Hi, > Why do you think this iks the source of your problem? That aspect > of you post is unclear to me.
What is currently happening is this: I try to access a print share multiple times, by running smbclient //PRINTSERVER/sharename -UDOMAIN\\username%password -c "ls" repeatedly. I do this to provide a rough simulation of heavy load on the print server . For some of the access's the following shows up in the winbindd logs : [2005/04/06 09:57:41, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(556) winbindd_pam_auth_crap: sam_logon returned ACCESS_DENIED. Maybe the trust account password was changed and we didn't know it. Killing connections to domain DOMAIN I looked at the code, and what seems to be happening is this: winbindd tries a sam_logon and the DC returns NT_STATUS_ACCESS_DENIED ( or samba thinks the DC returned NT_STATUS_ACCESS_DENIED) after which winbindd re-tries the sam logon. In most cases the retry succeeds, however, it occasionally fails. When this happens, the winbindd authentication fails and the user gets an NT_STATUS_ACCESS_DENIED to the print share. What has me confused is this : Why should the DC return NT_STATUS_ACCESS_DENIED for a sam logon? The trust account password hasnt been changed and I can't think of any other reasons. I had a cursory look at the rpc_api_pipe_req function in rpc_client/cli_pipe.c and figured out that the netsec (schannel) algorithm was being used for the encoding of the challenge/response. I don't know too much about the NTLM authentication protocol and so I'm still trying to figure out if its a configuration problem with our DC or something else. (Jerry - Sorry about the duplicate mail to you ) Thanks, Sridhar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
