[Samba] samba 3.0.24 works - samba 3.0.25 fails

Ryan Novosielski novosirj at umdnj.edu
Thu Jan 17 21:21:16 GMT 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael Folsom wrote:
> Folks:
> 
> I've got several systems attached to a 2003 domain where we use
> kerberos to authenticate.
> 
> When I upgraded a system to the latest greatest samba things stopped
> working.  Just to find where it happened in the different versions of
> samba I downloaded, built, & ran 3.0.23d to 3.0.25c using the same
> smb.conf file.  Turns out the 2.0.23d and 3.0.24 works but from 3.0.25
> on it fails.  When it fails it prompts users to login and the system
> isn't in the proper domain any more so not sure where the issue is.
> I've looked at the 25 change log but frankly don't see anything
> obvious that would have caused this......
> 
> Here's the globals section of my smb.conf file:
> 
> [global]
> workgroup = XYZ
> interfaces = 1xx.2xx.9.5/24
> comment = Timmy, Samba Server version %v
> #status = yes
> browseable = yes
> guest account = nobody
> invalid users = root, daemon
> hosts allow = 1xx.2xx. 127.
> lock directory = /var/lock/subsys/smb
> log file = /var/log/samba/%m.log
> syslog = 1
> getwd cache = yes
> socket options = TCP_NODELAY
> keep alive = 3600
> dead time = 30
> locking = yes
> security = server
> #
> ntlm auth = no
> lanman auth = no
> client lanmn auth = no
> client ntlmv2 auth = yes
> #
> password server = xxxxxx.yyy.zzzzz.org
> local master = no
> os level = 33
> domain master = no
> preferred master = no
> wins support = no
> wins server = 1xx.2xx.181.100
> dns proxy = no
> #client code page = 437
> netbios aliases = timmy
> 
> -----------------------------------------------------------------------------------------------
>>From the log files..........
> /var/log/samba/winxpclient.log file:
> 
> ....when it works ......
> [2008/01/16 17:21:13, 1] smbd/service.c:make_connection_snum(950)
>   jarosa (1xx.2xx.9.58) connect to service MWFOLSOM initially as user
> mwfolsom (uid=4231, gid=100) (pid 2914)
> [2008/01/16 17:21:39, 1] smbd/service.c:close_cnum(1150)
>   jarosa (1xx.2xx.9.58) closed connection to service MWFOLSOM
> ....when it fails .....
> [2008/01/16 17:35:47, 1] auth/auth_server.c:check_smbserver_security(362)
>   password server XXXXXX.YYY.ZZZZZZ.ORG rejected the password:
> NT_STATUS_LOGON_FAILURE
> [2008/01/16 17:35:47, 1] auth/auth_server.c:check_smbserver_security(362)
>   password server XXXXXX.YYY.ZZZZZZ.ORG rejected the password:
> NT_STATUS_LOGON_FAILURE
> [2008/01/16 17:35:50, 1] auth/auth_server.c:check_smbserver_security(362)
>   password server XXXXXX.YYY.ZZZZZZ.ORG rejected the password:
> NT_STATUS_LOGON_FAILURE
> [2008/01/16 17:35:50, 1] auth/auth_server.c:check_smbserver_security(362)
>   password server XXXXXX.YYY.ZZZZZZ.ORG rejected the password:
> NT_STATUS_LOGON_FAILURE
> [2008/01/16 17:35:50, 1] auth/auth_server.c:check_smbserver_security(362)
>   password server XXXXXX.YYY.ZZZZZZ.ORG rejected the password:
> NT_STATUS_LOGON_FAILURE
> [2008/01/16 17:35:50, 1] auth/auth_server.c:check_smbserver_security(362)
>   password server XXXXXX.YYY.ZZZZZZ.ORG rejected the password:
> NT_STATUS_LOGON_FAILURE
> [2008/01/16 17:35:50, 1] auth/auth_server.c:check_smbserver_security(362)
>   password server XXXXXX.YYY.ZZZZZZ.ORG rejected the password:
> NT_STATUS_LOGON_FAILURE
> [2008/01/16 17:35:50, 1] auth/auth_server.c:check_smbserver_security(362)
>   password server XXXXXX.YYY.ZZZZZZ.ORG rejected the password:
> NT_STATUS_ACCOUNT_LOCKED_OUT
> [2008/01/16 17:36:00, 1] auth/auth_server.c:check_smbserver_security(362)
>   password server XXXXXX.YYY.ZZZZZZ.ORG rejected the password:
> NT_STATUS_ACCOUNT_LOCKED_OUT
> [2008/01/16 17:36:00, 1] auth/auth_server.c:check_smbserver_security(362)
>   password server XXXXXX.YYY.ZZZZZZ.ORG rejected the password:
> NT_STATUS_ACCOUNT_LOCKED_OUT
> 
> /var/log/smbd.log
> [2008/01/16 17:34:39, 0] smbd/server.c:main(986)
>   standard input is not a socket, assuming -D option
> [2008/01/16 17:34:40, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(241)
>   startsmbfilepwent_internal: file /usr/local/samba/private/smbpasswd
> did not exist. File successfully created.

Did you lose your domain SID somehow? I think this is held in secrets.tdb.

- --
 ---- _  _ _  _ ___  _  _  _
 |Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Systems Programmer II
 |$&| |__| |  | |__/ | \| _| |novosirj at umdnj.edu - 973/972.0922 (2-0922)
 \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD4DBQFHj8bMmb+gadEcsb4RAnXrAJj+MIpmvPiDMNRuGkhIHGLHgPlyAJ9VUjRJ
7NKNzNRmJQFe2ybjiPupzg==
=rSSU
-----END PGP SIGNATURE-----

More information about the samba mailing list