Locked user accounts Linux -> Windows 2000 server authentication

airwalk
airwalk used Ask the Experts™
on
I am having some problems right now with windows 2000 server and our linux servers.

The accounts are locking out regularly (once or twice a week) after the users have changed their passwords. It seems to be only users that also have access to our Linux Samba shares or CVS servers. I am wondering why this happens as it is very very annoying to have to keep unlocking users especially since our password policies are set for 60 days.

I was wondering if maybe there is some caching or some settings we can enable/disable on the Linux or Windows 2000 boxes.

It would be great to get some help with this if anyone can help I would be EXTREMELY grateful
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Gabriel OrozcoSolution Architect

Commented:
your samba server should be set to use your central domain to autenticate your users. if you are using the normal samba autenticaation, then there you have your answer: they will not get their password changed ntil you go and change it yourself.

Author

Commented:
Here is some of the contents of my smb.conf
I dont think this is the problem since it is working for some people and even sometimes for the people that are seeing the problems.. its very annoying

[global]
map to guest = Bad User
guest account = guest
invalid users = root

#security = domain
security = SERVER
#security = standalone
workgroup = CFGRA

#hosts equiv = /etc/samba/hosts.equiv


syslog only = no
syslog = 0;
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096
encrypt passwords = yes
wins support = no
name resolve order = lmhosts host wins bcast
dns proxy = no
preserve case = yes
short preserve case = yes

unix password sync = false
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:*
%n\n .
max log size = 1000


include = /usr/local/etc/smb.conf.%h

Author

Commented:
I dont know if this could also have something to do with it.. we are using Samba 2.0.7 is the key you are referring to 2.2.x specific? Is it reccomended that I upgrade to 2.2.x?
PMI ACP® Project Management

Prepare for the PMI Agile Certified Practitioner (PMI-ACP)® exam, which formally recognizes your knowledge of agile principles and your skill with agile techniques.

Author

Commented:
I forgot the include file (sorry trying to give as much info as possible)

(in the file shown as smb.conf.%h

wins server = ISOLDE
password server = lkopser01 lkopser02
server string = Backup CVS server

Author

Commented:
I forgot the include file (sorry trying to give as much info as possible)

(in the file shown as smb.conf.%h

wins server = ISOLDE
password server = lkopser01 lkopser02
server string = Backup CVS server
Solution Architect
Commented:
Airwalk: upgrade as soon as you can, because samba 2.2.6 and up have a far more simple way to use your windows to autenticate users for samba. that way you will be able to do what you are asking for.

Author

Commented:
Just as an update, we have installed the latest samba now and I am giving it a week to see if we have any problems. If it all goes well then I will take that to mean that the problem is solved and award you (Redimido) the points.

Thanks!

Author

Commented:
Thanks for the help!.. it seemed to work once we upgraded.. I havent seen any more problems so far!!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial