The Samba-Bugzilla – Bug 1934
Auto authentication causes Bad Lockout Attempt for same user name
Last modified: 2006-09-24 10:42:17 UTC
When Mapping a Network drive from Windows, an automatic authentication
accours using the currently logged in Windows user name. If there is an
identical user name "registered" with Samba but has a different password, this
auto authentication will fail - incrementing the "Bad Lockout Attempt" for
the user name by 1.
If one were to try to log on using a different username but incorrectly entered
a password, the "Bad Lockout Attempt" for the Windows user name (which also has
a samba account) will also increment by 1.
This incrementing will continue for the account until the Maximum Logon Attempts
has been reached, no matter which user attempts to logon.
- I logon to my Windows box as 'bender'
- I also have the samba users 'bob', 'chuck' and 'bender'.
- If I Map a Share as user 'bob' and incorrectly enter the password twice (or
once) and then successfully logon, the 'Bad password count' for 'bob' will
correctly be 0, but for 'bender' it will be 2.
- If I then logon as 'chuck' and mess up once - 'bender' AND the entire share is
now locked out!
This happens because of the auto authentication sent from Windows to the Samba
for anyone else looking at this bug:
the first part of the issue is behavior by Windows design
I think. However, the comment
"- If I then logon as 'chuck' and mess up once - 'bender' AND the
entire share is now locked out!"
indicates a bug which is what I wanted to track.
I cannot seem to duplicate this error.
We have (allmost) the same problem.
Our samba server is a member of domain A and my pc is a member of domain B. I
have the user accounts A\bob and B\bob and their password differs.
When I sit on my w2k pc and tries to connect to the samba server using \\samba-
server\bob my account gets locket out immediately. When I do the samt thing
with a win2003 fileserver I'm asked for a password.
To solve the problem I've commented out the part "auth/auth_util.c" which maps
all "unknown domains to our own" and recompiled Samba. I'd like to be able to
change this behaviour using a configuration parameter in smb.conf or to get the
same behaviour in samba as we get from the win2003 fileserver.
It is possible for me to sendt tcpdumps and logfiles.