Bug 1535 - Local administrator authenticated as domain administrator
Local administrator authenticated as domain administrator
Product: Samba 3.0
Classification: Unclassified
Component: winbind
All All
: P3 normal
: none
Assigned To: Andrew Bartlett
Samba QA Contact
Depends on:
  Show dependency treegraph
Reported: 2004-07-15 10:52 UTC by Jay Anderson
Modified: 2005-02-09 08:42 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Jay Anderson 2004-07-15 10:52:51 UTC
Samba server is a member of an Active Directory domain where an account with
userid "administrator" has been purposely locked out for security reasons. When
logged on a Windows computer as local administrator (local account userid is
"administrator"), then trying to connect to a Samba share with "guest ok = Yes"
parameter, the connection is denied with the message: "The referenced account is
currently locked out and may not be logged on to." The Samba server is trying to
authenticate the Windows computer's local administrator against the Active
Directory account, rather than recognizing it as a unique account and allowing
it guest access. This did not occur in Samba 2.x, and this is not the behavior
of Windows servers.
Comment 1 Gerald (Jerry) Carter 2005-02-09 08:42:30 UTC
you can set 'auth methods = guest sam_ignoredomain winbind:ntdomain'
to work around this.  Without more people complaining, there are no 
plans to change the current behavior.  Sorry.