Hello,
I am running Samba 3.4.7 on Ubuntu 10.04 amd64. Due to legacy support, I am
using a smbpasswd file (chmod 600) instead of the newer tdbsam database. It is
also worth noting that this server also has LDAP authentication enabled (for
SSH access). Clients access Samba from both Windows 7 and Windows XP. The
smb.conf file is as follows:
[global]
workgroup = HOME
printcap name = /etc/printcap
load printers = no
printing = lprng
log file = /var/log/samba/%m.log
max log size = 0
security = user
encrypt passwords = true
passdb backend = smbpasswd
smb passwd file = /etc/samba/smbpasswd
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
pam password change = yes
obey pam restrictions = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = no
os level = 65
domain master = no
preferred master = no
name resolve order = wins bcast host lmhosts
wins server = xxx.xxx.xxx.xxx
dns proxy = no
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
winbind use default domain = no
[MyShare]
path = /mnt/MyShare
browseable = yes
public = yes
guest ok = yes
writable = yes
printable = no
create mode = 0664
directory mode = 0775
veto oplock files = /*mgc*/
force create mode = 0660
force directory mode = 0660
Samba is not a PDC, however the Windows accounts on client machines have the
same credentials as are stored in smbpasswd, so the share is automatically
authenticated. I have observed that if a user is required to enter their
password, e.g. their Windows password is not the same as in smbpasswd, then
their password in smbpasswd gets reset. For example, before attempting to
connect, user1's entry in smbpasswd looks like this (password hashes randomized
in example below):
user1:111: f0faf5d8955e92206354485d29a1b15e : e580c2260de48ababdd67d6ed063a641
:[UX ]:LCT-4E985F55:
After the user attempts to connect, and enters the wrong credentials,
user1:111: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX : e580c2260de48ababdd67d6ed063a641
:[UX ]:LCT-4E985F55:
Thus if the user then tries a second time with the correct password, they are
unable to login. If the correct password is supplied the first time, then no
change is made to smbpasswd. Sometimes the password gets changed to XXXXX...
even after a successful login. When this error occurs, nothing is logged in
/var/log or /var/log/samba. An strace of the parent smbd process reveals only
the following:
gettimeofday({1335971419, 254991}, NULL) = 0
select(27, [6 24 25 26], [], NULL, {9999, 0}) = 1 (in [24], left {9993,
133747})
gettimeofday({1335971425, 122816}, NULL) = 0
accept(24, {sa_family=AF_INET, sin_port=htons(61726),
sin_addr=inet_addr("192.168.1.20")}, [16]) = 28
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,
child_tidptr=0x7f07d9ead9f0) = 4371
close(28) = 0
gettimeofday({1335971425, 133599}, NULL) = 0
Do you have any ideas on why the smbpasswd file is being changed, and how to
correct this behavior so the smbpasswd file is not changed?
Thanks,
Andrew
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
