Hi all, In my system, samba (3.0.34) is configured as PDC with an LDAP backend and has some user and machine accounts, and it all works fine. But recently I've found out that if I remove one machine account from the LDAP server user logins into the domain from that machine are still possible, even if the machine login verification fails:
"... [2009/05/05 19:34:47, 2] passdb/pdb_ldap.c:init_sam_from_ldap(545) init_sam_from_ldap: Entry found for user: test [2009/05/05 19:34:47, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [test] -> [test] -> [test] succeeded [2009/05/05 19:34:52, 1] smbd/service.c:make_connection_snum(1033) vmvista (192.168.100.198) connect to service netlogon initially as user test (uid=1507, gid=1000) (pid 27646) [2009/05/05 19:35:00, 0] rpc_server/srv_netlog_nt.c:get_md4pw(242) get_md4pw: Workstation VMVISTA$: no account in domain [2009/05/05 19:35:00, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(461) _net_auth2: failed to get machine password for account VMVISTA$: NT_STATUS_ACCESS_DENIED [2009/05/05 19:35:06, 1] smbd/service.c:close_cnum(1230) vmvista (192.168.100.198) closed connection to service netlogon [2009/05/05 19:36:40, 2] smbd/sesssetup.c:setup_new_vc_session(1214) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2009/05/05 19:36:40, 2] smbd/sesssetup.c:setup_new_vc_session(1214) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2009/05/05 19:36:40, 2] lib/smbldap.c:smbldap_open_connection(786) smbldap_open_connection: connection opened [2009/05/05 19:36:41, 0] rpc_server/srv_netlog_nt.c:get_md4pw(242) get_md4pw: Workstation VMVISTA$: no account in domain [2009/05/05 19:36:41, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(461) ..." Is there a way to prevent users logins from machines that have been removed from system? Nelson Vale -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
