[Samba] cannot login from some machines after upgrading from 2 to 3

Atrox silver.salonen at gmail.com
Tue Aug 14 14:12:20 GMT 2007



Atrox wrote:
> 
> Hi.
> 
> I've got a strange issue here. Some time ago (in march ;) I upgraded my
> FreeBSD-6.0 Samba 2.2 to 3.0 (currently 3.0.24). After creating groupmaps
> and doing all the other upgrade tasks, everything seemed to be alright.
> However, it was not possible to login from some machines (getting error
> for the wrong password). After disjoining and rejoining domain with these
> machines, it was possible again.
> 
> Does anybody know, what could be the problem?
> 
> There are still some such machines left. One of these is a Windows 2000.
> When I try to login to domain from there, I see the according log-lines
> ending with:
> =====
> [2007/06/21 11:40:27, 3] auth/auth.c:check_ntlm_password(270)
>   check_ntlm_password: sam authentication for user [silver] succeeded
> [2007/06/21 11:40:27, 5] auth/auth.c:check_ntlm_password(296)
>   check_ntlm_password:  PAM Account for user [silver] succeeded
> [2007/06/21 11:40:27, 2] auth/auth.c:check_ntlm_password(309)
>   check_ntlm_password:  authentication for user [silver] -> [silver] ->
> [silver] succeeded
> [2007/06/21 11:40:27, 5] auth/auth_util.c:free_user_info(1867)
>   attempting to free (and zero) a user_info structure
> [2007/06/21 11:40:27, 10] auth/auth_util.c:free_user_info(1871)
>   structure was created for silver
> =====
> 
> When checking some successful login's log, I see that information about
> user's groups should follow:
> =====
> [2007/06/21 13:24:57, 10] auth/auth_util.c:free_user_info(1871)
>   structure was created for silver
> [2007/06/21 13:24:57, 10] auth/auth_util.c:create_local_token(1023)
>   Could not convert SID S-1-1-0 to gid, ignoring it
> [2007/06/21 13:24:57, 10] auth/auth_util.c:create_local_token(1023)
>   Could not convert SID S-1-5-2 to gid, ignoring it
> [2007/06/21 13:24:57, 10] auth/auth_util.c:create_local_token(1023)
>   Could not convert SID S-1-5-32-546 to gid, ignoring it
> [2007/06/21 13:24:57, 10] auth/auth_util.c:debug_nt_user_token(454)
>   NT user token of user S-1-5-21-770051042-1162095659-2196661315-501
>   contains 4 SIDs
>   SID[  0]: S-1-5-21-770051042-1162095659-2196661315-501
>   SID[  1]: S-1-1-0
>   SID[  2]: S-1-5-2
>   SID[  3]: S-1-5-32-546
> =====
> 
> I checked the "server schannel" also and verified that this is not the
> case as this w2k's according security settings match server's settings.
> 
> What else could cause this?
> 
> Thanks in advance,
> Silver
> 

Hello.

Update: some machines allow some users to login, but some users not to. Even
though the user is in the users group and can login to Samba with smbclient,
login from (at least some) machines fails.

Hasn't anyone experienced smth like that?

Silver
-- 
View this message in context: http://www.nabble.com/cannot-login-from-some-machines-after-upgrading-from-2-to-3-tf3958124.html#a12145332
Sent from the Samba - General mailing list archive at Nabble.com.



More information about the samba mailing list