[Samba] v3.0.2a: can't login into domain after switching to
pdb_mysql
Yuri Nosyrev
nua at subscribe.slavel.ru
Tue Apr 13 02:57:36 GMT 2004
Hello list.samba.org
FreeBSD-5.2.1, samba from port with tdbsam-backend configured as PDC
Everything is working fine: i.e. registering at samba domain and logging on
to it,
but after I switch to mysql-backend (pdb-mysql)
I can only successfully register my Windows 2k3 at Samba domain
(messagebox 'Welcome to slavel.ru domain' has appiered),
i.e. can successfully change domain of my workstation
from WindowsNT domain to Samba domain,
but after prompt to reboot and followed rebooting can't logon into domain...
Mysql log shows me some strange queries to samba db with where-clause of
none existing samba user
Here is samba.conf and mysql logs:
**************************************************************
hercules# cat /usr/local/etc/smb.conf
[global]
workgroup = SLAVEL.RU
server string = Slavel.ru Samba %v
interfaces = xl0
passdb backend = mysql:mysql
logon path = \\%N\homes\%u\
logon home = \\%N\homes\%u\
logon drive = H:
domain logons = Yes
os level = 33
preferred master = Yes
domain master = Yes
mysql:mysql host = localhost
mysql:mysql user = root # for dbugging only
mysql:mysql password = blablabla
mysql:mysql database = samba
admin users = nua
printer admin = nua
deadtime = 10
follow symlinks = no
max smbd processes = 1000
[netlogon]
path = /var/spool/samba/shares/netlogon
read only = yes
[profiles]
path = /var/spool/samba/shares/homes/%u/profiles
browseable = no
read only = No
guest ok = no
create mask = 0600
directory mask = 0700
[homes]
path = /var/spool/samba/shares/homes/%u
browseable = no
read only = No
guest ok = no
create mask = 0600
directory mask = 0700
**************************************************************
this's registering of Windows Workstation (NUA) at domain: everything's OK!
(for debugging purpose samba user is mysql root)
040413 12:29:53 59 Connect root at localhost on samba
60 Connect root at localhost on samba
60 Query SELECT
logon_time,logoff_time,kickoff_time,pass_last_set_time,pass_can_change_time,
pass_must_change_time,username,domain,nt_username,nt_fullname,home_dir,dir_d
rive,logon_script,profile_path,acct_desc,workstations,unknown_str,munged_dia
l,user_sid,group_sid,lm_pw,nt_pw,NULL,acct_ctrl,unknown_3,logon_divs,hours_l
en,bad_password_count,logon_count,unknown_6 FROM user WHERE username =
'root'
60 Query SELECT
logon_time,logoff_time,kickoff_time,pass_last_set_time,pass_can_change_time,
pass_must_change_time,username,domain,nt_username,nt_fullname,home_dir,dir_d
rive,logon_script,profile_path,acct_desc,workstations,unknown_str,munged_dia
l,user_sid,group_sid,lm_pw,nt_pw,NULL,acct_ctrl,unknown_3,logon_divs,hours_l
en,bad_password_count,logon_count,unknown_6 FROM user WHERE username =
'root'
040413 12:29:54 61 Connect root at localhost on samba
61 Query SELECT
logon_time,logoff_time,kickoff_time,pass_last_set_time,pass_can_change_time,
pass_must_change_time,username,domain,nt_username,nt_fullname,home_dir,dir_d
rive,logon_script,profile_path,acct_desc,workstations,unknown_str,munged_dia
l,user_sid,group_sid,lm_pw,nt_pw,NULL,acct_ctrl,unknown_3,logon_divs,hours_l
en,bad_password_count,logon_count,unknown_6 FROM user WHERE username =
'root'
61 Query SELECT
logon_time,logoff_time,kickoff_time,pass_last_set_time,pass_can_change_time,
pass_must_change_time,username,domain,nt_username,nt_fullname,home_dir,dir_d
rive,logon_script,profile_path,acct_desc,workstations,unknown_str,munged_dia
l,user_sid,group_sid,lm_pw,nt_pw,NULL,acct_ctrl,unknown_3,logon_divs,hours_l
en,bad_password_count,logon_count,unknown_6 FROM user WHERE username =
'root'
040413 12:29:55 61 Query SELECT
logon_time,logoff_time,kickoff_time,pass_last_set_time,pass_can_change_time,
pass_must_change_time,username,domain,nt_username,nt_fullname,home_dir,dir_d
rive,logon_script,profile_path,acct_desc,workstations,unknown_str,munged_dia
l,user_sid,group_sid,lm_pw,nt_pw,NULL,acct_ctrl,unknown_3,logon_divs,hours_l
en,bad_password_count,logon_count,unknown_6 FROM user WHERE username =
'nua$'
61 Query SELECT
logon_time,logoff_time,kickoff_time,pass_last_set_time,pass_can_change_time,
pass_must_change_time,username,domain,nt_username,nt_fullname,home_dir,dir_d
rive,logon_script,profile_path,acct_desc,workstations,unknown_str,munged_dia
l,user_sid,group_sid,lm_pw,nt_pw,NULL,acct_ctrl,unknown_3,logon_divs,hours_l
en,bad_password_count,logon_count,unknown_6 FROM user WHERE username =
'NUA$'
61 Query SELECT
logon_time,logoff_time,kickoff_time,pass_last_set_time,pass_can_change_time,
pass_must_change_time,username,domain,nt_username,nt_fullname,home_dir,dir_d
rive,logon_script,profile_path,acct_desc,workstations,unknown_str,munged_dia
l,user_sid,group_sid,lm_pw,nt_pw,NULL,acct_ctrl,unknown_3,logon_divs,hours_l
en,bad_password_count,logon_count,unknown_6 FROM user WHERE user_sid =
'S-1-5-21-1839053707-3782651528-722872119-3004'
61 Query SELECT
logon_time,logoff_time,kickoff_time,pass_last_set_time,pass_can_change_time,
pass_must_change_time,username,domain,nt_username,nt_fullname,home_dir,dir_d
rive,logon_script,profile_path,acct_desc,workstations,unknown_str,munged_dia
l,user_sid,group_sid,lm_pw,nt_pw,NULL,acct_ctrl,unknown_3,logon_divs,hours_l
en,bad_password_count,logon_count,unknown_6 FROM user WHERE user_sid =
'S-1-5-21-1839053707-3782651528-722872119-3004'
61 Query SELECT
logon_time,logoff_time,kickoff_time,pass_last_set_time,pass_can_change_time,
pass_must_change_time,username,domain,nt_username,nt_fullname,home_dir,dir_d
rive,logon_script,profile_path,acct_desc,workstations,unknown_str,munged_dia
l,user_sid,group_sid,lm_pw,nt_pw,NULL,acct_ctrl,unknown_3,logon_divs,hours_l
en,bad_password_count,logon_count,unknown_6 FROM user WHERE user_sid =
'S-1-5-21-1839053707-3782651528-722872119-3004'
61 Query UPDATE user SET acct_ctrl =
128,logon_time = 0,logoff_time = 0,kickoff_time = 0,pass_can_change_time =
1081823395,pass_must_change_time = 2147483647,pass_last_set_time =
1081823395,hours_len = 21,logon_divs = 168,user_sid =
'S-1-5-21-1839053707-3782651528-722872119-3004',group_sid =
'S-1-5-21-1839053707-3782651528-722872119-515',username = 'nua$',domain =
'SLAVEL.RU',nt_fullname = '123',lm_pw =
'26396180C4512CF1AB0DE75D71872AD7',nt_pw =
'AA76E19EAB5A2A5EC49F5FEF44D2D162' WHERE user_sid =
'S-1-5-21-1839053707-3782651528-722872119-3004'
...the registering finished with success
...but after that mysql.log show me strange query: it's strange because
there's NO such user_sid at samba.user table:
mysql> select username,user_sid from user;
+----------+-----------------------------------------------+
| username | user_sid |
+----------+-----------------------------------------------+
| nua | S-1-5-21-1839053707-3782651528-722872119-3002 |
| nua$ | S-1-5-21-1839053707-3782651528-722872119-3004 |
| root | S-1-5-21-1839053707-3782651528-722872119-1000 |
+----------+-----------------------------------------------+
3 rows in set (0.00 sec)
and this's that 'suspicious' query (WHERE user_sid =
'S-1-5-21-1839053707-3782651528-722872119-501'):
040413 12:30:01 61 Query SELECT
logon_time,logoff_time,kickoff_time,pass_last_set_time,pass_can_change_time,
pass_must_change_time,username,domain,nt_username,nt_fullname,home_dir,dir_d
rive,logon_script,profile_path,acct_desc,workstations,unknown_str,munged_dia
l,user_sid,group_sid,lm_pw,nt_pw,NULL,acct_ctrl,unknown_3,logon_divs,hours_l
en,bad_password_count,logon_count,unknown_6 FROM user WHERE user_sid =
'S-1-5-21-1839053707-3782651528-722872119-501'
040413 12:30:02 61 Query SELECT
logon_time,logoff_time,kickoff_time,pass_last_set_time,pass_can_change_time,
pass_must_change_time,username,domain,nt_username,nt_fullname,home_dir,dir_d
rive,logon_script,profile_path,acct_desc,workstations,unknown_str,munged_dia
l,user_sid,group_sid,lm_pw,nt_pw,NULL,acct_ctrl,unknown_3,logon_divs,hours_l
en,bad_password_count,logon_count,unknown_6 FROM user WHERE username =
'NUA$'
61 Query SELECT
logon_time,logoff_time,kickoff_time,pass_last_set_time,pass_can_change_time,
pass_must_change_time,username,domain,nt_username,nt_fullname,home_dir,dir_d
rive,logon_script,profile_path,acct_desc,workstations,unknown_str,munged_dia
l,user_sid,group_sid,lm_pw,nt_pw,NULL,acct_ctrl,unknown_3,logon_divs,hours_l
en,bad_password_count,logon_count,unknown_6 FROM user WHERE user_sid =
'S-1-5-21-1839053707-3782651528-722872119-501'
...after rebooting of Windows (needed to change domain's membership) I see
exact query to samba.user so logon always fails
Any ideas?
------------------------
Best Regards,
Yuri Nosyrev mailto: nua at slavel.ru
Russia, Chita
More information about the samba
mailing list