[Samba] Problem while log on: Windows Server 2008 R2 in samba domain
Alexander Födisch
foedisch at eva.mpg.de
Mon Nov 14 00:39:53 MST 2011
an upgrade to Samba 3.5.12 on both domain controllers resolved this issue.
Best
Alex
Am 08.11.2011 09:44, schrieb Alexander Födisch:
> Hi,
>
> I have a strange problem with a Windows Server 2008 R2-System as a member of a samba domain (Samba-Version on PDC:
> 3.4.12).
> Join was successfully, but when I log on Windows I got an error "Unknown user name or bad password." (Event ID 4625).
>
>
>
> Here an abstract of logfile for Windows Server 2008 R2-System (log level 10). Maybe some of you has an idea:
> ------------------------------------------------------------------------------------
> [2011/11/07 16:37:15, 9] passdb/passdb.c:2245(pdb_increment_bad_password_count)
> No lockout policy, don't track bad passwords
> [2011/11/07 16:37:15, 3] smbd/sec_ctx.c:210(push_sec_ctx)
> push_sec_ctx(999, 514) : sec_ctx_stack_ndx = 1
> [2011/11/07 16:37:15, 3] smbd/uid.c:428(push_conn_ctx)
> push_conn_ctx(100) : conn_ctx_stack_ndx = 0
> [2011/11/07 16:37:15, 3] smbd/sec_ctx.c:310(set_sec_ctx)
> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2011/11/07 16:37:15, 5] auth/token_util.c:522(debug_nt_user_token)
> NT user token: (NULL)
> [2011/11/07 16:37:15, 5] auth/token_util.c:548(debug_unix_user_token)
> UNIX token of user 0
> Primary group is 0 and contains 0 supplementary groups
> [2011/11/07 16:37:15, 4] passdb/pdb_ldap.c:2015(ldapsam_update_sam_account)
> ldapsam_update_sam_account: user foedisch to be modified has dn: uid=foedisch,dc=xxx,dc=xxx,dc=xx
> [2011/11/07 16:37:15, 2] passdb/pdb_ldap.c:1199(init_ldap_from_sam)
> init_ldap_from_sam: Setting entry for user: foedisch
> [2011/11/07 16:37:15, 4] passdb/pdb_ldap.c:2029(ldapsam_update_sam_account)
> ldapsam_update_sam_account: mods is empty: nothing to update for user: foedisch
> [2011/11/07 16:37:15, 3] smbd/sec_ctx.c:418(pop_sec_ctx)
> pop_sec_ctx (999, 514) - sec_ctx_stack_ndx = 0
> [2011/11/07 16:37:15, 5] auth/auth.c:274(check_ntlm_password)
> check_ntlm_password: sam authentication for user [foedisch] FAILED with error NT_STATUS_WRONG_PASSWORD
> [....]
> [2011/11/07 16:37:15, 5] rpc_server/srv_netlog_nt.c:1041(_netr_LogonSamLogon)
> _netr_LogonSamLogon: check_password returned status NT_STATUS_WRONG_PASSWORD
> [2011/11/07 16:37:15, 1] ../librpc/ndr/ndr.c:251(ndr_print_function_debug)
> netr_LogonSamLogon: struct netr_LogonSamLogon
> out: struct netr_LogonSamLogon
> return_authenticator : *
> return_authenticator: struct netr_Authenticator
> cred: struct netr_Credential
> data : fafde2c3dc0af8fc
> timestamp : Mon Nov 7 16:38:40 2011 CET
> validation : *
> validation : union netr_Validation(case 3)
> sam3 : *
> sam3: struct netr_SamInfo3
> base: struct netr_SamBaseInfo
> last_logon : NTTIME(0)
> last_logoff : NTTIME(0)
> acct_expiry : NTTIME(0)
> last_password_change : NTTIME(0)
> allow_password_change : NTTIME(0)
> force_password_change : NTTIME(0)
> account_name: struct lsa_String
> length : 0x0000 (0)
> size : 0x0000 (0)
> string : NULL
> full_name: struct lsa_String
> length : 0x0000 (0)
> size : 0x0000 (0)
> string : NULL
> logon_script: struct lsa_String
> length : 0x0000 (0)
> size : 0x0000 (0)
> string : NULL
> profile_path: struct lsa_String
> length : 0x0000 (0)
> size : 0x0000 (0)
> string : NULL
> home_directory: struct lsa_String
> length : 0x0000 (0)
> size : 0x0000 (0)
> string : NULL
> home_drive: struct lsa_String
> length : 0x0000 (0)
> size : 0x0000 (0)
> string : NULL
> logon_count : 0x0000 (0)
> bad_password_count : 0x0000 (0)
> rid : 0x00000000 (0)
> primary_gid : 0x00000000 (0)
> groups: struct samr_RidWithAttributeArray
> count : 0x00000000 (0)
> rids : NULL
> user_flags : 0x00000000 (0)
> 0: NETLOGON_GUEST
> 0: NETLOGON_NOENCRYPTION
> 0: NETLOGON_CACHED_ACCOUNT
> 0: NETLOGON_USED_LM_PASSWORD
> 0: NETLOGON_EXTRA_SIDS
> 0: NETLOGON_SUBAUTH_SESSION_KEY
> 0: NETLOGON_SERVER_TRUST_ACCOUNT
> 0: NETLOGON_NTLMV2_ENABLED
> 0: NETLOGON_RESOURCE_GROUPS
> 0: NETLOGON_PROFILE_PATH_RETURNED
> 0: NETLOGON_GRACE_LOGON
> key: struct netr_UserSessionKey
> key : 00000000000000000000000000000000
> logon_server: struct lsa_StringLarge
> length : 0x0000 (0)
> size : 0x0000 (0)
> string : NULL
> domain: struct lsa_StringLarge
> length : 0x0000 (0)
> size : 0x0000 (0)
> string : NULL
> domain_sid : NULL
> LMSessKey: struct netr_LMSessionKey
> key : 0000000000000000
> acct_flags : 0x00000000 (0)
> 0: ACB_DISABLED
> 0: ACB_HOMDIRREQ
> 0: ACB_PWNOTREQ
> 0: ACB_TEMPDUP
> 0: ACB_NORMAL
> 0: ACB_MNS
> 0: ACB_DOMTRUST
> 0: ACB_WSTRUST
> 0: ACB_SVRTRUST
> 0: ACB_PWNOEXP
> 0: ACB_AUTOLOCK
> 0: ACB_ENC_TXT_PWD_ALLOWED
> 0: ACB_SMARTCARD_REQUIRED
> 0: ACB_TRUSTED_FOR_DELEGATION
> 0: ACB_NOT_DELEGATED
> 0: ACB_USE_DES_KEY_ONLY
> 0: ACB_DONT_REQUIRE_PREAUTH
> 0: ACB_PW_EXPIRED
> 0: ACB_NO_AUTH_DATA_REQD
> unknown: ARRAY(7)
> unknown : 0x00000000 (0)
> unknown : 0x00000000 (0)
> unknown : 0x00000000 (0)
> unknown : 0x00000000 (0)
> unknown : 0x00000000 (0)
> unknown : 0x00000000 (0)
> unknown : 0x00000000 (0)
> sidcount : 0x00000000 (0)
> sids : NULL
> authoritative : *
> authoritative : 0x01 (1)
> result : NT_STATUS_WRONG_PASSWORD
> ------------------------------------------------------------------------------------
>
>
>
>
> ~ # ldapsearch -x -H ldaps://<pdc> -D uid=xxx,dc=xxx,dc=xxx,dc=xxx -W -LLL '(sambaDomainName=EVAN)'
> Enter LDAP Password:
>
> dn: sambaDomainName=EVAN,dc=xxx,dc=xxx,dc=xx
> objectClass: sambaDomain
> objectClass: sambaUnixIdPool
> sambaDomainName: EVAN
> sambaSID: S-1-5-21-1042031166-387543594-2118856591
> sambaMinPwdAge: 0
> sambaMaxPwdAge: -1
> sambaLockoutThreshold: 0
> sambaMinPwdLength: 5
> sambaLogonToChgPwd: 0
> sambaForceLogoff: -1
> sambaLockoutDuration: 30
> sambaLockoutObservationWindow: 30
> sambaRefuseMachinePwdChange: 0
> sambaPwdHistoryLength: 0
> gidNumber: 3616
> sambaNextRid: 1183
> uidNumber: 12704
>
>
>
>
> Thank you!
>
> Best,
> Alex
>
>
>
>
>
>
>
>
>
>
More information about the samba
mailing list