Login fails - Win95 vs. NT4 PDC using domain=server and winbind

Ian Scott ian.scott at edm-inc.com
Wed Jan 16 10:02:07 GMT 2002 

OK, following up on my previous email about this subject.

Quoting Scheufen Stephan <S.Scheufen at ebv.com>:

> my problem is the following:
> if the win95 clients are logging on to the PDC and the login script
> wants to mount the NAS device sharing they get a "enter
> password"-question. Then Win98se machines logging on to the same PDC are
> not getting the question...(wondering!)...they are successfully
> authenticated and connected to the NAS.

To recap, I have this same problem.  We have a network of about 40-50 clients, 
running a mix of Win95 OSR2, 98, 98SE, NT4 Workstation, 2k Pro, and XP Pro.  
Our Samba configuration uses winbind and security=server to authenticate with 
our PDC, which is running NT4 Server with SP6.  The same problem happens with 
both Samba 2.2.2 and 2.2.3pre from CVS.

Like Stephan, this occurs only on the 95 OSR2 machines and generally only RIGHT 
after logging on.  I've tried installing all updates I could (secupd2, 
winsock2, etc.) and I still get this problem.

Looking through smbd and winbindd logs (both at level 3), I found this when the 
problem occurs (connecting to a share named Arch, user name is "testuser" and 
the domain is "EDM."

Looking in smbd.log:

[2002/01/14 16:21:00, 3] smbd/reply.c:reply_sesssetup_and_X(851)
  Domain=[]  NativeOS=[Windows 4.0] NativeLanMan=[Windows 4.0]
[2002/01/14 16:21:00, 3] smbd/reply.c:reply_sesssetup_and_X(861)
  sesssetupX:name=[TESTUSER]
[2002/01/14 16:21:00, 3] libsmb/namequery.c:resolve_wins(694)
  resolve_wins: Attempting wins lookup for name PDC_SERVER<0x20>
[2002/01/14 16:21:00, 3] libsmb/namequery.c:resolve_wins(712)
  resolve_wins: WINS server == <10.10.1.10>
[2002/01/14 16:21:00, 3] lib/util_sock.c:open_socket_in(837)
  bind succeeded on port 0
[2002/01/14 16:21:00, 2] libsmb/namequery.c:name_query(420)
  Got a positive name query response from 10.10.1.10 ( 10.10.1.10 )
[2002/01/14 16:21:00, 3] lib/util_sock.c:open_socket_out(869)
  Connecting to 10.10.1.10 at port 445
[2002/01/14 16:21:01, 2] lib/util_sock.c:open_socket_out(898)
  error connecting to 10.10.1.10:445 (Connection refused)
[2002/01/14 16:21:01, 3] lib/util_sock.c:open_socket_out(869)
  Connecting to 10.10.1.10 at port 139
[2002/01/14 16:21:01, 3] smbd/reply.c:reply_sesssetup_and_X(1021)
  No such user testuser [] - using guest account
[2002/01/14 16:21:01, 3] smbd/sec_ctx.c:push_sec_ctx(282)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2002/01/14 16:21:01, 3] smbd/uid.c:push_conn_ctx(285)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2002/01/14 16:21:01, 3] smbd/sec_ctx.c:set_sec_ctx(314)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2002/01/14 16:21:01, 3] smbd/sec_ctx.c:get_current_groups(162)
  get_current_groups: user is in 1 groups: 65534
[2002/01/14 16:21:01, 3] smbd/sec_ctx.c:pop_sec_ctx(421)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2002/01/14 16:21:01, 3] smbd/sec_ctx.c:get_current_groups(162)
  get_current_groups: user is in 1 groups: 65534
[2002/01/14 16:21:01, 3] smbd/password.c:register_vuid(328)
  uid 65534 registered to name nobody

So it looks like it can't find TESTUSER and maps them to nobody.  However, if I 
don't try to mount anything until a minute or so after I log on, I can mount 
the directory successfuly and this occurs in the logs instead:
[2002/01/15 15:41:43, 3] smbd/reply.c:reply_sesssetup_and_X(851)
  Domain=[EDM]  NativeOS=[Windows 4.0] NativeLanMan=[Windows 4.0]
[2002/01/15 15:41:43, 3] smbd/reply.c:reply_sesssetup_and_X(861)
  sesssetupX:name=[TESTUSER]
[2002/01/15 15:41:43, 3] smbd/reply.c:reply_sesssetup_and_X(922)
  Using unix username EDM\TESTUSER
..
[2002/01/15 15:41:43, 3] smbd/sec_ctx.c:get_current_groups(162)
  get_current_groups: user is in 2 groups: 10005, 10001
[2002/01/15 15:41:43, 3] smbd/password.c:register_vuid(328)
  uid 10041 registered to name edm\testuser

The winbind logs reveal the same problem, but from a different perspective. 
When authentication fails, this appears:
[ 8301]: getpwnam \TESTUSER
[ 8301]: getpwnam testuser
[ 8301]: getpwnam TESTUSER
[ 8301]: getpwnam testuser
[ 8301]: getpwnam TESTUSER
[ 8301]: getpwnam testuser
[ 8301]: getpwnam TESTUSER
[ 8301]: getpwnam testuser
[ 8301]: getpwnam TESTUSER

When it is successful, this happens:
[ 8409]: getpwnam EDM\TESTUSER
CACHESEQ EDM/USR/TESTUSER is 4294967295
cached sequence number for EDM is 5885
seq 4294967295 for EDM has expired (not == 5885)
CACHESEQ EDM/SID/EDM\TESTUSER is 4294967295
cached sequence number for EDM is 5885
seq 4294967295 for EDM has expired (not == 5885)
cached sequence number for EDM is 5885
cached sequence number for EDM is 5885
cached sequence number for EDM is 5885

and so on.

So, it looks like for some reason, right after logon, the domain EDM is left 
off of the user's name.  Now I need to find out WHY this happens.

I can't get this to duplicate itself on a non-loaded test server.

Ia

More information about the samba mailing list