[Samba] Migration PDC from Samba 2.2.8a to 3.0.9 -> Error NT_STATUS_WRONG_PASSWORD

JJunge at paritaet-th.de JJunge at paritaet-th.de
Fri Jan 14 07:30:40 GMT 2005 

Hello

im trying to migrate from Samba 2.2.8a to 3.0.9.
The Server is a PDC using ldap and winbind.

I used the convertSambaAccount script to convert the ldap schema from old
to new.

I shut down the old smb server and started the new one.
The share one the new server are accessible from my still running W2k
machine.
If I start another machine und log in as a user, that was logged in before
from this machine,
everything is fine too. But if i try to log in as User, that was not logged
in from that machine before
the user can not be authenticated. (Error NT_STATUS_WRONG_PASSWORD, see
log)

(The registry on my machines is configurated, to keep the registry settings
from the last user.
So I think the last logged in user ist authenticated through the cached
registry)

Why can't I authenticate the user towards the PDC?


Cheers JJ



Machine log:
---snip---
[2005/01/14 07:02:06, 2] smbd/sesssetup.c:setup_new_vc_session(608)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2005/01/14 07:02:06, 2] smbd/sesssetup.c:setup_new_vc_session(608)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources.
[2005/01/14 07:02:06, 2] lib/access.c:check_access(324)
  Allowed connection from  (172.30.0.101)
[2005/01/14 07:02:14, 2] lib/access.c:check_access(324)
  Allowed connection from  (172.30.0.101)
[2005/01/14 07:02:14, 2] rpc_parse/parse_prs.c:netsec_decode(1585)
  netsec_decode: FAILED: packet sequence number:
[2005/01/14 07:02:14, 2] lib/util.c:dump_data(1977)
  [000] 23 47 9E 7C DA 18 69 4E                           #G.|..iN
[2005/01/14 07:02:14, 2] rpc_parse/parse_prs.c:netsec_decode(1587)
  should be:
[2005/01/14 07:02:14, 2] lib/util.c:dump_data(1977)
  [000] 00 00 00 00 80 00 00 00                           ........
[2005/01/14 07:02:14, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: p220fdie$
[2005/01/14 07:02:14, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
  init_sam_from_ldap: Entry found for user: adminneu
[2005/01/14 07:02:14, 2] passdb/pdb_ldap.c:init_ldap_from_sam(893)
  init_ldap_from_sam: Setting entry for user: adminneu
[2005/01/14 07:02:14, 2] auth/auth.c:check_ntlm_password(312)
  check_ntlm_password:  Authentication for user [adminneu] -> [adminneu]
FAILED with error NT_STATUS_WRONG_PASSWORD
[2005/01/14 07:03:12, 2] smbd/server.c:exit_server(571)
  Closing connections
---/snip---

smb.conf
---snip---
###########################################################################
#
# /etc/smb.conf
#
###########################################################################

[global]

#
# Basic Server Settings
#
   netbios name = linux
   workgroup = paritaet-th
   server string = Paritaet Thueringen Srv (PDC %v)
#
# PDC and master browser settings
#
   os level = 250
   wins support = yes
   local master = yes
   preferred master = yes
   domain master = yes
   name resolve order = wins host bcast
#
# LDAP
#
   ldap suffix = dc=paritaet-th,dc=de
   ldap admin dn = cn=Manager,dc=paritaet-th,dc=de
   passdb backend = ldapsam:ldap://127.0.0.1/
   ldap group suffix = ou=groups
   ldap user suffix = ou=users
   ldap machine suffix = ou=computers
   ldap ssl = off

   ldap delete dn = Yes

   add machine script = /usr/local/sbin/smbldap-useradd -w "%U"
   add user script = /usr/local/sbin/smbldap-useradd -m "%U"
   #delete user script = /usr/local/sbin/smbldap-userdel "%U"
   add machine script = /usr/local/sbin/smbldap-useradd -w "%U"
   add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
   #delete group script = /usr/local/sbin/smbldap-groupdel "%g"
   add user to group script = /usr/local/sbin/smbldap-groupmod -m "%U" "%g"
   delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%U"
"%g"
   set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%U"
#
# Security
#
   security = user
   encrypt passwords = yes
   domain logons = yes
   hosts allow = 127.0.0.1 172.30.0.0/255.255.0.0 172.29.0.0/255.255.0.0
#
# Log
#
   syslog = 0
   log level = 2
   # log file = /var/log/samba/log
   log file = /var/log/samba/log.%m
   max log size = 100
#
# Password
#
   unix password sync = yes
   min password length = 4

   passwd program = /usr/local/sbin/smbldap-passwd.pl %U
   passwd chat = *password* %n\n *password* %n\n *uccessfull*
#
# User Profiles and home directory
#
   logon home = \\linux\%U
   logon drive = W:
   logon script = netlogon.bat
#
# General Printer
#
   load printers = yes
   printing = cups
   printcap = cups
   printer admin = @smbadmin
#
# Server Options
#
   time server = yes

   map archive = no
   map hidden = no
   map system = no
#
# Char Set
#
   Dos charset = 850
   Unix charset = ISO8859-1


###########################################################################
#
# Special Shares (home netlogon printers)
#
###########################################################################
---/snip---

-----------------------------------------------------------------------------------------------

Jörg Junge
IT-Koordinator

Paritätischer Wohlfahrtsverband
Landesverband Thüringen e.V.
Bergstr. 11
99192 Neudietendorf
Deutschland

Tel : +49 36202 26 204
Fax: +49 36202 26 234

http://www.paritaet-th.de

More information about the samba mailing list