From 3.0.23rc1 back to 3.0.21c, no access to shares till reboot of the client

Thomas Bork tombork at
Wed May 31 21:25:11 GMT 2006

Hi @all,

I wrote in the thread "[Samba] 3.0.23rc1 - Failed to setup 
RT_SIGNAL_NOTIFY handler]" in the samba mailing list:

Switched back to 3.0.21c. Ouch, access to shares is not granted anymore 

The client is confused and thinks the samba server is an domain controller!:

Auf \\Deveis\public kann nicht zugegriffen werden. Sie haben eventuell 
keine Berechtigung, diese Netzwerkressource zu verwenden. Wenden Sie 
sich an den Administrator des Servers, um herauszufinden, ob Sie über 
Berechtigungen verfügen.

Die Konfigurationsinformationen konnten vom Domänencontroller nicht
gelesen werden. Mit dem Computer kann keine Verbindung hergestellt
werden oder der Zugriff wurde verweigert.

(Configuration informations cannot read from domain controller. No 
connection to the computer or access denied.)

Are there any incompatible changes in the informations in secrets.tdb or
other tdb's?

With 3.0.21c my samba was *sometimes* a domain controller for testing 
purposes. At the time 3.0.23rc1 was installed, samba was a normal 
standalone server and the client was not part of a domain.
If installing the older 3.0.21c with 'Server role: ROLE_STANDALONE' the 
client XP SP2 cannot access the shares anymore with the above message.

I checked this 2 times now. I have to stop samba, delete all tdb's, 
start samba and restart the client - then I can access the shares 
without any other changes...

This is with passdb backend smbpasswd. The client wasn't rebooted while 
downgrading from 3.0.23rc1 to 3.0.21c.

I talked with Volker Lendecke about this problem. He stated, this is 
probably because 3.0.23rc1 is setting an new NTLMSSP flag and after 
switching to 3.0.21c without this flag the client means, the lower 
security level is not correct and blocks the access to samba.

If this is the case, wouldn't it be a good idea to note this in the 
release notes, because if there are any problems with 3.0.23 many users 
will be downgrading without rebooting their clients and this could lead 
to many questions in the samba mailing list?

Or maybe the new NTLMSSP flag should only be set if samba acts as an 
primary domain controller (the error message shows the client thinks 
samba is an domain controller)?

I have a samba log with debug level 10, an ethereal trace and a strace 
log of smbd from 3.0.21c from starting samba and trying to access it 
from the XP SP2 client. Interested in?

der tom

More information about the samba-technical mailing list