Bug 4072 - Login fails sometimes when needing admin rights, but reproducible.
Summary: Login fails sometimes when needing admin rights, but reproducible.
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts (show other bugs)
Version: 3.0.23b
Hardware: x64 Linux
: P3 major
Target Milestone: none
Assignee: Gerald (Jerry) Carter (dead mail address)
QA Contact: Samba QA Contact
Depends on:
Reported: 2006-08-30 18:47 UTC by Mario Lipinski
Modified: 2006-09-06 18:38 UTC (History)
1 user (show)

See Also:

Full samba log (135.77 KB, application/gzip)
2006-08-30 18:54 UTC, Mario Lipinski
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Mario Lipinski 2006-08-30 18:47:33 UTC
I tried to login on Host GARGAMEL to Domain GSB with user admin at

GARGAMEL is running Windows 2000 SP4 Server and had a remote desktop
session for admin running which i whould have attached. Terminal
services are configured for admin mode.

The PDC for GSB is GARFIELD running Samba 3.0.23c-gwc-2.

The loggin attempt failed with the message I were not allowed to login
to the session, which means I have no admin rights. The password was
already verified then.

There are no conflicts with other users. After restarting Samba (a few
times), login succeeds.

Information about my system users, groups, groupmembership and groupmapping:

# getent passwd admin

$ getent group admin
$ getent group gsb

# net groupmap list
admin (S-1-5-21-4092459118-2595994810-1099795350-512) -> admin
guests (S-1-5-21-4092459118-2595994810-1099795350-514) -> guests
gsb (S-1-5-21-4092459118-2595994810-1099795350-513) -> gsb
bib-admins (S-1-5-21-4092459118-2595994810-1099795350-11099) -> bib-admins
bibliothek (S-1-5-21-4092459118-2595994810-1099795350-11001) -> bibliothek
Comment 1 Mario Lipinski 2006-08-30 18:54:47 UTC
Created attachment 2118 [details]
Full samba log

I attach a full debug level 10 smbd log from samba start till samba stop.

One thing I noticed are entries about the group with gid 60000 (gsb). User admin is not member of this group.
Comment 2 Gerald (Jerry) Carter (dead mail address) 2006-09-06 08:14:41 UTC
Mario,  would you mind testing 3.0.23c.  I had one final fix 
between the patch-gwc-2 and the final release that fixed
a gid_to_sid cache bug that sounds similar to what you
Comment 3 Mario Lipinski 2006-09-06 18:38:55 UTC
I really would like to have tried this earlier. But did not find the time.
After doing some testing with 3.0.23c it looks good. So far everything worked.

If the problem occurs again I will reopen the bug. 
And thank you very much for your excellent work.