[Samba] Subsequent Authentication Failures

Wed, 27 Jun 2007 12:20:51 -0700

Hi all - I couldn't find an answer to this problem, so maybe someone out there can help me. I'd definitely appreciate it.
I've been running a domain using a Samba PDC for quite a while now and this appears to be a new problem. The PDC uses LDAP as the backend and that has worked fine; the version is 3.0.25a. I have a number of Samba servers that are members of this domain, also running 3.0.25a. The domain name is CSSMB. Here is the problem which has just recently appeared. I'm guessing something has changed: 

Say, I have a server set up like this:

[global]
    ; Tuning Parameters
    socket options = TCP_NODELAY IPTOS_LOWDELAY
    read raw = yes
    write raw = yes
    oplocks = yes
    max xmit = 65535

    workgroup = CSSMB
    os level = 33
    log level = 2
    security = domain
    password server = *

[images]
    comment = Images
    path = /export/unused5/images
    browseable = yes
    read only = no
    valid users = "CSSMB\miturria"

After I start the samba server I can authenticate just fine.

# smbclient -W CSSMB -U miturria \\\\anhur\\images
Password:
Domain=[CSSMB] OS=[Unix] Server=[Samba 3.0.25a]


However if I log out, any subsequent authentications just fail. The  
log on "anhur" shows:


[2007/06/27 14:50:41, 2] auth/auth.c:check_ntlm_password(319)

  check_ntlm_password:  Authentication for user [miturria] ->  
[miturria] FAILED with error NT_STATUS_NO_SUCH_USER


However, on the domain controller "thoth"

[2007/06/27 14:50:41, 2] auth/auth.c:check_ntlm_password(309)

  check_ntlm_password:  authentication for user [miturria] ->  
[miturria] -> [miturria] succeeded



Any ideas what's going on? I've removed anhur from the domain and  
removed it's machine account and re-added it. That didn't seem to  
help. If I restart Samba on anhur, it authenticates fine once and  
then no more. This happens whether I specify "valid users = miturria"  
or "valid users = CSSMB\miturria".



User "miturria" (me) works fine in Linux itself using pam_ldap on  
both client and domain controller.


Any hints would be appreciated.

Markus

---
Markus A. Iturriaga Woelfel, SysAdmin
Department of Computer Science
University of Tennessee, Knoxville
[EMAIL PROTECTED] / (865) 974-3837

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba














    











					Reply via email to