We need more details. Are you using an nt4 style (classic) dc or
and active directory dc?

Can you upload a level 10 log together this a capture?
See https://wiki.samba.org/index.php/Capture_Packets,
we need traffic on all ports.

Does "allow dcerpc auth level connect = yes" fix the problem?

Created attachment 12038 [details]
Log Samba Level 10

File contain samba-log from server for client with is connecting to samba over User Manager.

Created attachment 12039 [details]
Samba Configuration file

Configuration file from server

Server is HP G8 with Ubuntu 14.04.4 LTS
Client is Windows Vista Bussiness x64.
Domain is NT-4 style with tdb storage.

In attachment are log from level 10 and configuration.
This is production system, and there are many connection from other clients.

Do you want log with wireshark on server or client side?

(In reply to Stasiak, Krzysztof from comment #4)

If possible both client and server side captures, but
either might be also enough, it's just important that
the log file contains the same session as the capture(s).

(In reply to Stefan Metzmacher from comment #5)

Looking at the log I can't find anything.

I think a client side capture would be the best together
with a server level 10 log and a server capture.

Can you also check if the problem maybe fixed with the patches from
bug #11849 ?

Ok, I will try this patch, and collect logs tommorow, when less users will be connected to this server.

Created attachment 12050 [details]
Samba Log - Level 10

Created attachment 12051 [details]
tshark log from server

Created attachment 12052 [details]
wireshark log from client

I upload a logs from server and client on the same time of capture. I dont patch samba because I have problem with compilation on Ubuntu (gnutls are installed but compiler say dependecies error). Maybe I do somethink wrong... I work on it.