Samba, Vista, Mapped Drives, and change password prompt
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Samba, Vista, Mapped Drives, and change password prompt
Users are not always prompted to change password. This may end up being a Vista issue but I'm posting here just in case there's something I've missed.
If Vista is setup to join a domain at logon, mapped drives work fine.
If the user logs into Vista as a local user, the user can map drives that they have rights to.
However, if "net sam set pwdmustchangenow [username] yes" is used the behaviour changes.
When the user who joins the domain logs on types their username and password at the logon prompt, they are immediately asked to change the password. That's expected.
But, when the user who logs in locally tries to access a mapped drive, they are prompted for a user name and password and then receive an authentication failure. They are not prompted to change the password.
The samba log for that user contains the following:
auth/auth_sam.c:sam_account_ok(172)
sam_account_ok: Account for user '[username]' password must change!.
This seems to indicate that the correct password was used and that samba is requesting that Vista ask the user to change the password. Which does not happen.
Finally, if "smbpasswd [username]" is used to change the password on the server, the local Vista user is prompted for a user name and password and can access the shares.
This behavior is expected. The authentication (of logging into the domain against a domain controller directly) needs to happen _before_ the password change can be done. What you are doing is mapping a drive on a file server, which then passes your credentials to the domain controller for authentication which responds saying to the _file server_ that the password much change, not to the desktop which the domain controller knows nothing about.
Clear as mud.
I don't think a Windows server would handle it any different.
Last edited by david_ross; 10-09-2008 at 01:09 PM.
Reason: removed spam
racracracrac, thanks for the reply but I'm not convinced that this is accurate. The file server _is_ the domain controller and both services are handled by one installation of samba on one computer. It doesn't make sense that samba would respond to itself and expect an additional reply from itself. As well, the issue I described does not occur with Windows XP. In XP the expected behaviour does occur; when the user tries to access a mapped share and has not become a member of the domain at logon, the user supplies their user name and password and is then prompted to change the password. This is why I stated that this may well be solely a Vista issue.
My purpose for the post is to gain confidence on where the issue is coming from and to receive insight from those who have also come across this issue. We had recently upgraded from Samba2 to Samba3 and Vista is relatively new and very buggy. I'm trying to determine if Samba is requesting a password change (authentication protocols are not the issue) in a way that Vista likes or if Vista is simply broken.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
