[Samba] cannot login from some machines after upgrading from 2 to 3

Atrox silver.salonen at gmail.com
Thu Jun 21 11:23:19 GMT 2007


Hi.

I've got a strange issue here. Some time ago (in march ;) I upgraded my
FreeBSD-6.0 Samba 2.2 to 3.0 (currently 3.0.24). After creating groupmaps
and doing all the other upgrade tasks, everything seemed to be alright.
However, it was not possible to login from some machines (getting error for
the wrong password). After disjoining and rejoining domain with these
machines, it was possible again.

Does anybody know, what could be the problem?

There are still some such machines left. One of these is a Windows 2000.
When I try to login to domain from there, I see the according log-lines
ending with:
=====
[2007/06/21 11:40:27, 3] auth/auth.c:check_ntlm_password(270)
  check_ntlm_password: sam authentication for user [silver] succeeded
[2007/06/21 11:40:27, 5] auth/auth.c:check_ntlm_password(296)
  check_ntlm_password:  PAM Account for user [silver] succeeded
[2007/06/21 11:40:27, 2] auth/auth.c:check_ntlm_password(309)
  check_ntlm_password:  authentication for user [silver] -> [silver] ->
[silver] succeeded
[2007/06/21 11:40:27, 5] auth/auth_util.c:free_user_info(1867)
  attempting to free (and zero) a user_info structure
[2007/06/21 11:40:27, 10] auth/auth_util.c:free_user_info(1871)
  structure was created for silver
=====

When checking some successful login's log, I see that information about
user's groups should follow:
=====
[2007/06/21 13:24:57, 10] auth/auth_util.c:free_user_info(1871)
  structure was created for silver
[2007/06/21 13:24:57, 10] auth/auth_util.c:create_local_token(1023)
  Could not convert SID S-1-1-0 to gid, ignoring it
[2007/06/21 13:24:57, 10] auth/auth_util.c:create_local_token(1023)
  Could not convert SID S-1-5-2 to gid, ignoring it
[2007/06/21 13:24:57, 10] auth/auth_util.c:create_local_token(1023)
  Could not convert SID S-1-5-32-546 to gid, ignoring it
[2007/06/21 13:24:57, 10] auth/auth_util.c:debug_nt_user_token(454)
  NT user token of user S-1-5-21-770051042-1162095659-2196661315-501
  contains 4 SIDs
  SID[  0]: S-1-5-21-770051042-1162095659-2196661315-501
  SID[  1]: S-1-1-0
  SID[  2]: S-1-5-2
  SID[  3]: S-1-5-32-546
=====

I checked the "server schannel" also and verified that this is not the case
as this w2k's according security settings match server's settings.

What else could cause this?

Thanks in advance,
Silver
-- 
View this message in context: http://www.nabble.com/cannot-login-from-some-machines-after-upgrading-from-2-to-3-tf3958124.html#a11231169
Sent from the Samba - General mailing list archive at Nabble.com.



More information about the samba mailing list