[Samba] 2.2 to 3.0.x PDC upgrade: an XP box no longer authenticates domain users with the Samba PDC

Bruno Ferreira morphine at digitalmente.net
Mon Oct 3 17:34:40 GMT 2005 

    Hi!

    I've recently been upgrading a Samba 2.2 installation to 3.0 (on a 
SuSE 9.3 machine, specific version is 3.0.13-1.1-SuSE). Everything went 
more or less okay, but I'm stumped on the following problem... here's 
the general setup:

    * Samba acting as a PDC (named "servidor"). Was upgraded from 2.2 to
      3.0. I copied the smb.conf file, and the passwd/shadow/smbpasswd
      files. I edited the smb.conf to match 3.0's configuration changes.
    * XP workstations, no problems there.
    * XP box running some windows-specific stuff (named "servidor_xp")
      that authenticates people connecting to it through the PDC. Had no
      problems in the 2.2 days.


    Here's what happens: the XP box no longer auths users. I checked the 
Samba log and I see this:

    [2005/10/03 18:01:04, 2] lib/access.c:check_access(324)
      Allowed connection from servidor_xp.domain.lan (192.168.0.220)
    [2005/10/03 18:01:04, 2] rpc_parse/parse_prs.c:netsec_decode(1594)
      netsec_decode: FAILED: packet sequence number:
    [2005/10/03 18:01:04, 2] lib/util.c:dump_data(1995)
      [000] 24 32 D2 AB 6B 37 A4 DA                           $2..k7..
    [2005/10/03 18:01:04, 2] rpc_parse/parse_prs.c:netsec_decode(1596)
      should be:
    [2005/10/03 18:01:04, 2] lib/util.c:dump_data(1995)
      [000] 00 00 00 00 80 00 00 00                           ........
    [2005/10/03 18:01:04, 2] lib/access.c:check_access(324)
      Allowed connection from servidor_xp.domain.lan (192.168.0.220)
    [2005/10/03 18:01:04, 2] auth/auth.c:check_ntlm_password(305)
      check_ntlm_password:  authentication for user [joe] -> [joe] ->
    [joe] succeeded


    So basically, even though Samba authenticates the user just fine, 
something wrong seems to happen with that "netsec_decode FAILED [...]" 
part, which is most likely causing the authentication not to succeed. I 
googled around in mailing lists for similar stuff and I found that this 
usually relates to mismatching SIDs, but even though I know what a SID 
is, more than that goes over my head (and it might not even be related 
at all). Just for kicks, I deleted all .tdb files in /var/lib/samba so 
that Samba would recreate them (thinking that old stale SIDs were 
somehow stored there), but to no avail.

    Anyone knows what the problem is and how to solve it?

    -- Bruno Ferreira

More information about the samba mailing list