[Samba] upgrading to samba 3.0.22

lists at localguru.de lists at localguru.de
Sun Jul 9 12:56:13 GMT 2006 

Hi,

tonight I've tried to move Samba 2.2.3a-15 from our old debian woody
machine to a new, different server, which is a ubunut dapper box,
running Samba 3.0.22-1ubuntu3. But I get a 'Rejecting auth request from
client' error,

What I did:

1) copied following files from /etc/samba/ to the new machine:

  MACHINE.SID
  smb.conf  -> see here: http://129.70.34.180/~schoppa/smb.conf
  smbpasswd

2) copied users from /etc/passwd and /etc/group to the new machine and
created all home directories and shared directories.


3) here is a list of ALL files on the old server in /var/lib/samba/

 ntdrivers.tdb  
 ntforms.tdb
 ntprinters.tdb
 secrets.tdb
 share_info.tdb  
 wins.dat
 
 Yes, that's the complete list, no "account_policy.tdb" etc. files and I
don't know which of these files are needed on the 3.0.22 machine.

PROBLEM: when shutting down the old 2.2 Samba Server and starting the
new 3.0.22 one with the same IP, netbios name and smb.conf it's possible
to join the domain from my client computer (WinXP) with my username
(testuser). No problem so far. But, if I go to another client computer -
which is part of the same domain - try to log in with the same valid
username (testuser), I get the following error (I've logged out on my
computer before):

---------------
[2006/07/08 00:11:12, 2] lib/access.c:check_access(324)
  Allowed connection from  (192.168.1.27)
[2006/07/08 00:11:12, 2] libsmb/credentials.c:creds_server_check(159)
  creds_server_check: credentials check failed.
[2006/07/08 00:11:12, 2] rpc_server/srv_netlog_nt.c:_net_sam_logon(667)
  _net_sam_logon: creds_server_step failed. Rejecting auth request from
client UREW-PCSCHOPPA2 machine account UREW-PCSCHOPPA2$
[2006/07/08 00:11:12, 2] lib/access.c:check_access(324)
  Allowed connection from  (192.168.1.27)
[2006/07/08 00:11:12, 2] auth/auth.c:check_ntlm_password(307)
  check_ntlm_password:  authentication for user [testuser] -> [testuser]
-> [testuser] succeeded
[2006/07/08 00:11:40, 2] smbd/server.c:exit_server(614)
---------------

I've tried that on different clients and it's reproducable: You can log
into the domain from any client with any user only if the user had been
logged into the OLD domain/old samba server from this particular client.
Trying to log in with any valid user from a client machine that is
registered in the domain but was never used by this user 
before will give you the above error. I think it has something to do
with the machine accounts. Did I forget to copy some files, or is
something wrong with my smb.conf?

Any ideas?

Thank you,
Marcus

More information about the samba mailing list