When Mapping a Network drive from Windows, an automatic authentication accours using the currently logged in Windows user name. If there is an identical user name "registered" with Samba but has a different password, this auto authentication will fail - incrementing the "Bad Lockout Attempt" for the user name by 1. If one were to try to log on using a different username but incorrectly entered a password, the "Bad Lockout Attempt" for the Windows user name (which also has a samba account) will also increment by 1. This incrementing will continue for the account until the Maximum Logon Attempts has been reached, no matter which user attempts to logon. Example: - I logon to my Windows box as 'bender' - I also have the samba users 'bob', 'chuck' and 'bender'. - If I Map a Share as user 'bob' and incorrectly enter the password twice (or once) and then successfully logon, the 'Bad password count' for 'bob' will correctly be 0, but for 'bender' it will be 2. - If I then logon as 'chuck' and mess up once - 'bender' AND the entire share is now locked out! This happens because of the auto authentication sent from Windows to the Samba server.
for anyone else looking at this bug: the first part of the issue is behavior by Windows design I think. However, the comment "- If I then logon as 'chuck' and mess up once - 'bender' AND the entire share is now locked out!" indicates a bug which is what I wanted to track.
I cannot seem to duplicate this error.
We have (allmost) the same problem. Our samba server is a member of domain A and my pc is a member of domain B. I have the user accounts A\bob and B\bob and their password differs. When I sit on my w2k pc and tries to connect to the samba server using \\samba- server\bob my account gets locket out immediately. When I do the samt thing with a win2003 fileserver I'm asked for a password. To solve the problem I've commented out the part "auth/auth_util.c" which maps all "unknown domains to our own" and recompiled Samba. I'd like to be able to change this behaviour using a configuration parameter in smb.conf or to get the same behaviour in samba as we get from the win2003 fileserver. It is possible for me to sendt tcpdumps and logfiles.
I think this is fixed in recent releases