HPE Community
Operating System - HP-UX
1825592 Members
1949 Online
109682 Solutions
New Discussion

samba locking NT account out

 
Steve_3
Frequent Advisor

‎04-25-2001 08:55 AM

‎04-25-2001 08:55 AM

samba locking NT account out

Is anybody having problem with samba locking out NT accounts?

Configuration is set security = server and password is check on NT side. User have account on unix that is disable.

Thanks.
Steve
0 Kudos
Reply
12 REPLIES 12
Mike Hassell
Respected Contributor

‎04-25-2001 10:02 AM

‎04-25-2001 10:02 AM

Re: samba locking NT account out

Steve,

Are the password synced for the UNIX account with the NT domain account? If the NT account is being locked, then it might point to too many incorrect authenication tries.

As I understand it the UNIX account should not be disabled since samba will only give rights via that UNIX account.

Is the user connecting properly to the samba shares? (use smbstatus to find out)

Are you aliasing user accounts with the smbusers file? Be sure to check the event log of your domain controlers to see the response that samba is giving it as well as checking your samba logs to see what it is reporting.

- Mike
The network is the computer, yeah I stole it from Sun, so what?
0 Kudos
Reply
Steve_3
Frequent Advisor

‎04-25-2001 10:08 AM

‎04-25-2001 10:08 AM

Re: samba locking NT account out

Mike,

I read in the samba book that if you set security to server. All you need is an disable account for that user on the unix server(samba server) because I am authenticating through the NT.
0 Kudos
Reply
Ed Smith_1
New Member

‎04-25-2001 10:54 AM

‎04-25-2001 10:54 AM

Re: samba locking NT account out

Steve,

We had many "drive share lock out" issues with SAMBA and as it turned out it had to do with the Backup Domain Controller we were referencing.

We now reference the Primary Domain Controller (for validation) and have not had the issue of locking users out of their SAMBA shares.

In doing so, we figure that if the Primary Domian Controller fails, this will cause more headaches within the networks than users not being able to access SAMBA shares.

An alternative approach we tried was to perform user account validation at the Unix/SAMBA level and take NT Security validation out of the picture. This means double entry of accounts and may only work if you have a small user base.

Hope this helps.

Ed
Go Big or don't go at all....
0 Kudos
Reply
Mike Hassell
Respected Contributor

‎04-25-2001 11:15 AM

‎04-25-2001 11:15 AM

Re: samba locking NT account out

Steve,

Is the password synced between the two accounts or is the user being prompted to enter a password when trying to connect to one of the samba shares? This may be the root cause of the account being locked out.

- Mike
The network is the computer, yeah I stole it from Sun, so what?
0 Kudos
Reply
Steve_3
Frequent Advisor

‎04-25-2001 11:23 AM

‎04-25-2001 11:23 AM

Re: samba locking NT account out

Mike,

When a user connect to a samba share, they map to the share without having to enter the password.

Sync, there is no syncing of the password b/c it is check on the NT side. On the unix box, I create them an id that is the same as the NT and diable the account.

steve
0 Kudos
Reply
Stefan Schulz
Honored Contributor

‎04-26-2001 12:39 AM

‎04-26-2001 12:39 AM

Re: samba locking NT account out

Steve,

i had the same problem here. It is the setting security = server. This setting requires a permanent connection between your samba box and the NT passwordserver. Whenever your Networkt or one of your servers has a "hickup" there might be a timout to this connection. This causes your NT account to be locked out.

The solution here was to set security to domain and use several PDC and BDC as the password servers. With this setting the passwordservers are only connected to when a user connects his share. No permanent connection required.

Also with several BDC as passwordservers there is no problem with availability.

Tell me if you need more info. Stefan
No Mouse found. System halted. Press Mousebutton to continue.
0 Kudos
Reply
Steve_3
Frequent Advisor

‎04-26-2001 07:55 AM

‎04-26-2001 07:55 AM

Re: samba locking NT account out

Stefan,

The current setting is:

security = server
password server = PDC BDC

I try to change the security setting
to domain and NT guys was telling people
who were not even using samba share were getting lockout. NT guys told me from their logs
that the samba server was locking the NT
accounts out...

any idea?

thanks,
steve
0 Kudos
Reply
Russell Campbell
Advisor

‎04-26-2001 10:50 AM

‎04-26-2001 10:50 AM

Re: samba locking NT account out

Steve,

We are having our NT server do the password authenication without any problems. My smb.conf has the following.

security = server
password server = NT1 NT2 NT3

socket options = TCP_NODELAY
wins server = xxx.xxx.xxx.xxx

You need to make sure that the NT account name and the UNIX account name match. Your UNIX account must be a valid account. Your able to login vie a shell. do not disabled the account. Samba checks to see if you have a valid accounts on NT and UNIX if there is a mismatch or a disabled account it will not work.
0 Kudos
Reply
Steve_3
Frequent Advisor

‎04-26-2001 11:12 AM

‎04-26-2001 11:12 AM

Re: samba locking NT account out

Russell,

That looks like how I have it except the socket options. What is that for?

The account on the Unix server is the same as the NT. Why can't you have a disable account.

Here is what the book say:
This is under Server-level security:

"One caveat: when using this option, you will still need an account representing that user on the regular Samba server. This is because the Unix operation system needs a username to perform I/O operations. The preferable method of handling this is to give the user an account on the Samba server but disable the account's password by replacing it in system password file with (*)

Thanks,
steve
0 Kudos
Reply
Russell Campbell
Advisor

‎04-26-2001 01:31 PM

‎04-26-2001 01:31 PM

Re: samba locking NT account out

Steve,

I tried disabling the UNIX account with a "*" and was successfull in mapping my UNIX share. Are you getting any error messages? Is it prompting for a password?
What dose the log.nmb log.smb say?
0 Kudos
Reply
Steve_3
Frequent Advisor

‎04-26-2001 02:28 PM

‎04-26-2001 02:28 PM

Re: samba locking NT account out

Russell,

I have no problem mapping to the drive..
It does not as for password.
I don't see any error

Thanks,
steve
0 Kudos
Reply
Steve_3
Frequent Advisor

‎05-24-2001 10:53 AM

‎05-24-2001 10:53 AM

Re: samba locking NT account out

This is a repost. I really didn't find the answer to my problem. I called hp and they
didn't really help. Need help from all you SAMBA EXPERTS...

Thanks,
steve
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.