cifs mount | then change password on DC

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

cifs mount | then change password on DC

Samba - General mailing list
Hi,

Not sure if this is the place to ask, but:

We have user who uses mount -t cifs to mount his files on his machine.

Then this user changed his AD password. Then, suddenly his account
started to become LOCKED_OUT on the AD DCs, because of too many FAILED
with error NT_STATUS_WRONG_PASSWORD

After umounting the cifs mount, the FAILED with error
NT_STATUS_WRONG_PASSWORD disappeared, and the account no longer LOCKED_OUT.

So, it seems mount -t cifs keeps trying the password it remembers (even
though it became outdated aka previous) again and again, until the
account becomes LOCKED_OUT.

Is there a way to prevent this behaviour? I'd rather have the mount
point disappear/become invalid, rather then retried over and over again.

For the record: mount.cifs version 6.4 (debian jessie)

MJ

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: cifs mount | then change password on DC

Samba - General mailing list
MJ,

Have a look at :    
* BUG 12782: winbindd changes the local password and gets
     NT_STATUS_WRONG_PASSWORD for the remote change.  

Fixed in 4.6.7, this looks bit like your problem, not complete sure.

If its a VM, testing is simple, backup the VM and  upgrade to debian stretch. ( more recent kernel so more recent cifs )
And now install my 4.6.7 package and test again.



Greetz,

Louis




> -----Oorspronkelijk bericht-----
> Van: samba [mailto:[hidden email]] Namens mj via samba
> Verzonden: donderdag 10 augustus 2017 12:40
> Aan: [hidden email]
> Onderwerp: [Samba] cifs mount | then change password on DC
>
> Hi,
>
> Not sure if this is the place to ask, but:
>
> We have user who uses mount -t cifs to mount his files on his machine.
>
> Then this user changed his AD password. Then, suddenly his
> account started to become LOCKED_OUT on the AD DCs, because
> of too many FAILED with error NT_STATUS_WRONG_PASSWORD
>
> After umounting the cifs mount, the FAILED with error
> NT_STATUS_WRONG_PASSWORD disappeared, and the account no
> longer LOCKED_OUT.
>
> So, it seems mount -t cifs keeps trying the password it
> remembers (even though it became outdated aka previous) again
> and again, until the account becomes LOCKED_OUT.
>
> Is there a way to prevent this behaviour? I'd rather have the
> mount point disappear/become invalid, rather then retried
> over and over again.
>
> For the record: mount.cifs version 6.4 (debian jessie)
>
> MJ
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: cifs mount | then change password on DC

Samba - General mailing list
Hi Louis,

Hmm I had hoped for something simple like a mount option to prevent
remount attempts or so. :-)

Anyway, I give your idea a try. Thanks for your reply!

On 08/10/2017 01:38 PM, L.P.H. van Belle via samba wrote:

> MJ,
>
> Have a look at :
> * BUG 12782: winbindd changes the local password and gets
>       NT_STATUS_WRONG_PASSWORD for the remote change.
>
> Fixed in 4.6.7, this looks bit like your problem, not complete sure.
>
> If its a VM, testing is simple, backup the VM and  upgrade to debian stretch. ( more recent kernel so more recent cifs )
> And now install my 4.6.7 package and test again.
>
>
>
> Greetz,
>
> Louis
>
>
>
>

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Loading...