Hi all,
I have a Dell PowerEdge 6300 running Windows NT Server 4.0, Terminal
Server Edition (SP5) + Citrix MetaFrame 1.8. We are running Samba 2.0.4
on a Sun Enterprise 4500 with Solaris 7. The smb.conf specifies
server-based authentication, and specifies the Terminal Server as the
password server. The users are not allowed to directly log on to the Sun
box, so on that server they all share a common cryptic password which
only I know. They access applications on the Terminal Server which use
the Samba share to store project files and data, which they access with
their own personal passwords. The applications are 'published'
applications, which start in the Samba share (so when the user clicks on
the 'open' button, it starts in the share, not on a local NT drive). I
have an intermittent problem with authentication however, which I can't
resolve (hope you can help). Occasionally, when a user starts the
application, it responds with an error message stating 'invalid password
- failing component //depsuna/workspace' (happens about 5% of the time).
When this happens, if I look at the smbd processes (ps -ef | grep smbd),
I can kill all those owned by root except the parent process and it's
fixed. However, this screws up the other users currently connected via
Samba and therefore is not effective (if no other users are on the system
I can effectively fix it this way). Clearly, this is not a viable
solution for that reason (plus I have to babysit it). This also
manifests itself in another way, when users map a drive from their PC to
the server it responds with the 'invalid password' and prompts the user
for a different password (even though they one they've entered IS
correct). In this case, it will continue to prompt for a password and
never connect until the user logs off and I kill the child processes. If
I enable security auditing on the NT side I see in the Event Viewer that
authentication happens 4 times for each successful logon -
fails once logging on to Terminal Server
succeeds logging on to Terminal Server
fails once authenticating samba share
succeeds authenticating samba share
The log file offers no help, for when this fails it apparently doesn't
log any activity (since the service was never started). For example a
user complained of this behavior this morning (Feb. 8), yet there are no
entries of any kind for this morning in log.smb or the user's log
(log.%m).
My smb.conf file is below (minus all the comments for brevity).
---------------
Michael Smith
GIS Unit
Maine Department of Environmental Protection
207-287-4292
michael.smith@state.me.us
#======================= Global Settings
[global]
workgroup = GIS
server string = Sun E4500 Server
log file = /var/log/samba/log.%m
max log size = 50
security = server
password server = termserver
socket options = TCP_NODELAY
dns proxy = no
#============================ Share Definitions
[data1]
comment = /data1
path = /data1
valid users = @gisstaff
browsable = yes
writable = yes
create mode = 0777
directory mode = 0777
[workspace]
comment = user workspaces
path = /data6/work
browsable = yes
writable = yes
create mode = 0777
directory mode = 0777