Bug 11865 - usrmgr.exe from WRTK is no longer working
Summary: usrmgr.exe from WRTK is no longer working
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: DCE-RPCs and pipes (show other bugs)
Version: 4.3.8
Hardware: x64 All
: P5 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
Depends on:
Reported: 2016-04-21 06:32 UTC by Stasiak, Krzysztof
Modified: 2016-04-30 11:09 UTC (History)
1 user (show)

See Also:

Log Samba Level 10 (150.23 KB, text/plain)
2016-04-28 07:40 UTC, Stasiak, Krzysztof
no flags Details
Samba Configuration file (5.36 KB, text/plain)
2016-04-28 07:54 UTC, Stasiak, Krzysztof
no flags Details
Samba Log - Level 10 (555.85 KB, text/plain)
2016-04-30 10:58 UTC, Stasiak, Krzysztof
no flags Details
tshark log from server (288 bytes, application/octet-stream)
2016-04-30 10:59 UTC, Stasiak, Krzysztof
no flags Details
wireshark log from client (159.23 KB, application/octet-stream)
2016-04-30 10:59 UTC, Stasiak, Krzysztof
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Stasiak, Krzysztof 2016-04-21 06:32:41 UTC
After upgrade to 4.3.8 i can't use usrmgr.exe to manage users/groups. 
When I run aplication, it give me message: 
" User Manager for Domains cannot be used to manage a windows 2000 or higer domain."

What can i do? Do I need to change tdb to LDAP ?

I set this option, but still not working:

        allow nt4 crypto = yes

        require strong key = false
        winbind sealed pipes = false
        winbind expand groups = 10

I downgrade then to 4.1.6 and everythink was working ok.
Comment 1 Stefan Metzmacher 2016-04-28 01:54:56 UTC
We need more details. Are you using an nt4 style (classic) dc or
and active directory dc?

Can you upload a level 10 log together this a capture?
See https://wiki.samba.org/index.php/Capture_Packets,
we need traffic on all ports.

Does "allow dcerpc auth level connect = yes" fix the problem?
Comment 2 Stasiak, Krzysztof 2016-04-28 07:40:50 UTC
Created attachment 12038 [details]
Log Samba Level 10

File contain samba-log from server for client with is connecting to samba over User Manager.
Comment 3 Stasiak, Krzysztof 2016-04-28 07:54:13 UTC
Created attachment 12039 [details]
Samba Configuration file

Configuration file from server
Comment 4 Stasiak, Krzysztof 2016-04-28 07:58:58 UTC
Server is HP G8 with Ubuntu 14.04.4 LTS
Client is Windows Vista Bussiness x64.
Domain is NT-4 style with tdb storage.

In attachment are log from level 10 and configuration.
This is production system, and there are many connection from other clients.

Do you want log with wireshark on server or client side?
Comment 5 Stefan Metzmacher 2016-04-28 10:17:12 UTC
(In reply to Stasiak, Krzysztof from comment #4)

If possible both client and server side captures, but
either might be also enough, it's just important that
the log file contains the same session as the capture(s).
Comment 6 Stefan Metzmacher 2016-04-28 23:00:09 UTC
(In reply to Stefan Metzmacher from comment #5)

Looking at the log I can't find anything.

I think a client side capture would be the best together
with a server level 10 log and a server capture.

Can you also check if the problem maybe fixed with the patches from
bug #11849 ?
Comment 7 Stasiak, Krzysztof 2016-04-29 08:55:11 UTC
Ok, I will try this patch, and collect logs tommorow, when less users will be connected to this server.
Comment 8 Stasiak, Krzysztof 2016-04-30 10:58:30 UTC
Created attachment 12050 [details]
Samba Log - Level 10
Comment 9 Stasiak, Krzysztof 2016-04-30 10:59:13 UTC
Created attachment 12051 [details]
tshark log from server
Comment 10 Stasiak, Krzysztof 2016-04-30 10:59:38 UTC
Created attachment 12052 [details]
wireshark log from client
Comment 11 Stasiak, Krzysztof 2016-04-30 11:09:37 UTC
I upload a logs from server and client on the same time of capture. I dont patch samba because I have problem with compilation on Ubuntu (gnutls are installed but compiler say dependecies error). Maybe I do somethink wrong... I work on it.