Nelson, John P.
1999-Mar-15 17:28 UTC
Security = domain: wrong error code on login failure?
I just started using security=domain (samba 2.0.3, clients NT4 service pack 3). I've noticed a very strange behavior of NT 4 when interacting with the security=domain server. When users log in with normal NT domain accounts, everything is fine. But we sometimes have users log in to NT with a local account, then they connect to a network share using the "Connect as" facility to supply a network identify. The initial connection works as expected: the problem occurs when the user logs out, then logs in again using the same (non-domain, i.e. local) NT account. When logging back in, NT displays the usual "Restoring Network Connections" popup, and as expected, the connection to the samba server fails (because no network password has been supplied). The standard "Enter Network Password" popup is displayed. ------------------- Enter Network Password Incorrect password for computername\sharename You last connected to this computer as domainname\username Password: ------------------- Now, here's where the odd behavior is. With an NT server (or samba using security=server), I can hit the "cancel" button if I don't want to connect the network drive in this session - NT displays a dialog describing the error, and an optional checkbox which says "do not try to restore this connection in the future". If I don't check the "don't restore" checkbox, then NT will not successfully complete the login: it continuously pops up the same "Enter Network Password" dialog, above. The only thing that can break you out of the loop is either supplying the correct password, or hitting CTL-ALT-DEL and logging out (and even then, you have to explicitly kill EXPLORER.EXE, because it doesn't shut down properly on it's own). Apparently, each time I click on CANCEL, it does some form of connection attempt anyway. The first time I played with this, my NT domain account was locked out because I had too many bad login attempts! This is definitely NOT the behavior I get when I use NT servers (or even security=server). I'm guessing (and I'll admit that it's a guess) that samba is not passing back the error code that NT expects, and NT somehow believes that it MUST restore this connection before proceeding. Please let me know if there is any more information that I can supply to help diagnose the problem. - john nelson