From: Andrew Martin <amar...@xes-inc.com> Date: Wed, 02 May 2012 13:23:47 -0500 (CDT)
> I am running Samba 3.4.7 on Ubuntu 10.04 amd64. Due to legacy > support, I am using a smbpasswd file (chmod 600) instead of the > newer tdbsam database. (snip) > Samba is not a PDC, however the Windows accounts on client machines > have the same credentials as are stored in smbpasswd, so the share > is automatically authenticated. I have observed that if a user is > required to enter their password, e.g. their Windows password is not > the same as in smbpasswd, then their password in smbpasswd gets > reset. For example, before attempting to connect, user1's entry in > smbpasswd looks like this (password hashes randomized in example > below): > > user1:111: f0faf5d8955e92206354485d29a1b15e : > e580c2260de48ababdd67d6ed063a641 :[UX ]:LCT-4E985F55: > > After the user attempts to connect, and enters the wrong credentials, > user1:111: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX : > e580c2260de48ababdd67d6ed063a641 :[UX ]:LCT-4E985F55: > > Thus if the user then tries a second time with the correct password, > they are unable to login. If the correct password is supplied the > first time, then no change is made to smbpasswd. Sometimes the > password gets changed to XXXXX... even after a successful > login. When this error occurs, nothing is logged in /var/log or > /var/log/samba. An strace of the parent smbd process reveals only > the following: > (snip) > > Do you have any ideas on why the smbpasswd file is being changed, > and how to correct this behavior so the smbpasswd file is not > changed? This behavior (changing the former password string changes XXXXX...) is expected unless you explicitly enable "lanman auth = yes". In smb.conf(5): ----- When this parameter is set to no this will also result in sambaLMPassword in Samba's passdb being blanked after the next password change. As a result of that lanman clients won't be able to authenticate, even if lanman auth is reenabled later on. ----- The former part, LANMAN hash is no longer used unless if you connect to Samba from Windows 9x. > Thus if the user then tries a second time with the correct password, > they are unable to login. As far as I examined, users can login... Could you examine to reboot the client and try to connect to the Samba server after changing password string to XXXXX... Why I say "reboot" is that it is the easiest way to clear authentication cache. Basically "reboot" is not required. --- TAKAHASHI Motonobu <mo...@monyo.com> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
