.c:(565)
Transaction 3 of length 162
[1999/02/26 11:59:38, 3] smbd/process.c:(402)
switch message SMBsesssetupX (pid 16023)
[1999/02/26 11:59:38, 3] smbd/reply.c:(675)
Domain=[WES] NativeOS=[Windows 4.0] NativeLanMan=[Windows 4.0]
[1999/02/26 11:59:38, 3] smbd/reply.c:(679)
sesssetupX:name=[BVOGLE]
[1999/02/26 11:59:41, 1] smbd/password.c:(1121)
password server GROUCHO rejected the password
[1999/02/26 11:59:41, 4] passdb/smbpass.c:(140)
getsmbfilepwent: end of file reached
[1999/02/26 11:59:41, 3] smbd/password.c:(494)
Couldn't find user bvogle in smb_passwd file.
[1999/02/26 11:59:41, 3] smbd/error.c:(138)
error packet at line 781 cmd=115 (SMBsesssetupX) eclass=2 ecode=2
[1999/02/26 11:59:41, 3] smbd/process.c:(565)
Transaction 4 of length 162
[1999/02/26 11:59:41, 3] smbd/process.c:(402)
switch message SMBsesssetupX (pid 16023)
[1999/02/26 11:59:41, 3] smbd/reply.c:(675)
Domain=[WES] NativeOS=[Windows 4.0] NativeLanMan=[Windows 4.0]
[1999/02/26 11:59:41, 3] smbd/reply.c:(679)
sesssetupX:name=[BVOGLE]
[1999/02/26 11:59:41, 1] smbd/password.c:(1121)
password server GROUCHO rejected the password
[1999/02/26 11:59:41, 4] passdb/smbpass.c:(140)
getsmbfilepwent: end of file reached
[1999/02/26 11:59:41, 3] smbd/password.c:(494)
Couldn't find user bvogle in smb_passwd file.
[1999/02/26 11:59:41, 3] smbd/error.c:(138)
error packet at line 781 cmd=115 (SMBsesssetupX) eclass=2 ecode=2
[1999/02/26 11:59:41, 3] smbd/process.c:(565)
Transaction 5 of length 162
[1999/02/26 11:59:41, 3] smbd/process.c:(402)
switch message SMBsesssetupX (pid 16023)
[1999/02/26 11:59:41, 3] smbd/reply.c:(675)
Domain=[WES] NativeOS=[Windows 4.0] NativeLanMan=[Windows 4.0]
[1999/02/26 11:59:41, 3] smbd/reply.c:(679)
sesssetupX:name=[BVOGLE]
[1999/02/26 11:59:41, 1] smbd/password.c:(1121)
password server GROUCHO rejected the password
[1999/02/26 11:59:41, 4] passdb/smbpass.c:(140)
getsmbfilepwent: end of file reached
[1999/02/26 11:59:41, 3] smbd/password.c:(494)
Couldn't find user bvogle in smb_passwd file.
[1999/02/26 11:59:41, 3] smbd/error.c:(138)
error packet at line 781 cmd=115 (SMBsesssetupX) eclass=2 ecode=2
[1999/02/26 11:59:41, 3] smbd/process.c:(755)
end of file from client
[1999/02/26 11:59:41, 2] smbd/server.c:(406)
Closing connections
[1999/02/26 11:59:41, 3] smbd/server.c:(431)
Server exit (normal exit)
[1999/02/26 12:00:22, 3] lib/doscalls.c:(327)
dos_ChDir to /apps/samba/lib
[1999/02/26 12:02:01, 3] smbd/process.c:(565)
Transaction 10 of length 39
[1999/02/26 12:02:01, 3] smbd/process.c:(402)
switch message SMBtdis (pid 16021)
[1999/02/26 12:02:01, 1] smbd/service.c:(514)
bvlap2 (172.18.181.10) closed connection to service archive
[1999/02/26 12:02:01, 3] smbd/connection.c:(40)
Yielding connection to archive
[1999/02/26 12:02:01, 3] smbd/connection.c:(40)
Yielding connection to STATUS.
[1999/02/26 12:02:01, 3] smbd/connection.c:(105)
Yield successful
[1999/02/26 12:02:01, 3] smbd/process.c:(755)
end of file from client
[1999/02/26 12:02:01, 2] smbd/server.c:(406)
Closing connections
[1999/02/26 12:02:01, 3] smbd/server.c:(431)
Server exit (normal exit)
############################################################################
###3
I know this is a lot to stick in an email, but I'd appreciate any help that
anyone can offer.
Thanks,
--Brian Vogle
Network Administrator
Williams Energy Marketing & Trading
bvogle@energy.twc.com