Web lists-archives.com

[Samba] Windows cant access shared directories after changed password with smbpasswd




Hi,


   - OpenSuse 42.2
   - Samba Version 4.4.2-11.3.1-3752-SUSE-SLE_12-x86_64

I'm using samba for file sharing, where users have some control of the
shares.

This is a standalone server

All works fine, the user was created and added on the samba host with smbpasswd
-a <user>

*The problem is*, when the samba password is changed using smbpasswd <user> ,
the Windows machines no longer have access. It prompts again for
user/password, but suppyling the correctly credentials fails to have them
authenticated. If I change the password back to the previous value with
smbppasswd. authentication works again, without prompting for the password
again.

Looks like Windows is caching the user/password and even if I supply the
credentials in the prompt, it's still sending the old password to the samba
server.

I'm sure the password was changed, because testing smbclient, supplying the
new password, it works fine.

This problem occurs with Windows XP and Windows 8.

*Is there someway to force "flush" this user/password at the Windows client
?* *or make this password expire....*

It is weird, since we have another Samba host, but this is a FreeNAS
(FreeBSD based) system. It works correctly with this server. It looks as if
it is something with the opensuse samba. I already copied the smb.conf from
the FreeNAS server to the SuSE server, but the problem still occurs.

Here is a part of the logfile, when trying to connect to Samba on the SuSE
server with the new password:

[2017/06/22 17:00:07.575679,  4, pid=20298, effective(0, 0), real(0,
0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2017/06/22 17:00:07.575690,  5, pid=20298, effective(0, 0), real(0,
0)] ../source3/lib/username.c:181(Get_Pwnam_alloc)
  Finding user cinacio
[2017/06/22 17:00:07.575700,  5, pid=20298, effective(0, 0), real(0,
0)] ../source3/lib/username.c:120(Get_Pwnam_internals)
  Trying _Get_Pwnam(), username as lowercase is cinacio
[2017/06/22 17:00:07.575722,  5, pid=20298, effective(0, 0), real(0,
0)] ../source3/lib/username.c:159(Get_Pwnam_internals)
  Get_Pwnam_internals did find user [cinacio]!
[2017/06/22 17:00:07.575756, 10, pid=20298, effective(0, 0), real(0,
0)] ../source3/passdb/lookup_sid.c:1300(gid_to_sid)
  gid 100 -> sid S-1-22-2-100
[2017/06/22 17:00:07.575778,  3, pid=20298, effective(0, 0), real(0,
0)] ../source3/passdb/lookup_sid.c:1645(get_primary_group_sid)
  Forcing Primary Group to 'Domain Users' for cinacio
[2017/06/22 17:00:07.575789, 11, pid=20298, effective(0, 0), real(0,
0), class=passdb]
../source3/passdb/pdb_get_set.c:263(pdb_get_init_flags)
  element 3: DEFAULT
...
[2017/06/22 17:00:07.576473,  4, pid=20298, effective(0, 0), real(0,
0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2017/06/22 17:00:07.576492,  4, pid=20298, effective(0, 0), real(0,
0)] ../libcli/auth/ntlm_check.c:405(ntlm_password_check)
  ntlm_password_check: Checking NT MD4 password
[2017/06/22 17:00:07.576543,  3, pid=20298, effective(0, 0), real(0,
0)] ../libcli/auth/ntlm_check.c:419(ntlm_password_check)
  ntlm_password_check: NT MD4 password check failed for user cinacio
[2017/06/22 17:00:07.576626,  4, pid=20298, effective(0, 0), real(0,
0)] ../source3/smbd/sec_ctx.c:217(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
...
[2017/06/22 17:00:07.577907,  5, pid=20298, effective(0, 0), real(0,
0), class=auth] ../source3/auth/auth.c:252(auth_check_ntlm_password)
  check_ntlm_password: sam authentication for user [cinacio] FAILED
with error NT_STATUS_WRONG_PASSWORD
[2017/06/22 17:00:07.577919,  2, pid=20298, effective(0, 0), real(0,
0), class=auth] ../source3/auth/auth.c:315(auth_check_ntlm_password)
  check_ntlm_password:  Authentication for user [cinacio] -> [cinacio]
FAILED with error NT_STATUS_WRONG_PASSWORD
[2017/06/22 17:00:07.577930,  5, pid=20298, effective(0, 0), real(0,
0)] ../source3/auth/auth_ntlmssp.c:188(auth3_check_password)
  Checking NTLMSSP password for XXX\cinacio failed: NT_STATUS_WRONG_PASSWORD
[2017/06/22 17:00:07.577940,  5, pid=20298, effective(0, 0), real(0,
0)] ../auth/ntlmssp/ntlmssp_server.c:737(ntlmssp_server_check_password)
  ../auth/ntlmssp/ntlmssp_server.c:737: Checking NTLMSSP password for
XXX\cinacio failed: NT_STATUS_WRONG_PASSWORD
[2017/06/22 17:00:07.577955,  2, pid=20298, effective(0, 0), real(0,
0)] ../auth/gensec/spnego.c:719(gensec_spnego_server_negTokenTarg)
  SPNEGO login failed: NT_STATUS_WRONG_PASSWORD
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba