[Samba] Problem while log on: Windows Server 2008 R2 in samba domain
Alexander Födisch
foedisch at eva.mpg.de
Tue Nov 8 01:44:35 MST 2011
Hi,
I have a strange problem with a Windows Server 2008 R2-System as a member of a samba domain (Samba-Version on PDC: 3.4.12).
Join was successfully, but when I log on Windows I got an error "Unknown user name or bad password." (Event ID 4625).
Here an abstract of logfile for Windows Server 2008 R2-System (log level 10). Maybe some of you has an idea:
------------------------------------------------------------------------------------
[2011/11/07 16:37:15, 9] passdb/passdb.c:2245(pdb_increment_bad_password_count)
No lockout policy, don't track bad passwords
[2011/11/07 16:37:15, 3] smbd/sec_ctx.c:210(push_sec_ctx)
push_sec_ctx(999, 514) : sec_ctx_stack_ndx = 1
[2011/11/07 16:37:15, 3] smbd/uid.c:428(push_conn_ctx)
push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2011/11/07 16:37:15, 3] smbd/sec_ctx.c:310(set_sec_ctx)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2011/11/07 16:37:15, 5] auth/token_util.c:522(debug_nt_user_token)
NT user token: (NULL)
[2011/11/07 16:37:15, 5] auth/token_util.c:548(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2011/11/07 16:37:15, 4] passdb/pdb_ldap.c:2015(ldapsam_update_sam_account)
ldapsam_update_sam_account: user foedisch to be modified has dn: uid=foedisch,dc=xxx,dc=xxx,dc=xx
[2011/11/07 16:37:15, 2] passdb/pdb_ldap.c:1199(init_ldap_from_sam)
init_ldap_from_sam: Setting entry for user: foedisch
[2011/11/07 16:37:15, 4] passdb/pdb_ldap.c:2029(ldapsam_update_sam_account)
ldapsam_update_sam_account: mods is empty: nothing to update for user: foedisch
[2011/11/07 16:37:15, 3] smbd/sec_ctx.c:418(pop_sec_ctx)
pop_sec_ctx (999, 514) - sec_ctx_stack_ndx = 0
[2011/11/07 16:37:15, 5] auth/auth.c:274(check_ntlm_password)
check_ntlm_password: sam authentication for user [foedisch] FAILED with error NT_STATUS_WRONG_PASSWORD
[....]
[2011/11/07 16:37:15, 5] rpc_server/srv_netlog_nt.c:1041(_netr_LogonSamLogon)
_netr_LogonSamLogon: check_password returned status NT_STATUS_WRONG_PASSWORD
[2011/11/07 16:37:15, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug)
netr_LogonSamLogon: struct netr_LogonSamLogon
out: struct netr_LogonSamLogon
return_authenticator : *
return_authenticator: struct netr_Authenticator
cred: struct netr_Credential
data : fafde2c3dc0af8fc
timestamp : Mon Nov 7 16:38:40 2011 CET
validation : *
validation : union netr_Validation(case 3)
sam3 : *
sam3: struct netr_SamInfo3
base: struct netr_SamBaseInfo
last_logon : NTTIME(0)
last_logoff : NTTIME(0)
acct_expiry : NTTIME(0)
last_password_change : NTTIME(0)
allow_password_change : NTTIME(0)
force_password_change : NTTIME(0)
account_name: struct lsa_String
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
full_name: struct lsa_String
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
logon_script: struct lsa_String
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
profile_path: struct lsa_String
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
home_directory: struct lsa_String
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
home_drive: struct lsa_String
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
logon_count : 0x0000 (0)
bad_password_count : 0x0000 (0)
rid : 0x00000000 (0)
primary_gid : 0x00000000 (0)
groups: struct samr_RidWithAttributeArray
count : 0x00000000 (0)
rids : NULL
user_flags : 0x00000000 (0)
0: NETLOGON_GUEST
0: NETLOGON_NOENCRYPTION
0: NETLOGON_CACHED_ACCOUNT
0: NETLOGON_USED_LM_PASSWORD
0: NETLOGON_EXTRA_SIDS
0: NETLOGON_SUBAUTH_SESSION_KEY
0: NETLOGON_SERVER_TRUST_ACCOUNT
0: NETLOGON_NTLMV2_ENABLED
0: NETLOGON_RESOURCE_GROUPS
0: NETLOGON_PROFILE_PATH_RETURNED
0: NETLOGON_GRACE_LOGON
key: struct netr_UserSessionKey
key : 00000000000000000000000000000000
logon_server: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
domain: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
domain_sid : NULL
LMSessKey: struct netr_LMSessionKey
key : 0000000000000000
acct_flags : 0x00000000 (0)
0: ACB_DISABLED
0: ACB_HOMDIRREQ
0: ACB_PWNOTREQ
0: ACB_TEMPDUP
0: ACB_NORMAL
0: ACB_MNS
0: ACB_DOMTRUST
0: ACB_WSTRUST
0: ACB_SVRTRUST
0: ACB_PWNOEXP
0: ACB_AUTOLOCK
0: ACB_ENC_TXT_PWD_ALLOWED
0: ACB_SMARTCARD_REQUIRED
0: ACB_TRUSTED_FOR_DELEGATION
0: ACB_NOT_DELEGATED
0: ACB_USE_DES_KEY_ONLY
0: ACB_DONT_REQUIRE_PREAUTH
0: ACB_PW_EXPIRED
0: ACB_NO_AUTH_DATA_REQD
unknown: ARRAY(7)
unknown : 0x00000000 (0)
unknown : 0x00000000 (0)
unknown : 0x00000000 (0)
unknown : 0x00000000 (0)
unknown : 0x00000000 (0)
unknown : 0x00000000 (0)
unknown : 0x00000000 (0)
sidcount : 0x00000000 (0)
sids : NULL
authoritative : *
authoritative : 0x01 (1)
result : NT_STATUS_WRONG_PASSWORD
------------------------------------------------------------------------------------
~ # ldapsearch -x -H ldaps://<pdc> -D uid=xxx,dc=xxx,dc=xxx,dc=xxx -W -LLL '(sambaDomainName=EVAN)'
Enter LDAP Password:
dn: sambaDomainName=EVAN,dc=xxx,dc=xxx,dc=xx
objectClass: sambaDomain
objectClass: sambaUnixIdPool
sambaDomainName: EVAN
sambaSID: S-1-5-21-1042031166-387543594-2118856591
sambaMinPwdAge: 0
sambaMaxPwdAge: -1
sambaLockoutThreshold: 0
sambaMinPwdLength: 5
sambaLogonToChgPwd: 0
sambaForceLogoff: -1
sambaLockoutDuration: 30
sambaLockoutObservationWindow: 30
sambaRefuseMachinePwdChange: 0
sambaPwdHistoryLength: 0
gidNumber: 3616
sambaNextRid: 1183
uidNumber: 12704
Thank you!
Best,
Alex
More information about the samba
mailing list