FW: Authentication problems after upgrading to 3.0.23c

[Giddings, Bret]

I recently sent this message to samba at lists.samba.org. Felipe Augusto
van de Wiel suggested to me that this list might be the proper place for
it so here it is again. 

-----Original Message-----
From: Giddings, Bret 
Sent: 12 September 2006 12:51
To: 'samba at lists.samba.org'
Subject: Authentication problems after upgrading to 3.0.23c

Hi there,

Since upgrading our debian sarge boxes to 3.0.23c, we have found that we
are unable to connect to shares using the official hostname of the
servers (short or fully qualified) but can still use its netbios aliases
(again, short or fully qualified). As nothing else has changed in our
configuration, I think that the change of behaviour is down to the newer
release and can find nothing in the release notes that would indicate
that we have to add any new settings into smb.conf.

Anyone else seen this and have any solutions?

Configuration is

Debian Sarge with samba supplied samba. Everything fully patched.

smb.conf (with names changed to protect the innocent)

[global]
        workgroup = MYWORKGROUP
        realm = MY.DOMAIN
        netbios aliases = list, of, aliases
        security = ADS
        log level = 2
        max log size = 10000
        deadtime = 15
        preferred master = No
        wins server = wins0

[homes]
        read only = No

(unspecified values are set to defaults).

log.smbd for simple 'net use * \\server\share'

[2006/09/12 12:48:01, 0] lib/util_sock.c:get_peer_addr(1229)
  getpeername failed. Error was Transport endpoint is not connected
[2006/09/12 12:48:01, 0] lib/util_sock.c:get_peer_addr(1229)
  getpeername failed. Error was Transport endpoint is not connected
[2006/09/12 12:48:01, 0] lib/access.c:check_access(327)
[2006/09/12 12:48:01, 0] lib/util_sock.c:get_peer_addr(1229)
  getpeername failed. Error was Transport endpoint is not connected
  Denied connection from  (0.0.0.0)
[2006/09/12 12:48:01, 1] smbd/process.c:process_smb(1103)
[2006/09/12 12:48:01, 0] lib/util_sock.c:get_peer_addr(1229)
  getpeername failed. Error was Transport endpoint is not connected
  Connection denied from 0.0.0.0
[2006/09/12 12:48:01, 2] lib/access.c:check_access(323)
  Allowed connection from  (155.245.49.154)
[2006/09/12 12:48:01, 0] lib/util_sock.c:write_data(562)
  write_data: write failure in writing to client 155.245.49.154. Error
Connection reset by peer
[2006/09/12 12:48:01, 0] lib/util_sock.c:send_smb(769)
  Error writing 5 bytes to client. -1. (Connection reset by peer)
[2006/09/12 12:48:01, 2] smbd/sesssetup.c:setup_new_vc_session(799)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2006/09/12 12:48:01, 1] smbd/sesssetup.c:reply_spnego_kerberos(310)
  Username CAMPUS\S5037XP$ is invalid on this system
[2006/09/12 12:48:01, 2] smbd/sesssetup.c:setup_new_vc_session(799)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2006/09/12 12:48:01, 1] smbd/sesssetup.c:reply_spnego_kerberos(334)
  make_server_info_info3 failed: NT_STATUS_NO_SUCH_USER!

log.smbd for 'net use \\alias\share'

[2006/09/12 12:49:14, 0] lib/util_sock.c:get_peer_addr(1229)
  getpeername failed. Error was Transport endpoint is not connected
[2006/09/12 12:49:14, 0] lib/access.c:check_access(327)
[2006/09/12 12:49:14, 0] lib/util_sock.c:get_peer_addr(1229)
  getpeername failed. Error was Transport endpoint is not connected
  Denied connection from  (0.0.0.0)
[2006/09/12 12:49:14, 1] smbd/process.c:process_smb(1103)
[2006/09/12 12:49:14, 0] lib/util_sock.c:get_peer_addr(1229)
  getpeername failed. Error was Transport endpoint is not connected
  Connection denied from 0.0.0.0
[2006/09/12 12:49:14, 0] lib/util_sock.c:write_data(562)
  write_data: write failure in writing to client 155.245.49.154. Error
Connection reset by peer
[2006/09/12 12:49:14, 2] lib/access.c:check_access(323)
  Allowed connection from  (155.245.49.154)
[2006/09/12 12:49:14, 0] lib/util_sock.c:send_smb(769)
  Error writing 5 bytes to client. -1. (Connection reset by peer)
[2006/09/12 12:49:14, 2] smbd/sesssetup.c:setup_new_vc_session(799)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2006/09/12 12:49:14, 2] smbd/sesssetup.c:setup_new_vc_session(799)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2006/09/12 12:49:14, 2] lib/access.c:check_access(323)
  Allowed connection from  (155.245.49.154)
[2006/09/12 12:49:14, 2] smbd/reply.c:reply_tcon_and_X(711)
  Serving IPC$ as a Dfs root
[2006/09/12 12:49:14, 2] auth/auth.c:check_ntlm_password(309)
  check_ntlm_password:  authentication for user [bret] -> [bret] ->
[bret] succeeded
[2006/09/12 12:49:14, 2] lib/access.c:check_access(323)
  Allowed connection from  (155.245.49.154)
[2006/09/12 12:49:14, 1] smbd/service.c:make_connection_snum(941)
  s5037xp (155.245.49.154) connect to service share initially as user
bret (uid=16661, gid=1001) (pid 21647)
[2006/09/12 12:49:14, 2] smbd/reply.c:reply_tcon_and_X(711)
  Serving share as a Dfs root
[2006/09/12 12:49:15, 2] smbd/open.c:open_file(352)
  bret opened file desktop.ini read=Yes write=No (numopen=1)
[2006/09/12 12:49:15, 2] smbd/close.c:close_normal_file(344)
  bret closed file desktop.ini (numopen=0)
[2006/09/12 12:49:15, 2] smbd/open.c:open_file(352)
  bret opened file desktop.ini read=Yes write=No (numopen=1)
[2006/09/12 12:49:15, 2] smbd/close.c:close_normal_file(344)
  bret closed file desktop.ini (numopen=0)
[2006/09/12 12:49:15, 2] smbd/open.c:open_file(352)
  bret opened file desktop.ini read=Yes write=No (numopen=1)
[2006/09/12 12:49:15, 2] smbd/close.c:close_normal_file(344)
  bret closed file desktop.ini (numopen=0)
[2006/09/12 12:49:15, 2] smbd/open.c:open_file(352)
  bret opened file desktop.ini read=Yes write=No (numopen=1)
[2006/09/12 12:49:25, 2] smbd/close.c:close_normal_file(344)
  bret closed file desktop.ini (numopen=0)
[2006/09/12 12:49:25, 1] smbd/service.c:close_cnum(1141)
  s5037xp (155.245.49.154) closed connection to service share

Weird eh!

Any solutions?

Regards,

Bret
--
Bret Giddings, Systems Manager, Computing Service, University of Essex
Tel: (01206) 872577 Email: bret at essex.ac.uk Fax: (01206) 860585 Room
4SW.5.19