[Samba] samba 3.2.3: win2k join fails, xp join works

Simone 3nomis at gmail.com
Tue Oct 28 22:35:17 GMT 2008 

Hi,

 I recently upgraded my pdc server(samba3.0.x+ldap)  to debian lenny(
samba 3.2.3).
After the upgrade, the win2k join is no longer working and returns
"Logon failure: the User Name unknown or bad password".
The Xp join works properly.

The same thing seems to be happen to other users; same problem and same logs:
http://www.nabble.com/Problem-on-Update-Samba-3.0.31-to-Samba-3.2.3-to19797123.html#a19797123

I also tried upgrading to samba 3.2.4 ( i read that it fixes some
bug..) but the problem still remains :(

I would not to downgrade to 3.0.x but at the moment it seems to be the
only solution :-/

any idea ?

TIA,
  Simone

ps.
below my packages version / configuration.

Packages version:

samba 2:3.2.3-3
samba-common 2:3.2.3-3
smbclient 2:3.2.3-3
smbldap-tools 0.9.4-1
libcrypt-smbhash-perl 0.12-2


/etc/samba/smb.conf::
---cut---
[global]
  workgroup = DOMINIO
  netbios name = srv-dominio
  server string = %h
  dns proxy = No
  bind interfaces only = Yes
  interfaces = lo, eth1
  smb ports = 139

### registra i logon via samba
  utmp = Yes
  utmp directory = /var/log/samba/utmp
  wtmp directory = /var/log/samba/wtmp

### evita l'apertura di notepad con un file desktop.ini
  hide files = /desktop.ini/ntuser.ini/NTUSER.*/

### conserva i permessi e i privilegi dei file dell'utente
  inherit acls = yes
  inherit owner = yes

  log file = /var/log/samba/log.%m
  max log size = 1000
  syslog = 0
  log level = 4

  security = user
  encrypt passwords = true
  passdb backend = ldapsam:ldap://127.0.0.1/
  obey pam restrictions = no
  deadtime = 15
  browseable = no

  wins support = Yes
  name resolve order = lmhosts host wins bcast

  local master = yes
  domain master = Yes
  preferred master = Yes
  os level = 254
  domain logons = Yes

  unix password sync = no
  enable privileges = yes
  passwd program = /usr/sbin/smbldap-passwd %u
  passwd chat = *New*password* %n\n *Retype*new*password* %n\n
  socket options = TCP_NODELAY, SO_KEEPALIVE

  ldap ssl = no
  ldap passwd sync = yes
  ldap machine suffix = ou=Computers
  ldap idmap suffix = ou=Idmaps
  ldap group suffix = ou=Groups
  ldap user suffix = ou=People
  ldap suffix = dc=isi,dc=lan
  ldap delete dn = Yes
  ldap admin dn = cn=admin,dc=isi,dc=lan

  logon home = \\%N\%U\.\\.profili\%a
  logon drive = H:
  logon path = \\%N\%U\.profili\%a
  logon script = logon.bat

  add machine script = /usr/sbin/smbldap-useradd -w  "%m"
  set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
  delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
  add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
  delete group script = /usr/sbin/smbldap-groupdel "%g"
  add group script = /usr/sbin/smbldap-groupadd -p "%g"
  delete user script = /usr/sbin/smbldap-userdel "%u"
  add user script = /usr/sbin/smbldap-useradd -m "%u"

  check password script = /usr/bin/crackcheck -s

  panic action = /usr/share/samba/panic-action %d

[homes]
  comment = ISI-homes (NON MODIFICARE QUESTA RIGA)
  browseable = no
  writable = yes
  guest ok = no
  veto files = /public_html/

[perl]
  path = /usr/share/WinActivePerl
  comment = Per Windows Binaries
  public = yes
  writable = no
  guest ok = yes
  browseable = no


[netlogon]
   comment = ISI-NetLogon (NON MODIFICARE QUESTA RIGA)
   path = /home/samba/netlogon
   guest ok = yes
   browseable = no
   create mask = 0644
   directory mask = 0755
   writable = yes
   root preexec=/usr/sbin/setlogonvar '%U' '%G' '%m'
   root postexec=/usr/sbin/rmlogonvar '%m'
---cut---



/etc/smbldap-tools/smbldap.conf:
---cut---
SID="S-1-5-21-1479175027-3375466229-471917732"
slaveLDAP="127.0.0.1"
slavePort="389"
masterLDAP="127.0.0.1"
masterPort="389"
ldapTLS="0"
suffix="dc=isi,dc=lan"
usersdn="ou=People,dc=isi,dc=lan"
computersdn="ou=Computers,dc=isi,dc=lan"
groupsdn="ou=Groups,dc=isi,dc=lan"
idmapdn="ou=Idmap,dc=isi,dc=lan"
sambaUnixIdPooldn="sambaDomainName=DOMINIO,dc=isi,dc=lan"
scope="sub"
hash_encrypt="SSHA"
crypt_salt_format="%s"
userLoginShell="/bin/bash"
userHome="/home/%U"
userGecos="System User"
defaultUserGid="513"
defaultComputerGid="515"
skeletonDir="/etc/skel"
defaultMaxPasswordAge="99"
userSmbHome=""
userProfile=""
userHomeDrive=""
mailDomain="isi.lan
with_smbpasswd="0"
smbpasswd="/usr/bin/smbpasswd"
defaultComputerGid0="515"
---cut---

More information about the samba mailing list