[Samba] PDC Migration - Mapping user []\[] from...
Mike Boyd
mb at psaparts.co.uk
Tue Mar 22 13:35:42 GMT 2005
I've since tried removing /var/spool/samba/*.tdb on the new server and
then copying over the existing tdb's from the old server before
switching to the new server. This is because there are some new tdb's
there that might have some mangled info from previous attempts to migrate.
I have also confirmed that the logins that don't work on the new server
are user/machine combinations that haven't been made through the old
server. I can reliably get a user/machine combo working on the new
server by logging them on with the old server up first.
When using a new user/machine combo through the new server XP says
" The system could not log you on. Make sure your User name and domain
are correct, then type your password again. Letters in passwords must
be typed using the correct case."
but the log file now reports that the user is allowed to logon. Our
domain is NTPSA. Here's the log of a failed attempt to log on:
[2005/03/22 13:30:26, 5] auth/auth.c:make_auth_context_subsystem(477)
Making default auth method list for DC, security=user, encrypt
passwords = yes
[2005/03/22 13:30:26, 5] auth/auth.c:smb_register_auth(45)
Attempting to register auth backend rhosts
[2005/03/22 13:30:26, 5] auth/auth.c:smb_register_auth(57)
Successfully added auth method 'rhosts'
[2005/03/22 13:30:26, 5] auth/auth.c:smb_register_auth(45)
Attempting to register auth backend hostsequiv
[2005/03/22 13:30:26, 5] auth/auth.c:smb_register_auth(57)
Successfully added auth method 'hostsequiv'
[2005/03/22 13:30:26, 5] auth/auth.c:smb_register_auth(45)
Attempting to register auth backend sam
[2005/03/22 13:30:26, 5] auth/auth.c:smb_register_auth(57)
Successfully added auth method 'sam'
[2005/03/22 13:30:26, 5] auth/auth.c:smb_register_auth(45)
Attempting to register auth backend sam_ignoredomain
[2005/03/22 13:30:26, 5] auth/auth.c:smb_register_auth(57)
Successfully added auth method 'sam_ignoredomain'
[2005/03/22 13:30:26, 5] auth/auth.c:smb_register_auth(45)
Attempting to register auth backend unix
[2005/03/22 13:30:26, 5] auth/auth.c:smb_register_auth(57)
Successfully added auth method 'unix'
[2005/03/22 13:30:26, 5] auth/auth.c:smb_register_auth(45)
Attempting to register auth backend winbind
[2005/03/22 13:30:26, 5] auth/auth.c:smb_register_auth(57)
Successfully added auth method 'winbind'
[2005/03/22 13:30:26, 5] auth/auth.c:smb_register_auth(45)
Attempting to register auth backend smbserver
[2005/03/22 13:30:26, 5] auth/auth.c:smb_register_auth(57)
Successfully added auth method 'smbserver'
[2005/03/22 13:30:26, 5] auth/auth.c:smb_register_auth(45)
Attempting to register auth backend trustdomain
[2005/03/22 13:30:26, 5] auth/auth.c:smb_register_auth(57)
Successfully added auth method 'trustdomain'
[2005/03/22 13:30:26, 5] auth/auth.c:smb_register_auth(45)
Attempting to register auth backend ntdomain
[2005/03/22 13:30:26, 5] auth/auth.c:smb_register_auth(57)
Successfully added auth method 'ntdomain'
[2005/03/22 13:30:26, 5] auth/auth.c:smb_register_auth(45)
Attempting to register auth backend guest
[2005/03/22 13:30:26, 5] auth/auth.c:smb_register_auth(57)
Successfully added auth method 'guest'
[2005/03/22 13:30:26, 5] auth/auth.c:load_auth_module(384)
load_auth_module: Attempting to find an auth method to match guest
[2005/03/22 13:30:26, 5] auth/auth.c:load_auth_module(409)
load_auth_module: auth method guest has a valid init
[2005/03/22 13:30:26, 5] auth/auth.c:load_auth_module(384)
load_auth_module: Attempting to find an auth method to match sam
[2005/03/22 13:30:26, 5] auth/auth.c:load_auth_module(409)
load_auth_module: auth method sam has a valid init
[2005/03/22 13:30:26, 5] auth/auth.c:load_auth_module(384)
load_auth_module: Attempting to find an auth method to match
winbind:trustdomain
[2005/03/22 13:30:26, 5] auth/auth.c:load_auth_module(384)
load_auth_module: Attempting to find an auth method to match trustdomain
[2005/03/22 13:30:26, 5] auth/auth.c:load_auth_module(409)
load_auth_module: auth method trustdomain has a valid init
[2005/03/22 13:30:26, 5] auth/auth.c:load_auth_module(409)
load_auth_module: auth method winbind has a valid init
[2005/03/22 13:30:26, 5] auth/auth.c:get_ntlm_challenge(95)
auth_get_challenge: module guest did not want to specify a challenge
[2005/03/22 13:30:26, 5] auth/auth.c:get_ntlm_challenge(95)
auth_get_challenge: module sam did not want to specify a challenge
[2005/03/22 13:30:26, 5] auth/auth.c:get_ntlm_challenge(95)
auth_get_challenge: module winbind did not want to specify a challenge
[2005/03/22 13:30:26, 5] auth/auth.c:get_ntlm_challenge(135)
auth_context challenge created by random
[2005/03/22 13:30:26, 5] auth/auth.c:get_ntlm_challenge(136)
challenge is:
[2005/03/22 13:30:26, 5] auth/auth_util.c:make_user_info_map(225)
make_user_info_map: Mapping user []\[] from workstation [NAIAD]
[2005/03/22 13:30:26, 5] auth/auth_util.c:is_trusted_domain(1448)
is_trusted_domain: Checking for domain trust with [NTPSA]
[2005/03/22 13:30:26, 5] auth/auth_util.c:make_user_info(133)
attempting to make a user_info for ()
[2005/03/22 13:30:26, 5] auth/auth_util.c:make_user_info(143)
making strings for 's user_info struct
[2005/03/22 13:30:26, 5] auth/auth_util.c:make_user_info(185)
making blobs for 's user_info struct
[2005/03/22 13:30:26, 10] auth/auth_util.c:make_user_info(201)
made an encrypted user_info for ()
[2005/03/22 13:30:26, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[]\[]@[NAIAD] with the new password interface
[2005/03/22 13:30:26, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [NTPSA]\[]@[NAIAD]
[2005/03/22 13:30:26, 10] auth/auth.c:check_ntlm_password(231)
check_ntlm_password: auth_context challenge created by random
[2005/03/22 13:30:26, 10] auth/auth.c:check_ntlm_password(233)
challenge is:
[2005/03/22 13:30:26, 5] auth/auth_util.c:debug_unix_user_token(505)
UNIX token of user 99
Primary group is 99 and contains 2 supplementary groups
Group[ 0]: 99
Group[ 1]: 601
[2005/03/22 13:30:26, 10] auth/auth_util.c:debug_nt_user_token(491)
NT user token of user S-1-5-21-190581360-3390575506-1945272168-501
contains 7 SIDs
SID[ 0]: S-1-5-21-190581360-3390575506-1945272168-501
SID[ 1]: S-1-5-21-190581360-3390575506-1945272168-514
SID[ 2]: S-1-1-0
SID[ 3]: S-1-5-2
SID[ 4]: S-1-5-32-546
SID[ 5]: S-1-5-21-190581360-3390575506-1945272168-1199
SID[ 6]: S-1-5-21-190581360-3390575506-1945272168-2203
[2005/03/22 13:30:26, 5] auth/auth_util.c:make_server_info_sam(844)
make_server_info_sam: made server info for user nobody -> nobody
[2005/03/22 13:30:26, 3] auth/auth.c:check_ntlm_password(268)
check_ntlm_password: guest authentication for user [] succeeded
[2005/03/22 13:30:26, 5] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: guest authentication for user [] -> [] ->
[nobody] succeeded
[2005/03/22 13:30:26, 5] auth/auth_util.c:free_user_info(1318)
attempting to free (and zero) a user_info structure
[2005/03/22 13:30:26, 10] auth/auth_util.c:free_user_info(1321)
structure was created for
[2005/03/22 13:30:26, 5] auth/auth.c:make_auth_context_subsystem(477)
Making default auth method list for DC, security=user, encrypt
passwords = yes
[2005/03/22 13:30:26, 5] auth/auth.c:load_auth_module(384)
load_auth_module: Attempting to find an auth method to match guest
[2005/03/22 13:30:26, 5] auth/auth.c:load_auth_module(409)
load_auth_module: auth method guest has a valid init
[2005/03/22 13:30:26, 5] auth/auth.c:load_auth_module(384)
load_auth_module: Attempting to find an auth method to match sam
[2005/03/22 13:30:26, 5] auth/auth.c:load_auth_module(409)
load_auth_module: auth method sam has a valid init
[2005/03/22 13:30:26, 5] auth/auth.c:load_auth_module(384)
load_auth_module: Attempting to find an auth method to match
winbind:trustdomain
[2005/03/22 13:30:26, 5] auth/auth.c:load_auth_module(384)
load_auth_module: Attempting to find an auth method to match trustdomain
[2005/03/22 13:30:26, 5] auth/auth.c:load_auth_module(409)
load_auth_module: auth method trustdomain has a valid init
[2005/03/22 13:30:26, 5] auth/auth.c:load_auth_module(409)
load_auth_module: auth method winbind has a valid init
[2005/03/22 13:30:26, 5] auth/auth.c:get_ntlm_challenge(95)
auth_get_challenge: module guest did not want to specify a challenge
[2005/03/22 13:30:26, 5] auth/auth.c:get_ntlm_challenge(95)
auth_get_challenge: module sam did not want to specify a challenge
[2005/03/22 13:30:26, 5] auth/auth.c:get_ntlm_challenge(95)
auth_get_challenge: module winbind did not want to specify a challenge
[2005/03/22 13:30:26, 5] auth/auth.c:get_ntlm_challenge(135)
auth_context challenge created by random
[2005/03/22 13:30:26, 5] auth/auth.c:get_ntlm_challenge(136)
challenge is:
[2005/03/22 13:30:26, 5] auth/auth_util.c:make_user_info_map(225)
make_user_info_map: Mapping user []\[] from workstation [NAIAD]
[2005/03/22 13:30:26, 5] auth/auth_util.c:is_trusted_domain(1448)
is_trusted_domain: Checking for domain trust with [NTPSA]
[2005/03/22 13:30:26, 5] auth/auth_util.c:make_user_info(133)
attempting to make a user_info for ()
[2005/03/22 13:30:26, 5] auth/auth_util.c:make_user_info(143)
making strings for 's user_info struct
[2005/03/22 13:30:26, 5] auth/auth_util.c:make_user_info(185)
making blobs for 's user_info struct
[2005/03/22 13:30:26, 10] auth/auth_util.c:make_user_info(201)
made an encrypted user_info for ()
[2005/03/22 13:30:26, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[]\[]@[NAIAD] with the new password interface
[2005/03/22 13:30:26, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [NTPSA]\[]@[NAIAD]
[2005/03/22 13:30:26, 10] auth/auth.c:check_ntlm_password(231)
check_ntlm_password: auth_context challenge created by random
[2005/03/22 13:30:26, 10] auth/auth.c:check_ntlm_password(233)
challenge is:
[2005/03/22 13:30:26, 5] auth/auth_util.c:debug_unix_user_token(505)
UNIX token of user 99
Primary group is 99 and contains 2 supplementary groups
Group[ 0]: 99
Group[ 1]: 601
[2005/03/22 13:30:26, 10] auth/auth_util.c:debug_nt_user_token(491)
NT user token of user S-1-5-21-190581360-3390575506-1945272168-501
contains 7 SIDs
SID[ 0]: S-1-5-21-190581360-3390575506-1945272168-501
SID[ 1]: S-1-5-21-190581360-3390575506-1945272168-514
SID[ 2]: S-1-1-0
SID[ 3]: S-1-5-2
SID[ 4]: S-1-5-32-546
SID[ 5]: S-1-5-21-190581360-3390575506-1945272168-1199
SID[ 6]: S-1-5-21-190581360-3390575506-1945272168-2203
[2005/03/22 13:30:26, 5] auth/auth_util.c:make_server_info_sam(844)
make_server_info_sam: made server info for user nobody -> nobody
[2005/03/22 13:30:26, 3] auth/auth.c:check_ntlm_password(268)
check_ntlm_password: guest authentication for user [] succeeded
[2005/03/22 13:30:26, 5] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: guest authentication for user [] -> [] ->
[nobody] succeeded
[2005/03/22 13:30:26, 5] auth/auth_util.c:free_user_info(1318)
attempting to free (and zero) a user_info structure
[2005/03/22 13:30:26, 10] auth/auth_util.c:free_user_info(1321)
structure was created for
[2005/03/22 13:30:26, 5] auth/auth.c:make_auth_context_subsystem(477)
Making default auth method list for DC, security=user, encrypt
passwords = yes
[2005/03/22 13:30:26, 5] auth/auth.c:load_auth_module(384)
load_auth_module: Attempting to find an auth method to match guest
[2005/03/22 13:30:26, 5] auth/auth.c:load_auth_module(409)
load_auth_module: auth method guest has a valid init
[2005/03/22 13:30:26, 5] auth/auth.c:load_auth_module(384)
load_auth_module: Attempting to find an auth method to match sam
[2005/03/22 13:30:26, 5] auth/auth.c:load_auth_module(409)
load_auth_module: auth method sam has a valid init
[2005/03/22 13:30:26, 5] auth/auth.c:load_auth_module(384)
load_auth_module: Attempting to find an auth method to match
winbind:trustdomain
[2005/03/22 13:30:26, 5] auth/auth.c:load_auth_module(384)
load_auth_module: Attempting to find an auth method to match trustdomain
[2005/03/22 13:30:26, 5] auth/auth.c:load_auth_module(409)
load_auth_module: auth method trustdomain has a valid init
[2005/03/22 13:30:26, 5] auth/auth.c:load_auth_module(409)
load_auth_module: auth method winbind has a valid init
[2005/03/22 13:30:26, 5] auth/auth.c:get_ntlm_challenge(95)
auth_get_challenge: module guest did not want to specify a challenge
[2005/03/22 13:30:26, 5] auth/auth.c:get_ntlm_challenge(95)
auth_get_challenge: module sam did not want to specify a challenge
[2005/03/22 13:30:26, 5] auth/auth.c:get_ntlm_challenge(95)
auth_get_challenge: module winbind did not want to specify a challenge
[2005/03/22 13:30:26, 5] auth/auth.c:get_ntlm_challenge(135)
auth_context challenge created by random
[2005/03/22 13:30:26, 5] auth/auth.c:get_ntlm_challenge(136)
challenge is:
[2005/03/22 13:30:26, 5] auth/auth_util.c:make_user_info_map(225)
make_user_info_map: Mapping user [NTPSA]\[ru2] from workstation [NAIAD]
[2005/03/22 13:30:26, 5] auth/auth_util.c:is_trusted_domain(1448)
is_trusted_domain: Checking for domain trust with [NTPSA]
[2005/03/22 13:30:26, 5] auth/auth_util.c:make_user_info(133)
attempting to make a user_info for ru2 (ru2)
[2005/03/22 13:30:26, 5] auth/auth_util.c:make_user_info(143)
making strings for ru2's user_info struct
[2005/03/22 13:30:26, 5] auth/auth_util.c:make_user_info(185)
making blobs for ru2's user_info struct
[2005/03/22 13:30:26, 10] auth/auth_util.c:make_user_info(201)
made an encrypted user_info for ru2 (ru2)
[2005/03/22 13:30:26, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[NTPSA]\[ru2]@[NAIAD] with the new password interface
[2005/03/22 13:30:26, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [NTPSA]\[ru2]@[NAIAD]
[2005/03/22 13:30:26, 10] auth/auth.c:check_ntlm_password(231)
check_ntlm_password: auth_context challenge created by random
[2005/03/22 13:30:26, 10] auth/auth.c:check_ntlm_password(233)
challenge is:
[2005/03/22 13:30:26, 10] auth/auth.c:check_ntlm_password(259)
check_ntlm_password: guest had nothing to say
[2005/03/22 13:30:26, 4] auth/auth_sam.c:sam_account_ok(119)
sam_account_ok: Checking SMB password for user ru2
[2005/03/22 13:30:26, 5] auth/auth_sam.c:logon_hours_ok(101)
logon_hours_ok: user ru2 allowed to logon at this time (Tue Mar 22
13:30:26 2005
)
[2005/03/22 13:30:26, 5] auth/auth_util.c:debug_unix_user_token(505)
UNIX token of user 2907
Primary group is 100 and contains 1 supplementary groups
Group[ 0]: 100
[2005/03/22 13:30:26, 10] auth/auth_util.c:debug_nt_user_token(491)
NT user token of user S-1-5-21-190581360-3390575506-1945272168-6814
contains 5 SIDs
SID[ 0]: S-1-5-21-190581360-3390575506-1945272168-6814
SID[ 1]: S-1-5-21-190581360-3390575506-1945272168-1201
SID[ 2]: S-1-1-0
SID[ 3]: S-1-5-2
SID[ 4]: S-1-5-11
[2005/03/22 13:30:26, 5] auth/auth_util.c:make_server_info_sam(844)
make_server_info_sam: made server info for user ru2 -> ru2
[2005/03/22 13:30:26, 3] auth/auth.c:check_ntlm_password(268)
check_ntlm_password: sam authentication for user [ru2] succeeded
[2005/03/22 13:30:26, 5] auth/auth.c:check_ntlm_password(292)
check_ntlm_password: PAM Account for user [ru2] succeeded
[2005/03/22 13:30:26, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [ru2] -> [ru2] -> [ru2]
succeeded
[2005/03/22 13:30:26, 5] auth/auth_util.c:free_user_info(1318)
attempting to free (and zero) a user_info structure
[2005/03/22 13:30:26, 10] auth/auth_util.c:free_user_info(1321)
structure was created for ru2
[2005/03/22 13:30:26, 5] auth/auth_util.c:free_server_info(1344)
attempting to free (and zero) a server_info structure
[2005/03/22 13:31:43, 5] auth/auth_util.c:free_server_info(1344)
attempting to free (and zero) a server_info structure
[2005/03/22 13:32:17, 5] auth/auth_util.c:free_server_info(1344)
attempting to free (and zero) a server_info structure
More information about the samba
mailing list