This sounds like you have 'root = Administrator' in your /etc/samba/smbusers file. Is the password you are using for Administrator *different* from what is set for root in Samba ("smbpasswd root" to change)? That could be the issue. Note that typically, Linux and Samba use different password databases, so even though they map the same user name, the passwords may be different. Jon Johnson Sutinen Consulting, Inc. www.sutinen.com ________________________________
From: Jason Baker [mailto:[EMAIL PROTECTED] Sent: Wed 8/8/2007 1:51 PM To: Jonathan Johnson Cc: samba@lists.samba.org Subject: Re: [Samba] SERIOUS PROBLEM - Root Account Locked Do you have a process (like a service or scheduled task) running on a client machine as user 'root' with an incorrect cached password? No actually, this is what seems to be happening: I log into a windows xp pro workstation as Administrator and browse the network. I double-click on a network share, in this case a samba computer called HENBANE. If I view pdbedit -Lv -u root from another computer while I'm doing this, I can watch the bad login count rise from 0 to 8. I then get a message that pops up on the Windows workstation that says something to the effect of "account locked". I added guest account = nobody to my smb.conf file and now I can browse the HENBANE share after being prompted for a username and password, but the bad password count for root now shows 2, and it rises higher each time I access a share that requires a username and password. Jason Baker IT Coordinator Glastender Inc. 5400 North Michigan Road Saginaw, Michigan 48604 USA 800.748.0423 Phone: 989.752.4275 ext. 228 Fax: 989.752.4444 www.glastender.com <http://www.glastender.com/> -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GIT$ d- s: a C++$ LU+++$ P+ L++>L++++ !E--- W+++ N o? K? w !O M !V PS PE++ Y? PGP- t 5? X+ R+ tv+ b- DI-- D++ G e+ h--- r+++ y+++ ------END GEEK CODE BLOCK------ Jonathan Johnson wrote: Do you have a process (like a service or scheduled task) running on a client machine as user 'root' with an incorrect cached password? Jon Johnson Sutinen Consulting, Inc. www.sutinen.com <http://www.sutinen.com/> Jason Baker wrote: My root account keeps getting locked out automatically. I am running Samba 3.0.25b on a CentOS server, as PDC with LDAP backend. I have accounts set to lock after 8 un-successful login attempts. I zeroed out the bad password count, and then in less than a few seconds the account gets locked again and a /pdbedit -Lv -u root /yields the following: Unix username: root Logon time: 0 Logoff time: never Kickoff time: never Password last set: Wed, 01 Jan 1969 03:00:00 EST Password can change: Wed, 08 Jan 1969 03:00:00 EST Password must change: never Last bad password : Wed, 08 Aug 2007 13:51:14 EDT Bad password count : 8 If I enter w on the command line, it only shows that two (authorized) users are logged into the server. So I'm confident that no one from the outside is attempting to log in as root. Below is my conf file. If I go into LDAP Account Manager and unlock the account, it will stay unlocked for a few minutes (or seconds), then it is locked out again. With the account lock I cannot join machines to the domain, nor change domain permissions for users and groups. Any suggestions would be helpful. [global] unix charset = LOCALE workgroup = glastendernet netbios name = aster server string = Glastender Domain Controller running %v interfaces = eth1, lo, tun+ bind interfaces only = yes os level = 255 preferred master = yes local master = yes domain master = yes security = user time server = yes username map = /etc/samba/smbusers wins support = yes encrypt passwords = yes pam password change = yes name resolve order = wins bcast hosts winbind nested groups = no passdb backend = ldapsam:ldap://aster.glastender.com ldap passwd sync = Yes ldap suffix = dc=glastender,dc=com ldap admin dn = cn=Manager,dc=glastender,dc=com ldap ssl = no ldap group suffix = ou=Groups ldap user suffix = ou=People ldap machine suffix = ou=People ldap idmap suffix = ou=Idmap idmap backend = ldap:ldap://aster.glastender.com idmap uid = 10000-20000 idmap gid = 10000-20000 map acl inherit = yes add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u" #delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u" add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u" add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g" #delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g" add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u" domain logons = yes log file = /var/log/samba/log.%m log level = 0 syslog = 0 max log size = 50 #smb ports = 139 445 smb ports = 139 hosts allow = 127.0.0.1 172.16.0.0/255.255.0.0 192.168.100.0/255.255.255.0 # User profiles and home directories logon drive = U: logon path = \\%L\profiles\%U logon script = %U.bat large readwrite = no read raw = no write raw = no printcap name = /etc/printcap load printers = no printing = template shell = /bin/false winbind use default domain = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba