[SAMBA3] [PATCH] AIX initgroups() error

William Jojo jojowil at hvcc.edu
Wed Sep 20 11:32:01 GMT 2006 

----- Original Message ----- 
From: "Andras Atzel" <aabox2k at yahoo.com>
To: "William Jojo" <jojowil at hvcc.edu>
Cc: <samba-technical at lists.samba.org>
Sent: Wednesday, September 20, 2006 7:03 AM
Subject: Re: [SAMBA3] [PATCH] AIX initgroups() error


> Hi Bill,
>
> i am Andras back from the holidays.
>

Ok, was this applied or committed? You can try rejecting tl-05 and apply 04
with the various increasing service packs to determine where it breaks and
contact IBM, or you can look to apply tl-05-01 which was recently released,

Did you recheck your configs after the upgrade? Sometimes the updates
alter/replace the config files.

Where is this credential information stored? Is it in LDAP? You're using
pam, so I'm curious about groups with large numbers of memberUid values. You
may need APAR IY78339 if that's the case.

Kerberos based credentials? Then TL-05-01 *may* help.

Either way I need to know more about your setup before Samba to help.

> We made the upgrade to 5300-05-00, but since then we cannot authenticate
with our
> DCE-testuser. (It is registarted in a DCE cell. Auth-method: password)
>
> Do you have any idea what has been changed with the TL-05 uggrade?
> I send a small piece of log (s. below), but it doesn't hold too much info
for me.
> The password was ok before the upgrade, but since then i cannot even login
to the AIX
> with it.

A lot has changed over the last year and a half. Can you also get an
"oslevel -s" since the upgrade.

I hope the upgrade was applied and not committed and that maybe you have a
mksysb tape lying around if it was committed. I'd open a PMR with IBM
quickly and make it a severity 2; chances are they already know the answer.
I'll help you as much as I can.


Cheers,

Bill


>
> Thanks in advance
> Andras
>
> **********************
> ...
> [2006/09/19 18:54:23, 2] auth/pampass.c:smb_pam_auth(514)
>   smb_pam_auth: PAM: Athentication Error for user testuser5
> [2006/09/19 18:54:23, 2] auth/pampass.c:smb_pam_error_handler(73)
>   smb_pam_error_handler: PAM: Authentication Failure : Authentication
failed
> [2006/09/19 18:54:23, 0] auth/pampass.c:smb_pam_passcheck(810)
>   smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User testuser5 !
> [2006/09/19 18:54:23, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
>   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2006/09/19 18:54:23, 2] auth/auth.c:check_ntlm_password(319)
>   check_ntlm_password:  Authentication for user [testuser5] -> [testuser5]
FAILED with
> error NT_STATUS_WRONG_PASSWORD
> ...
> **********************
>
> --- William Jojo <jojowil at hvcc.edu> wrote:
>
> >
> >
> > On Mon, 11 Sep 2006, Christian M Ambach wrote:
> >
> > > Hi Bill,
> > >
> > > I'm answering on Andras' behalf as he is on vacation until next week.
> > >
> > > The output of oslevel -s is
> > > 5300-00-00
> > >
> >
> > Yeah...was afraid of that. You *really* need to upgrade that system.
> > That's a baseline release.
> >
> > I'd recommend upgrading to TL-05 and retest your problem without the
> > patch.
> >
> > http://www14.software.ibm.com/webapp/set2/abl/bundle?release=53
> >
> >
> > Cheers,
> >
> > Bill
> >
> >
> > > I don't know how to reproduce the error as I am not familiar with DCE,
> > > sorry.
> > > The initgroups call fails for just one user in the cell, but I don't
know
> > > yet what is so special about that user.
> > >
> > > If you can give me some commands how to examine that user in DCE, I
can
> > > provide you the output if that helps reproducing the problem.
> > >
> > >
> > > Best regards,
> > >          Christian Ambach
> > >
> > >
> > >
> > >>
> > >>
> > >>>
> > >>
> > >> Jerry,
> > >>
> > >> I think I missed some of this. Where can I find the patch and I'd
like
> > > to
> > >> know more about the version of AIX and the maintenance level.
> > >>
> > >> Andras,
> > >>
> > >> Can I get an "oslevel -s"? And a (quick?) way to recreate the DCE
cell
> > >> failure?
> > >>
> > >>
> > >> Cheers,
> > >>
> > >> Bill
> > >>
> > >
> >
>
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>

More information about the samba-technical mailing list