samba - Jul 2002 - Win2k TS authentication probs / pw changing probs

Hi,

We are having problems with clients changing their passwords from Win2k
Terminal Servers against a Samba PDC.  It works fine if the machine only
has few users on it (ie when testing at 6pm after almost everyone is
gone - I find it difficult to break).  

I'm guessing there is some sort of race condition or resource locking
going on that prevents it happening properly.  

As I didn't get any responses to my previous email re this, I'm getting
desparate and going to look at the source :-)

Can someone (perhaps Andrew Bartlett) give me a general run down on how
pw changing happens?

Starter question: w.t.? are the *user_info_* and other simliar
functions/structures about? 

Config: 
Rh7.3 with rebuilt 2.2.5 rpm for ldapsam support and smbd/conn.c
modified MAX_CONNECTIONS param.  openldap 2.0.23 with dbm backend, Win2K
SP2 with Citrix.

Thanks.

-- 
Robert Stuart
Systems Administrator
Ph: 61 7 3864 0364
Fax: 61 7 3221 2553

Robert Stuart wrote:
> 
> Hi,
> 
> We are having problems with clients changing their passwords from Win2k
> Terminal Servers against a Samba PDC.  It works fine if the machine only
> has few users on it (ie when testing at 6pm after almost everyone is
> gone - I find it difficult to break).
> 
> I'm guessing there is some sort of race condition or resource locking
> going on that prevents it happening properly.
Probably resource locking.  If its a busy server, it is possible that
the smbpasswd file is always locked.  smbpasswd locking is messy - I
would suggest a move to ldap or tdbsam.  Hmm, if you are already using
LDAP then this probably isn't the problem.
> As I didn't get any responses to my previous email re this, I'm
getting
> desparate and going to look at the source :-)
> 
> Can someone (perhaps Andrew Bartlett) give me a general run down on how
> pw changing happens?
- User requests password change
- password change is authenticated (they prove they knew the old
password)
- new password is read, unix password sync is done (and that can be even
worse locking wise)
- smbpasswd/tdbsam/ldap (whatever you use for your passdb) is updated. 
This may also require locks.
> Starter question: w.t.? are the *user_info_* and other simliar
> functions/structures about?
In 2.2?  I can't even remember then being there - you are going to have
to point out exactly what you are talking about.
> Config:
> Rh7.3 with rebuilt 2.2.5 rpm for ldapsam support and smbd/conn.c
> modified MAX_CONNECTIONS param.  openldap 2.0.23 with dbm backend, Win2K
> SP2 with Citrix.
There really should not be locking issues with this - you will need to
dig a bit deeper I think.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet@samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

I would like to get a backup samba file server running that takes over
should the primary fail. There are several issues in implementing this....

Is it even possible to have a file system level copy made of the files? Or
even a samba level copy of the files on the backup server? I would like the
backup to take over in real time should the primary fail.

Thanks.

I actually use it already. It is not real time though. For a backup server
to take over, there needs to be a real time "mirroring" kind of like a
raid
array except at a server level.

Thanks.

Sanjiv

-----Original Message-----
From: samba-admin@lists.samba.org [mailto:samba-admin@lists.samba.org]On
Behalf Of Andrew Bartlett
Sent: Saturday, July 13, 2002 8:06 PM
To: sbawa@tabmaster.com
Cc: Ren? Nieuwenhuizen; samba@samba.org
Subject: Re: [Samba] Backup file server


Sanjiv Bawa wrote:
>
> I will look into this option...
>
> Is there a lower cost way to do this by basically mirroring the files
across
> two servers, maybe even at a file server level?
You could play with rsync, but be warned that it can take a lot of
memory on big filesystems.  You would be advised to break the job down
if possible.

Andrew Bartlett

--
Andrew Bartlett                                 abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet@samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba