Bug 1934 - Auto authentication causes Bad Lockout Attempt for same user name
Auto authentication causes Bad Lockout Attempt for same user name
Status: NEW
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts
3.0.7
Sparc Solaris
: P3 normal
: none
Assigned To: Samba Bugzilla Account
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2004-10-14 08:22 UTC by bender
Modified: 2006-09-24 10:42 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description bender 2004-10-14 08:22:38 UTC
When Mapping a Network drive from Windows, an automatic authentication
accours using the currently logged in Windows user name.  If there is an
identical user name "registered" with Samba but has a different password, this
auto authentication will fail - incrementing the "Bad Lockout Attempt" for
the user name by 1.
If one were to try to log on using a different username but incorrectly entered
a password, the "Bad Lockout Attempt" for the Windows user name (which also has
a samba account) will also increment by 1. 
This incrementing will continue for the account until the Maximum Logon Attempts
has been reached, no matter which user attempts to logon.

Example:

- I logon to my Windows box as 'bender'
- I also have the samba users 'bob', 'chuck' and 'bender'.
- If I Map a Share as user 'bob' and incorrectly enter the password twice (or
once) and then successfully logon, the 'Bad password count' for 'bob' will
correctly be 0, but for 'bender' it will be 2.
- If I then logon as 'chuck' and mess up once - 'bender' AND the entire share is
now locked out!

This happens because of the auto authentication sent from Windows to the Samba
server.
Comment 1 Gerald (Jerry) Carter 2004-10-14 08:43:04 UTC
for anyone else looking at this bug:

the first part of the issue is behavior by Windows design 
I think.  However,  the comment

"- If I then logon as 'chuck' and mess up once - 'bender' AND the 
entire share is now locked out!"

indicates a bug which is what I wanted to track.
Comment 2 bender 2004-10-14 12:21:59 UTC
I cannot seem to duplicate this error.
Comment 3 Hans Kristian Nordengen 2004-12-12 11:00:35 UTC
We have (allmost) the same problem.
Our samba server is a member of domain A and my pc is a member of domain B. I 
have the user accounts A\bob and B\bob and their password differs.

When I sit on my w2k pc and tries to connect to the samba server using \\samba-
server\bob my account gets locket out immediately. When I do the samt thing 
with a win2003 fileserver I'm asked for a password.

To solve the problem I've commented out the part "auth/auth_util.c" which maps 
all "unknown domains to our own" and recompiled Samba. I'd like to be able to 
change this behaviour using a configuration parameter in smb.conf or to get the 
same behaviour in samba as we get from the win2003 fileserver.

It is possible for me to sendt tcpdumps and logfiles.