[Samba] 3.0.25: non-Kerberos authentication fails when security=ads?

Tue May 15 17:43:26 GMT 2007

I have several servers running Samba, all using security = ads mode.

After updating one of the servers to 3.0.25, non-Kerberos login
attempts now fail, although Kerberos logins work just fine.  E.g.:

$ smbclient -k -L //my-server
OS=[Unix] Server=[Samba 3.0.25-0.0]

        Sharename       Type      Comment
        ---------       ----      -------
        ...

$ smbclient -U username -L //www-dev-eval
Password: 
session setup failed: NT_STATUS_LOGON_FAILURE

If I look in the logs on my-server, this is what I see for the
non-Kerberos attempt:

[2007/05/15 12:47:10, 0] auth/auth_domain.c:domain_client_validate(257)
  domain_client_validate: unable to validate password for user username in domain OURDOMAIN to Domain controller DC.AD.EXAMPLE.COM. Error was NT_STATUS_NO_SUCH_USER.

This is bogus; username exists, because servers running Samba 3.0.23d
work just fine:

$ smbclient -k -L //other-server
OS=[Unix] Server=[Samba 3.0.23d-0.1]

        Sharename       Type      Comment
        ---------       ----      -------
        ...

$ smbclient -U username -L //other-server
Password: 
Domain=[OURDOMAIN] OS=[Unix] Server=[Samba 3.0.23d-0.1]

        Sharename       Type      Comment
        ---------       ----      -------
        ...

Looking at Bugzilla, I see many bug reports filed against 3.0.25, most
of which involve authentication issues.  I don't see a report for this
particular issue, though.

Is anyone else seeing this problem?