[Samba] cannot login from some machines after upgrading from 2 to 3

Atrox silver.salonen at gmail.com
Tue Dec 4 14:44:59 GMT 2007 


Atrox wrote:
> 
> 
> Atrox wrote:
>> 
>> Hi.
>> 
>> I've got a strange issue here. Some time ago (in march ;) I upgraded my
>> FreeBSD-6.0 Samba 2.2 to 3.0 (currently 3.0.24). After creating groupmaps
>> and doing all the other upgrade tasks, everything seemed to be alright.
>> However, it was not possible to login from some machines (getting error
>> for the wrong password). After disjoining and rejoining domain with these
>> machines, it was possible again.
>> 
>> Does anybody know, what could be the problem?
>> 
>> There are still some such machines left. One of these is a Windows 2000.
>> When I try to login to domain from there, I see the according log-lines
>> ending with:
>> =====
>> [2007/06/21 11:40:27, 3] auth/auth.c:check_ntlm_password(270)
>>   check_ntlm_password: sam authentication for user [silver] succeeded
>> [2007/06/21 11:40:27, 5] auth/auth.c:check_ntlm_password(296)
>>   check_ntlm_password:  PAM Account for user [silver] succeeded
>> [2007/06/21 11:40:27, 2] auth/auth.c:check_ntlm_password(309)
>>   check_ntlm_password:  authentication for user [silver] -> [silver] ->
>> [silver] succeeded
>> [2007/06/21 11:40:27, 5] auth/auth_util.c:free_user_info(1867)
>>   attempting to free (and zero) a user_info structure
>> [2007/06/21 11:40:27, 10] auth/auth_util.c:free_user_info(1871)
>>   structure was created for silver
>> =====
>> 
>> When checking some successful login's log, I see that information about
>> user's groups should follow:
>> =====
>> [2007/06/21 13:24:57, 10] auth/auth_util.c:free_user_info(1871)
>>   structure was created for silver
>> [2007/06/21 13:24:57, 10] auth/auth_util.c:create_local_token(1023)
>>   Could not convert SID S-1-1-0 to gid, ignoring it
>> [2007/06/21 13:24:57, 10] auth/auth_util.c:create_local_token(1023)
>>   Could not convert SID S-1-5-2 to gid, ignoring it
>> [2007/06/21 13:24:57, 10] auth/auth_util.c:create_local_token(1023)
>>   Could not convert SID S-1-5-32-546 to gid, ignoring it
>> [2007/06/21 13:24:57, 10] auth/auth_util.c:debug_nt_user_token(454)
>>   NT user token of user S-1-5-21-770051042-1162095659-2196661315-501
>>   contains 4 SIDs
>>   SID[  0]: S-1-5-21-770051042-1162095659-2196661315-501
>>   SID[  1]: S-1-1-0
>>   SID[  2]: S-1-5-2
>>   SID[  3]: S-1-5-32-546
>> =====
>> 
>> I checked the "server schannel" also and verified that this is not the
>> case as this w2k's according security settings match server's settings.
>> 
>> What else could cause this?
>> 
>> Thanks in advance,
>> Silver
>> 
> 
> Hello.
> 
> Update: some machines allow some users to login, but some users not to.
> Even though the user is in the users group and can login to Samba with
> smbclient, login from (at least some) machines fails.
> 
> Hasn't anyone experienced smth like that?
> 
> Silver
> 

I'm sorry to bother the list with this again, but I'm still sitting on this
issue. Meanwhile a user wanted to change his password, but after doing that
he couldn't login from his machine any more. If I changed his password to
the old one, it was OK again.

Now a new user was made, but he cannot login into domain..

Would anyone suggest me some debugging options?

--
Silver
-- 
View this message in context: http://www.nabble.com/cannot-login-from-some-machines-after-upgrading-from-2-to-3-tf3958124.html#a14151755
Sent from the Samba - General mailing list archive at Nabble.com.

More information about the samba mailing list