Bug 1070 - Can't authenticate
Summary: Can't authenticate
Status: RESOLVED WONTFIX
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: Upgrade (show other bugs)
Version: 3.0.2
Hardware: All Solaris
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact:
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-02-12 14:30 UTC by Mike Moya
Modified: 2005-11-14 09:25 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mike Moya 2004-02-12 14:30:13 UTC
After upgrading 3.0.1 to 3.0.2 nobody can authenticate and mount volumes. 
Here is how both version are compiled:

./configure  \
  --prefix=/usr/local/etc/samba \
  --bindir=/usr/local/etc/samba \
  --sbindir=/usr/local/etc/samba \
  --libexecdir=/usr/local/lib/samba \
  --datadir=/usr/local/lib/samba \
  --sysconfdir=/usr/local/lib/samba \
  --sharedstatedir=/usr/local/lib/samba \
  --localstatedir=/usr/local/lib/samba \
  --libdir=/usr/local/lib/samba \
  --infodir=/usr/local/lib/samba \
  --with-privatedir=/etc  \
  --with-swatdir=/usr/local/etc/samba  \
  --enable-fast-install \
  --with-libiconv=/usr/local \
  --without-syslog \
  --without-winbind \
  --with-lockdir=/var/samba \
  --with-logfilebase=/var/samba \
  --with-configdir=/etc

We maintain a /etc/sbpasswd with the login:passwd pairs. Here is are the global
parameters in /etc/smb.conf:

[global]
   socket options = TCP_NODELAY IPTOS_LOWDELAY
   getwd cache = yes
   printcap name = /etc/lp/smb_printerlist
   nt acl support = no
   printing = sysv
   load printers = yes
   printer admin = @ecnprint
   unix charset = ISO-8859-1
   show add printer wizard = yes
   netbios name = harbor
   log level = 10
   deadtime = 10
   workgroup = ECN
   local master = no
   wins server = 128.46.154.113
   remote announce = 128.46.154.113
   remote browse sync = 128.46.154.113
   encrypt passwords = yes
   interfaces = 128.46.154.76/24 

I set logging to level 10 and grabbed part of the failed session fromk my test
machine (WindowsXP):

[2004/02/12 16:19:33, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(616)
  Got user=[moyman] domain=[HALETOSIS] workstation=[HALETOSIS] len1=24 len2=24
[2004/02/12 16:19:33, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(66)
  auth_context challenge set by NTLMSSP callback (NTLM2)
[2004/02/12 16:19:33, 5] auth/auth_ntlmssp.c:auth_ntlmssp_set_challenge(67)
  challenge is:
[2004/02/12 16:19:33, 5] lib/util.c:dump_data(1830)
  [000] DC F8 8A 8F E2 DE F6 05                           ........
[2004/02/12 16:19:33, 6] param/loadparm.c:lp_file_list_changed(2653)
  lp_file_list_changed()
  file /etc/smb.conf -> /etc/smb.conf  last mod_time: Thu Feb 12 16:17:53 2004

[2004/02/12 16:19:33, 5] auth/auth_util.c:make_user_info_map(216)
  make_user_info_map: Mapping user [HALETOSIS]\[moyman] from workstation [HALETOSIS]
[2004/02/12 16:19:33, 5] auth/auth_util.c:make_user_info(132)
  attempting to make a user_info for moyman (moyman)
[2004/02/12 16:19:33, 5] auth/auth_util.c:make_user_info(142)
  making strings for moyman's user_info struct
[2004/02/12 16:19:33, 5] auth/auth_util.c:make_user_info(184)
  making blobs for moyman's user_info struct
[2004/02/12 16:19:33, 10] auth/auth_util.c:make_user_info(193)
  made an encrypted user_info for moyman (moyman)
[2004/02/12 16:19:33, 3] auth/auth.c:check_ntlm_password(219)
  check_ntlm_password:  Checking password for unmapped user
[HALETOSIS]\[moyman]@[HALETOSIS] with
the new password interface
[2004/02/12 16:19:33, 3] auth/auth.c:check_ntlm_password(222)
  check_ntlm_password:  mapped user is: [HARBOR]\[moyman]@[HALETOSIS]
[2004/02/12 16:19:33, 10] auth/auth.c:check_ntlm_password(231)
  check_ntlm_password:  mapped user is: [HARBOR]\[moyman]@[HALETOSIS]
[2004/02/12 16:19:33, 10] auth/auth.c:check_ntlm_password(231)
  check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2)
[2004/02/12 16:19:33, 10] auth/auth.c:check_ntlm_password(233)
  challenge is:
[2004/02/12 16:19:33, 5] lib/util.c:dump_data(1830)
  [000] DC F8 8A 8F E2 DE F6 05                           ........
[2004/02/12 16:19:33, 10] auth/auth.c:check_ntlm_password(259)
  check_ntlm_password: guest had nothing to say
[2004/02/12 16:19:33, 8] lib/util.c:is_myname(1678)
  is_myname("HARBOR") returns 1
[2004/02/12 16:19:33, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2004/02/12 16:19:33, 3] smbd/uid.c:push_conn_ctx(287)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2004/02/12 16:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/02/12 16:19:33, 5] auth/auth_util.c:debug_nt_user_token(486)
  NT user token: (NULL)
[2004/02/12 16:19:33, 5] auth/auth_util.c:debug_unix_user_token(505)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2004/02/12 16:19:33, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1297)
  getsampwnam (smbpasswd): search by name: moyman
[2004/02/12 16:19:33, 10] passdb/pdb_smbpasswd.c:startsmbfilepwent(179)
  startsmbfilepwent_internal: opening file /etc/smbpasswd
[2004/02/12 16:19:33, 10] passdb/pdb_smbpasswd.c:getsmbfilepwent(441)
  getsmbfilepwent: LM password for user 3ksnn64 invalidated
[2004/02/12 16:19:33, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(468)
  getsmbfilepwent: returning passwd entry for user 3ksnn64, uid 419
[2004/02/12 16:19:33, 5] passdb/pdb_smbpasswd.c:getsmbfilepwent(468)
  getsmbfilepwent: returning passwd entry for user aaesite, uid 63301
..etc...
  getsmbfilepwent: returning passwd entry for user moyman, uid 19350
[2004/02/12 16:19:33, 7] passdb/pdb_smbpasswd.c:endsmbfilepwent(291)
  endsmbfilepwent_internal: closed password file.
[2004/02/12 16:19:33, 10] passdb/pdb_smbpasswd.c:smbpasswd_getsampwnam(1319)
  getsampwnam (smbpasswd): found by name: moyman
[2004/02/12 16:19:33, 10] passdb/pdb_get_set.c:pdb_set_username(593)
  pdb_set_username: setting username moyman, was
[2004/02/12 16:19:33, 10] passdb/pdb_get_set.c:pdb_set_init_flags(493)
  element 11 -> now SET
[2004/02/12 16:19:33, 10] passdb/pdb_get_set.c:pdb_set_fullname(674)
  pdb_set_full_name: setting full name James M Moya, was
[2004/02/12 16:19:33, 10] passdb/pdb_get_set.c:pdb_set_init_flags(493)
  element 12 -> now SET
[2004/02/12 16:19:33, 10] passdb/pdb_get_set.c:pdb_set_unix_homedir(809)
  pdb_set_unix_homedir: setting home dir /home/golfer/a/moyman, was NULL
[2004/02/12 16:19:33, 10] passdb/pdb_get_set.c:pdb_set_init_flags(493)
  element 21 -> now SET
[2004/02/12 16:19:33, 10] passdb/pdb_get_set.c:pdb_set_domain(620)
  pdb_set_domain: setting domain HARBOR, was
[2004/02/12 16:19:33, 10] passdb/pdb_get_set.c:pdb_set_user_sid(520)
  pdb_set_user_sid: setting user sid S-1-5-21-1668370130-1511059546-3872610761-39700
[2004/02/12 16:19:33, 10] passdb/pdb_get_set.c:pdb_set_init_flags(493)
  element 17 -> now SET
[2004/02/12 16:19:33, 10] passdb/pdb_compat.c:pdb_set_user_sid_from_rid(73)
  pdb_set_user_sid_from_rid:
        setting user sid S-1-5-21-1668370130-1511059546-3872610761-39700 from
rid 39700
[2004/02/12 16:19:33, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2004/02/12 16:19:33, 3] smbd/uid.c:push_conn_ctx(287)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2004/02/12 16:19:33, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2004/02/12 16:19:33, 5] auth/auth_util.c:debug_nt_user_token(486)
  NT user token: (NULL)
[2004/02/12 16:19:33, 5] auth/auth_util.c:debug_unix_user_token(505)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2004/02/12 16:19:33, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/02/12 16:19:33, 10] passdb/pdb_get_set.c:pdb_set_group_sid(556)
  pdb_set_group_sid: setting group sid
S-1-5-21-1668370130-1511059546-3872610761-1003
[2004/02/12 16:19:33, 10] passdb/pdb_get_set.c:pdb_set_init_flags(493)
  element 18 -> now SET
[2004/02/12 16:19:33, 10] passdb/pdb_compat.c:pdb_set_group_sid_from_rid(100)
  pdb_set_group_sid_from_rid:
        setting group sid S-1-5-21-1668370130-1511059546-3872610761-1003 from
rid 1003
[2004/02/12 16:19:33, 4] lib/substitute.c:automount_server(318)
  Home server: harbor
[2004/02/12 16:19:33, 10] passdb/pdb_get_set.c:pdb_set_profile_path(728)
  pdb_set_profile_path: setting profile path \\harbor\moyman\profile, was
[2004/02/12 16:19:33, 4] lib/substitute.c:automount_server(318)
  Home server: harbor
[2004/02/12 16:19:33, 10] passdb/pdb_get_set.c:pdb_set_homedir(782)
  pdb_set_homedir: setting home dir \\harbor\moyman, was
[2004/02/12 16:19:33, 10] passdb/pdb_get_set.c:pdb_set_dir_drive(755)
  pdb_set_dir_drive: setting dir drive , was NULL
[2004/02/12 16:19:33, 10] passdb/pdb_get_set.c:pdb_set_logon_script(701)
  pdb_set_logon_script: setting logon script , was
[2004/02/12 16:19:33, 10] passdb/pdb_get_set.c:pdb_set_init_flags(493)
  element 32 -> now SET
[2004/02/12 16:19:33, 10] passdb/pdb_get_set.c:pdb_set_init_flags(493)
  element 31 -> now SET
[2004/02/12 16:19:33, 10] passdb/pdb_get_set.c:pdb_set_init_flags(493)
  element 19 -> now SET
[2004/02/12 16:19:33, 10] passdb/pdb_get_set.c:pdb_set_init_flags(493)
  element 20 -> now SET
[2004/02/12 16:19:33, 10] passdb/pdb_get_set.c:pdb_set_init_flags(493)
  element 8 -> now SET
[2004/02/12 16:19:33, 10] passdb/pdb_get_set.c:pdb_set_init_flags(493)
  element 31 -> now SET
[2004/02/12 16:19:33, 10] passdb/pdb_get_set.c:pdb_set_init_flags(493)
  element 32 -> now SET
[2004/02/12 16:19:33, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/02/12 16:19:33, 3] libsmb/ntlm_check.c:ntlm_password_check(182)
  ntlm_password_check: NO NT password stored for user moyman.
[2004/02/12 16:19:33, 3] libsmb/ntlm_check.c:ntlm_password_check(294)
  ntlm_password_check: NEITHER LanMan nor NT password supplied for user moyman
[2004/02/12 16:19:33, 5] auth/auth.c:check_ntlm_password(271)
  check_ntlm_password: sam authentication for user [moyman] FAILED with error
NT_STATUS_WRONG_PASS
WORD
[2004/02/12 16:19:33, 2] auth/auth.c:check_ntlm_password(312)
  check_ntlm_password:  Authentication for user [moyman] -> [moyman] FAILED with
error NT_STATUS_W
RONG_PASSWORD
[2004/02/12 16:19:33, 5] auth/auth_util.c:free_user_info(1278)
  attempting to free (and zero) a user_info structure
[2004/02/12 16:19:33, 10] auth/auth_util.c:free_user_info(1281)
  structure was created for moyman
[2004/02/12 16:19:33, 6] lib/util_sock.c:write_socket(407)
  write_socket(6,98)
[2004/02/12 16:19:33, 6] lib/util_sock.c:write_socket(410)
  write_socket(6,98) wrote 98
[2004/02/12 16:19:38, 10] lib/util_sock.c:read_smb_length_return_keepalive(463)
  got smb length of 39

Now, if I re-install version 3.0.1 I can log in just fine? I have probably been
using this password file since version 1.X of samba and have never had an
authentication issue? Have I missed something in the docs?
--mike
Comment 1 Gerald (Jerry) Carter (dead mail address) 2004-03-04 09:51:06 UTC
See the WHATSNEW in 3.0.2a.  I think your smbpasswd file 
needs to be cleaned up.  Marking this as won't fix becuase 
the current behavior is by design.  acccounts with a lct time 
of 0 (or not lct) are disabled.
Comment 2 Gerald (Jerry) Carter (dead mail address) 2005-11-14 09:25:00 UTC
database cleanup