[Samba] the challenge that the password server.. supplied us is not the one we gave our client - Samba

This is a discussion on [Samba] the challenge that the password server.. supplied us is not the one we gave our client - Samba ; Hi, periodically we are seeing the following error in our samba log. At this time nobody can connect to the shares of this server anymore. [2007/04/17 09:05:59, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [PID33C1] -> [PID33C1] FAILED with error NT_STATUS_LOGON_FAILURE ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: [Samba] the challenge that the password server.. supplied us is not the one we gave our client

  1. [Samba] the challenge that the password server.. supplied us is not the one we gave our client

    Hi,

    periodically we are seeing the following error in our samba log. At this time
    nobody can connect to the shares of this server anymore.

    [2007/04/17 09:05:59, 2] auth/auth.c:check_ntlm_password(312)
    check_ntlm_password: Authentication for user [PID33C1] -> [PID33C1] FAILED
    with error NT_STATUS_LOGON_FAILURE
    [2007/04/17 09:06:03, 1] auth/auth_server.c:check_smbserver_security(263)
    the challenge that the password server (our_password_server) supplied us
    is not the one we gave our client. This just can't work :-(
    [2007/04/17 09:06:03, 2] auth/auth.c:check_ntlm_password(312)
    check_ntlm_password: Authentication for user [PID33C1] -> [PID33C1] FAILED
    with error NT_STATUS_LOGON_FAILURE
    [2007/04/17 09:06:07, 1] auth/auth_server.c:check_smbserver_security(263)
    the challenge that the password server (our_password_server) supplied us
    is not the one we gave our client. This just can't work :-(

    We're using security = SERVER because the server is not member of the domain.
    The few users that use that server can authenticate against the ADS password server.

    After restarting samba everything is fine again. Other server that use the
    same config don't show this problem at the same time, hence I don't think it's
    an ADS problem.

    System:
    Debian Sarge, Samba 3.0.14

    Any hints what to look for? This problem is a bit anoying and I haven't found
    much about it in the list archive.

    Ralf
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. Re: [Samba] the challenge that the password server.. supplied us is not the one we gave our client

    On Tue, Apr 17, 2007 at 11:12:00AM +0200, Ralf Gross wrote:
    > Any hints what to look for? This problem is a bit anoying and I haven't found
    > much about it in the list archive.


    Don't use security=server, join that box to the domain. No
    way around that.

    Volker

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2 (GNU/Linux)

    iD8DBQFGJJkTpZr5CauZH5wRAnTxAJ45yEwxHvxBJ2CvNFWOAg aeDL1MsACfdxhO
    W9MGlvfLkPGbgq5EF1Isiss=
    =n2sM
    -----END PGP SIGNATURE-----


  3. Re: [Samba] the challenge that the password server.. supplied us is not the one we gave our client

    On Tue, Apr 17, 2007 at 12:32:09PM +0200, Ralf Gross wrote:
    > Hm, joining the domain is a bit of a problem. So the error is
    > definitely related to the security=server settings? Because sometimes
    > we don't see this error for weeks.


    Yep. security=server is severely broken by design. It was a
    bad and temporary workaround from times back when Samba did
    not implement the nt domain protocols.

    Volker

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2 (GNU/Linux)

    iD8DBQFGJKNnpZr5CauZH5wRAl1iAJ96fP0o5Dt7vINKqyQ+qY 38v9GXDgCgmZST
    u1ypmwS2+W1SY75I3d0fe9A=
    =rV2+
    -----END PGP SIGNATURE-----


  4. Re: [Samba] the challenge that the password server.. supplied us is not the one we gave our client

    Volker Lendecke schrieb:
    > > Any hints what to look for? This problem is a bit anoying and I haven't found
    > > much about it in the list archive.

    >
    > Don't use security=server, join that box to the domain. No
    > way around that.


    Hm, joining the domain is a bit of a problem. So the error is
    definitely related to the security=server settings? Because sometimes
    we don't see this error for weeks.

    Ralf
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

+ Reply to Thread