Bug 10805 - All AD accounts disabled after upgrading to samba 4.2
Summary: All AD accounts disabled after upgrading to samba 4.2
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: unspecified
Hardware: x64 Linux
: P5 major (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
Depends on:
Blocks: 10077
  Show dependency treegraph
Reported: 2014-09-09 19:00 UTC by Benoit
Modified: 2014-10-13 10:39 UTC (History)
1 user (show)

See Also:

Part of samba log file (4.79 KB, application/octet-stream)
2014-09-09 19:00 UTC, Benoit
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Benoit 2014-09-09 19:00:19 UTC
Created attachment 10275 [details]
Part of samba log file

Impossible to log on with the workstations or to use RSAT tools on my Windows computer to administer Domain users and computers. Username/password refused.
When looking at the log files, we can see this when trying to use a AD user account credential 

Attribute msDS-User-Account-Control-Computed not found, disabling account CN=Administrator,CN=Users,DC=delmelle,DC=net!

It seems that all accounts have been disabled. The same message appears after every user in the list when trying to do
pdbedit --list --verbose

When trying to manually modify the user attributes (without 'D' that means Disabled)
pdbedit --user=Administrator --modify -c UX

the same message appears two times and when the users are listed again, the 'D' flag is always on
Usage of 'samba-tool dbcheck' has been done. No errors found.
Expected result : accounts should not be disabled.
I must stop the samba service, so I can locally logon to the workstations...roaming profiles and shares naturally don't work anymore.

Linux server is Debian 8.0 x64, client is Windows 8.1 Pro x64
Samba version is samba4.2.0-pre1