[Samba] cannot login from some machines after upgrading from 2
to 3
Atrox
silver.salonen at gmail.com
Tue Dec 4 14:44:59 GMT 2007
Atrox wrote:
>
>
> Atrox wrote:
>>
>> Hi.
>>
>> I've got a strange issue here. Some time ago (in march ;) I upgraded my
>> FreeBSD-6.0 Samba 2.2 to 3.0 (currently 3.0.24). After creating groupmaps
>> and doing all the other upgrade tasks, everything seemed to be alright.
>> However, it was not possible to login from some machines (getting error
>> for the wrong password). After disjoining and rejoining domain with these
>> machines, it was possible again.
>>
>> Does anybody know, what could be the problem?
>>
>> There are still some such machines left. One of these is a Windows 2000.
>> When I try to login to domain from there, I see the according log-lines
>> ending with:
>> =====
>> [2007/06/21 11:40:27, 3] auth/auth.c:check_ntlm_password(270)
>> check_ntlm_password: sam authentication for user [silver] succeeded
>> [2007/06/21 11:40:27, 5] auth/auth.c:check_ntlm_password(296)
>> check_ntlm_password: PAM Account for user [silver] succeeded
>> [2007/06/21 11:40:27, 2] auth/auth.c:check_ntlm_password(309)
>> check_ntlm_password: authentication for user [silver] -> [silver] ->
>> [silver] succeeded
>> [2007/06/21 11:40:27, 5] auth/auth_util.c:free_user_info(1867)
>> attempting to free (and zero) a user_info structure
>> [2007/06/21 11:40:27, 10] auth/auth_util.c:free_user_info(1871)
>> structure was created for silver
>> =====
>>
>> When checking some successful login's log, I see that information about
>> user's groups should follow:
>> =====
>> [2007/06/21 13:24:57, 10] auth/auth_util.c:free_user_info(1871)
>> structure was created for silver
>> [2007/06/21 13:24:57, 10] auth/auth_util.c:create_local_token(1023)
>> Could not convert SID S-1-1-0 to gid, ignoring it
>> [2007/06/21 13:24:57, 10] auth/auth_util.c:create_local_token(1023)
>> Could not convert SID S-1-5-2 to gid, ignoring it
>> [2007/06/21 13:24:57, 10] auth/auth_util.c:create_local_token(1023)
>> Could not convert SID S-1-5-32-546 to gid, ignoring it
>> [2007/06/21 13:24:57, 10] auth/auth_util.c:debug_nt_user_token(454)
>> NT user token of user S-1-5-21-770051042-1162095659-2196661315-501
>> contains 4 SIDs
>> SID[ 0]: S-1-5-21-770051042-1162095659-2196661315-501
>> SID[ 1]: S-1-1-0
>> SID[ 2]: S-1-5-2
>> SID[ 3]: S-1-5-32-546
>> =====
>>
>> I checked the "server schannel" also and verified that this is not the
>> case as this w2k's according security settings match server's settings.
>>
>> What else could cause this?
>>
>> Thanks in advance,
>> Silver
>>
>
> Hello.
>
> Update: some machines allow some users to login, but some users not to.
> Even though the user is in the users group and can login to Samba with
> smbclient, login from (at least some) machines fails.
>
> Hasn't anyone experienced smth like that?
>
> Silver
>
I'm sorry to bother the list with this again, but I'm still sitting on this
issue. Meanwhile a user wanted to change his password, but after doing that
he couldn't login from his machine any more. If I changed his password to
the old one, it was OK again.
Now a new user was made, but he cannot login into domain..
Would anyone suggest me some debugging options?
--
Silver
--
View this message in context: http://www.nabble.com/cannot-login-from-some-machines-after-upgrading-from-2-to-3-tf3958124.html#a14151755
Sent from the Samba - General mailing list archive at Nabble.com.
More information about the samba
mailing list