samba - Sep 1999 - sudden loss of password validation

The problem: Strangely, the PDC rejects user password challenges from Samba.
The user account gets locked. After unlocking the account, everything is
back to normal. This happens several times a day to different users and from
different Samba servers. All Samba servers have the same [global]
configuration.

Is this a Samba problem? Is samba perhaps not passing along the correct
password? If I add the user and password to smbpasswd, then the challenge
fails on the PDC, but works for Samba, and all is well. However, I cannot
maintain a smbpasswd entry for all NT Domain users. I want the Windows NT
4.0 PDC to maintain security.

We did not have this problem with Samba 1.9.18p7.

My configuration:
 Solaris 2.6, Samba 2.0.5a
 Windows NT 4.0 PDC
smb.conf:
 security = server
 password server = XXXX-PDC
 encrypt passwords = yes
 invalid users = @root, @bin, @sys, @admin
 socket options = IPTOS_LOWDELAY TCP_NODELAY
 domain master = no
 local master = no
 preferred master = no
 os level = 0
 win support = no
 wins server = xxx.xxx.xx.xx
 getwd cache = yes

Here is a log of the error:

[1999/08/24 16:14:25, 1] smbd/password.c:server_validate(1131)
  password server XXXX-PDC rejected the password
[1999/08/24 16:14:25, 1] smbd/password.c:pass_check_smb(504)
  Couldn't find user 'dbaird' in smb_passwd file.
[1999/08/24 16:14:25, 2] smbd/reply.c:reply_sesssetup_and_X(830)
  NT Password did not match for user 'dbaird' ! Defaulting to Lanman
[1999/08/24 16:14:25, 1] smbd/password.c:pass_check_smb(504)
  Couldn't find user 'dbaird' in smb_passwd file.
[1999/08/24 16:14:49, 1] smbd/password.c:server_validate(1131)
  password server XXXX-PDC rejected the password
[1999/08/24 16:14:49, 1] smbd/password.c:pass_check_smb(504)
  Couldn't find user 'dbaird' in smb_passwd file.
[1999/08/24 16:14:49, 2] smbd/reply.c:reply_sesssetup_and_X(830)
  NT Password did not match for user 'dbaird' ! Defaulting to Lanman
[1999/08/24 16:14:49, 1] smbd/password.c:pass_check_smb(504)
  Couldn't find user 'dbaird' in smb_passwd file.

----------------------------------------------
D a v i d   B a i r d
Qualcomm Israel
phone: +972-4-8506652     fax: +972-4-8506510
----------------------------------------------

On Wed, 1 Sep 1999, David Baird wrote:
> The problem: Strangely, the PDC rejects user password challenges from
Samba.
> The user account gets locked. After unlocking the account, everything is
> back to normal. This happens several times a day to different users and
from
> different Samba servers. All Samba servers have the same [global]
> configuration.
I ran into a similar problem when moving to 2.0.3 from 1.9.x - switching
to using DOMAIN security fixed it for me.  You might want to consider
trying that where you are.

Nicholas

=====================================================================Nicholas
Tang     Senior System Administrator     R/GA Digital Studios
ntang@rga.com       (212) 946-4224 (voice)        (212) 946-4010 (fax)
======================================================================

I just set up Samba 2.0.5a on a Sequent DYNIX/ptx system authenticating to
an NT 40 PDC.  My UNIX login ID's are 
different from the NT login ID's so I am needing to maintain a
"username
map" file (see smb.conf documentation).

Try using "security = domain" instead of "security =
server".  I got this
from the "DOMAIN_MEMBER.txt" file in docs/textdocs directory.

# Security and Authentication Settings
workgroup = nt-domain
security = domain
encrypt passwords = yes
password server = nt-svr1 nt-svr2 nt-svr3
local master = no
domain master = no
dns proxy = no

Steve Heineck (seh)
A-Dec, IS, UNIX System Admin.
Ext. 2852

-------------- next part --------------
HTML attachment scrubbed and removed