[Samba] simple migration 2.8 -> 3.02; simple test cases fail

[Craig White]

On Sat, 2004-03-13 at 16:10, Linda W wrote:
> I've been going back and forth over the HOWTO on bringing up a new samba 
> 3.0 server in place of
> an old 2.8.
> 
> I only have about 2-3 users, so even recreating them isn't a major pain 
> -- but what does seem to be
> a pain is password authentication.  I was using smbpasswd before, and am 
> using it in my 3.0 setup
> as well.  I'm running a version for Suse90 pointed to off of their 
> support pages so shadow passwords are
> enabled by default -- so I don't think they'd build a suse release w/o 
> support for shadow pw's.  I've
> tried domain and user security and neither work from either an XP 
> workstation nor on the
> samba server using smbclient --  i.e. I can't connect to a share on the 
> client from the client due to
> "NT_STATUS_LOGON_FAILURE". 
> 
> I've reset the user passwords via smbpasswd -a username, I also tried 
> wiping out my smbpasswd
> file and adding a user with pdbpasswd (no luck), restoring file and 
> forcing re-initialization of account passwords
> with the "--force-initizlied-passwords", then resetting passwords...no 
> luck -- still can't connect to a share
> (though they are anonymously listable) without getting the FAILURE message.
> 
> looking over the chat between the XP client, I see a message 
> STATUS_MORE_PROCESSING_REQUIRED,
>  then it retrying with another password which then fails.
> 
> I'm a bit at my wits end -- I thought this would be a reasonably simple 
> upgrade for a small network but it
> taking hours going down deadends.
> 
> I've checked settings in the local security policy including limiting 
> password talk to lower levels (below ntlmv2),
> I've also tried explicitly allowing various security options in my 
> smb.conf file. 
> 
> Testparm says all sections 'ok', server role is "Role_domain_pdc" -- 
> which was it's role under 2.8.  I had been
> using domain security, so a login as user 'workstation/linda' could 
> access anything owned by user 'linda' on
> the server, though I got a message from testparm telling me I should try 
> security=user ...tried it both
> ways...no go.
> 
> Do I need to deleted the machine lines from the old smbusers file's and 
> "re-add" the machines to get them
> recognized properly?  But I don't see what that would have to do with a 
> user being able to mount a share
> on the same samba-linux machine and still getting login failures....
> 
> Do any of these symptoms sound familiar to some fundamental booboo I'm 
> making?  If not, any ideas on what directions to go for debugging other 
> than going back to 2.8 where I'm obviously safer?  (sigh)....
----
assuming that we are talking about WindowsXP Professional clients...

security = user (makes sense - actually the only proper setting for a
PDC in my book)
wins support = yes (makes sense)
domain master = yes
preferred master = yes
domain logons = yes
encrypt passwords = yes

clients should point the wins server to the ip address of the samba
server.

I cannot tell if this is the same computer or a different computer that
was running 2.2.8 - If it is a different computer, then the user
accounts and the computer accounts need to exist on the new system, just
copying over the smbpasswd file from the previous computer isn't enough.
Check the log files - typically /var/log/samba and you are likely going
to get a clue what the problem is

Craig