[Samba] Windows Server 2003 SP1 Issues (3.0.15pre2)

William R. Lorenz wrl at express.org
Thu Apr 28 05:50:59 GMT 2005

Hi All,

I'm running into some issues accessing a Samba server that's in turn 
authenticating against a Win2k3-SP1 domain controller (security=ads).  I 
understand there were some known issues corrected in a patch, and I'm 
currently running 3.0.15pre2, which I understand includes that patch.


All was working fine before the Win2k3 server was upgraded with the SP1 
service pack.  The `net ads join`, `wbinfo -t`, `wbinfo -u`, `wbinfo -p`, 
`getent passwd`, and `getent group` commands all still work fine, but 
users can't authenticate against the Samba box and view available shares.

For example, here's a local smbclient connection from the local console:

   [root at linux-test samba]# smbclient -L -U polorx
   added interface ip= bcast= nmask=
   Client started (version 3.0.15pre2).
   Connecting to at port 445
   Doing spnego session setup (blob length=112)
   got OID=1 2 840 113554 1 2 2
   got OID=1 2 840 48018 1 2 2
   got OID=1 3 6 1 4 1 311 2 2 10
   got principal=linux-test$@TCB.INTERNAL
   Got challenge flags:
   Got NTLMSSP neg_flags=0x60890215
   NTLMSSP: Set final flags:
   Got NTLMSSP neg_flags=0x60080215
   NTLMSSP Sign/Seal - Initialising with flags:
   Got NTLMSSP neg_flags=0x60080215
   SPNEGO login failed: Logon failure
   session setup failed: NT_STATUS_LOGON_FAILURE
   [root at linux-test samba]#

I have attached the Samba server's configuration file, and I can also 
provide detailed logs upon request.  Does anyone have any ideas on this?

Thanks, in advance, for any insights you can offer!

-- William R. Lorenz <wrl at express.org>
-- http://www.express.org/~wrl/ ; "Every revolution was first
-- a thought in one man's mind." - Ralph Waldo Emerson
-------------- next part --------------
	netbios name		= linux-test
	workgroup 		= MFERRY
	realm			= tcb.internal
	server string 		= linux-test
	security 		= ads
	encrypt passwords 	= Yes
	log file 		= /var/log/samba/%m.log
	log level		= 10
	max log size 		= 0
	socket options 		= TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	domain logons 		= No
	os level 		= 10
	preferred master 	= No
	domain master 		= No 
	dns proxy 		= No
	hosts allow		= 192.168.
	password server 	=
	interfaces		=
	bind interfaces only 	= yes
	case sensitive		= no
	default case		= lower
	preserve case		= yes
	short preserve case	= yes
	add share command	= /usr/local/samba/bin/share.pl
	change share command	= /usr/local/samba/bin/share.pl	
	delete share command	= /usr/local/samba/bin/share.pl
	admin users		= @MFERRY+Administrators
	announce as		= "NT Server"
	announce version	= 9.3
	blocking locks		= yes
	browse list		= yes
	deadtime		= 15
	debug timestamp		= yes
	debug hires timestamp	= yes
	debug pid		= yes
	default service		= public
	dont descend		= /proc,/dev,/tmp,/usr
	getwd cache		= yes
	hide dot files		= yes
	invalid users		= root shutdown halt service mysql apache rpm
	kernel oplocks		= yes
	load printers		= no
	locking			= yes
	max disk size		= 5000
	message command		= /var/log/samba "%s" "%t" "%f" &
	nt acl support		= yes
	nt pipe support		= yes
	null passwords		= no
	obey pam restrictions	= yes
	strict allocate		= yes

        winbind separator       = +
        winbind cache time      = 10
        idmap uid               = 16777216-33554431
        idmap gid               = 16777216-33554431
        winbind enum users      = yes
        winbind enum groups     = yes
        template shell          = /bin/false
        template homedir        = /home/%U

More information about the samba mailing list