[Samba] Invalid auth info 68 or level 5 on schannel only prior to

Hose subscriptions at bluemaggottowel.com
Tue Aug 26 20:48:11 GMT 2003 

logins 
Reply-To: 

I've sourced the groups, but haven't had any success with solving this
problem.  Here are the details:

I have a debian/testing system running samba 3.0.0beta2-1.  It was
working fine with the 2.x series, until I upgraded to 3.0.  The debian
server (al) is a PDC for a small NT domain (isabela) with three
workstations, all running win2k pro.  All but one work fine between each
other and al.  The problematic workstation (he2) logs onto the domain
fine, can access shares all over the domain, however no other
workstation *or* the PDC can access shares on he2.

It gets weird though; if anyone logs onto he2 locally, THEN they can
access the shares over the network, ie if let's say a user named "Brian"
was trying to access a share on he2, it would give an access denied
message.  This is either from a win2k workstation or using smbclient -L
//he2 -U Brian.  However, if he sat down at he2, logged in, and possibly
logged out, he could go to any workstation (or use the smbclient
command) and suddenly, he2 gives him access to the shares.

Can anyone clue me in on what's going on?  Here's the errors I get when
someone like the user "Brian" tries to access shares prior to logging in
locally:

log.he2:

[2003/08/26 15:49:32, 2] smbd/sesssetup.c:setup_new_vc_session(504)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2003/08/26 15:49:32, 2] smbd/sesssetup.c:setup_new_vc_session(504)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2003/08/26 15:49:32, 2] lib/access.c:check_access(325)
  Allowed connection from  (192.168.0.2)
[2003/08/26 15:49:32, 2] lib/access.c:check_access(325)
  Allowed connection from  (192.168.0.2)
[2003/08/26 15:49:32, 0] rpc_server/srv_pipe.c:api_pipe_netsec_process(1340)
  Invalid auth info 68 or level 5 on schannel
[2003/08/26 15:49:32, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(605)
  process_request_pdu: failed to do schannel processing.
[2003/08/26 15:49:32, 0] rpc_server/srv_pipe.c:api_pipe_netsec_process(1340)
  Invalid auth info 68 or level 5 on schannel
[2003/08/26 15:49:32, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(605)
  process_request_pdu: failed to do schannel processing.

log.nmbd:

[2003/08/26 15:54:25, 1]
nmbd/nmbd_processlogon.c:process_logon_packet(96)
  process_logon_packet: Logon from 192.168.0.2: code = 0x12
  [2003/08/26 15:54:25, 1]
  nmbd/nmbd_processlogon.c:process_logon_packet(96)
    process_logon_packet: Logon from 192.168.0.2: code = 0x12
    [2003/08/26 15:54:25, 1]
    nmbd/nmbd_processlogon.c:process_logon_packet(96)
      process_logon_packet: Logon from 192.168.0.2: code = 0x12
      [2003/08/26 15:54:25, 1]
      nmbd/nmbd_processlogon.c:process_logon_packet(96)
        process_logon_packet: Logon from 192.168.0.2: code = 0x12


Note that I even went so far as to deleting the machine account from the
smbpasswd db, passwd, and shadow, then rebooted he2 with it back in
normal workgroup mode, restarted samba, readded the he2 machine accounts
in, and added it back into the domain.  Same thing.  

Obviously, it kind of defeats the purpose of a network if someone has to
log in locally first to access things remotely.  Anyone have some
insight?

--

hose

More information about the samba mailing list