The Samba-Bugzilla – Bug 10805
All AD accounts disabled after upgrading to samba 4.2
Last modified: 2014-10-13 10:39:31 UTC
Created attachment 10275 [details]
Part of samba log file
Impossible to log on with the workstations or to use RSAT tools on my Windows computer to administer Domain users and computers. Username/password refused.
When looking at the log files, we can see this when trying to use a AD user account credential
Attribute msDS-User-Account-Control-Computed not found, disabling account CN=Administrator,CN=Users,DC=delmelle,DC=net!
It seems that all accounts have been disabled. The same message appears after every user in the list when trying to do
pdbedit --list --verbose
When trying to manually modify the user attributes (without 'D' that means Disabled)
pdbedit --user=Administrator --modify -c UX
the same message appears two times and when the users are listed again, the 'D' flag is always on
Usage of 'samba-tool dbcheck' has been done. No errors found.
Expected result : accounts should not be disabled.
I must stop the samba service, so I can locally logon to the workstations...roaming profiles and shares naturally don't work anymore.
Linux server is Debian 8.0 x64, client is Windows 8.1 Pro x64
Samba version is samba4.2.0-pre1