This sounds like you have 'root = Administrator' in your /etc/samba/smbusers
file. Is the password you are using for Administrator *different* from what is
set for root in Samba ("smbpasswd root" to change)? That could be the issue.
Note that typically, Linux and Samba use different password databases, so even
though they map the same user name, the passwords may be different.
Jon Johnson
Sutinen Consulting, Inc.
www.sutinen.com
________________________________
From: Jason Baker [mailto:[EMAIL PROTECTED]
Sent: Wed 8/8/2007 1:51 PM
To: Jonathan Johnson
Cc: samba@lists.samba.org
Subject: Re: [Samba] SERIOUS PROBLEM - Root Account Locked
Do you have a process (like a service or scheduled task) running on a
client machine as user 'root' with an incorrect cached password?
No actually, this is what seems to be happening:
I log into a windows xp pro workstation as Administrator and browse the
network. I double-click on a network share, in this case a samba computer
called HENBANE. If I view pdbedit -Lv -u root from another computer while I'm
doing this, I can watch the bad login count rise from 0 to 8. I then get a
message that pops up on the Windows workstation that says something to the
effect of "account locked".
I added guest account = nobody to my smb.conf file and now I can browse the
HENBANE share after being prompted for a username and password, but the bad
password count for root now shows 2, and it rises higher each time I access a
share that requires a username and password.
Jason Baker
IT Coordinator
Glastender Inc.
5400 North Michigan Road
Saginaw, Michigan 48604 USA
800.748.0423
Phone: 989.752.4275 ext. 228
Fax: 989.752.4444
www.glastender.com <http://www.glastender.com/>
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K?
w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h---
r+++ y+++
------END GEEK CODE BLOCK------
Jonathan Johnson wrote:
Do you have a process (like a service or scheduled task) running on a
client machine as user 'root' with an incorrect cached password?
Jon Johnson
Sutinen Consulting, Inc.
www.sutinen.com <http://www.sutinen.com/>
Jason Baker wrote:
My root account keeps getting locked out automatically. I am
running Samba 3.0.25b on a CentOS server, as PDC with LDAP backend. I have
accounts set to lock after 8 un-successful login attempts. I zeroed out the bad
password count, and then in less than a few seconds the account gets locked
again and a /pdbedit -Lv -u root /yields the following:
Unix username: root
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: Wed, 01 Jan 1969 03:00:00 EST
Password can change: Wed, 08 Jan 1969 03:00:00 EST
Password must change: never
Last bad password : Wed, 08 Aug 2007 13:51:14 EDT
Bad password count : 8
If I enter w on the command line, it only shows that two
(authorized) users are logged into the server. So I'm confident that no one
from the outside is attempting to log in as root. Below is my conf file. If I
go into LDAP Account Manager and unlock the account, it will stay unlocked for
a few minutes (or seconds), then it is locked out again. With the account lock
I cannot join machines to the domain, nor change domain permissions for users
and groups. Any suggestions would be helpful.
[global]
unix charset = LOCALE
workgroup = glastendernet
netbios name = aster
server string = Glastender Domain Controller running %v
interfaces = eth1, lo, tun+
bind interfaces only = yes
os level = 255
preferred master = yes
local master = yes
domain master = yes
security = user
time server = yes
username map = /etc/samba/smbusers
wins support = yes
encrypt passwords = yes
pam password change = yes
name resolve order = wins bcast hosts
winbind nested groups = no
passdb backend = ldapsam:ldap://aster.glastender.com
ldap passwd sync = Yes
ldap suffix = dc=glastender,dc=com
ldap admin dn = cn=Manager,dc=glastender,dc=com
ldap ssl = no
ldap group suffix = ou=Groups
ldap user suffix = ou=People
ldap machine suffix = ou=People
ldap idmap suffix = ou=Idmap
idmap backend = ldap:ldap://aster.glastender.com
idmap uid = 10000-20000
idmap gid = 10000-20000
map acl inherit = yes
add user script = /opt/IDEALX/sbin/smbldap-useradd -m
"%u"
#delete user script = /opt/IDEALX/sbin/smbldap-userdel
"%u"
add machine script = /opt/IDEALX/sbin/smbldap-useradd -w
"%u"
add group script = /opt/IDEALX/sbin/smbldap-groupadd -p
"%g"
#delete group script = /opt/IDEALX/sbin/smbldap-groupdel
"%g"
add user to group script =
/opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script =
/opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script =
/opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u"
domain logons = yes
log file = /var/log/samba/log.%m
log level = 0
syslog = 0
max log size = 50
#smb ports = 139 445
smb ports = 139
hosts allow = 127.0.0.1 172.16.0.0/255.255.0.0
192.168.100.0/255.255.255.0
# User profiles and home directories
logon drive = U:
logon path = \\%L\profiles\%U
logon script = %U.bat
large readwrite = no
read raw = no
write raw = no
printcap name = /etc/printcap
load printers = no
printing =
template shell = /bin/false
winbind use default domain = yes
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
