Bug 1535 - Local administrator authenticated as domain administrator
Summary: Local administrator authenticated as domain administrator
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: winbind (show other bugs)
Version: 3.0.4
Hardware: All All
: P3 normal
Target Milestone: none
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
Depends on:
Reported: 2004-07-15 10:52 UTC by Jay Anderson
Modified: 2005-02-09 08:42 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Jay Anderson 2004-07-15 10:52:51 UTC
Samba server is a member of an Active Directory domain where an account with
userid "administrator" has been purposely locked out for security reasons. When
logged on a Windows computer as local administrator (local account userid is
"administrator"), then trying to connect to a Samba share with "guest ok = Yes"
parameter, the connection is denied with the message: "The referenced account is
currently locked out and may not be logged on to." The Samba server is trying to
authenticate the Windows computer's local administrator against the Active
Directory account, rather than recognizing it as a unique account and allowing
it guest access. This did not occur in Samba 2.x, and this is not the behavior
of Windows servers.
Comment 1 Gerald (Jerry) Carter (dead mail address) 2005-02-09 08:42:30 UTC
you can set 'auth methods = guest sam_ignoredomain winbind:ntdomain'
to work around this.  Without more people complaining, there are no 
plans to change the current behavior.  Sorry.