Bug 4620 - problems with security = server on 3.0.25
Summary: problems with security = server on 3.0.25
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.25
Hardware: Other Linux
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
Depends on:
Reported: 2007-05-15 11:18 UTC by James F. Carter
Modified: 2007-05-22 07:22 UTC (History)
1 user (show)

See Also:

output of "smbd -d 10 -i" from affected server (71.58 KB, text/plain)
2007-05-16 08:58 UTC, James F. Carter
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description James F. Carter 2007-05-15 11:18:49 UTC
attempts to connect to the domain master (samba1) are fine, but connecting to a non-master server (pisa) fails to login - smbclient says "session setup failed: NT_STATUS_LOGON_FAILURE". reverting the non-master to 3.0.24 gets it working again.

domain master's [global] smbd.conf section:
   workgroup = YKCSCI
   netbios name = samba1
   comment = Samba Server 1
   server string = godot
   printing = bsd
   lpq cache time = 10
   print command = /york/pkg/samba/lib/mylp %p %s
   lpq command =  /york/pkg/samba/lib/mylpq %p
   lprm command = /york/pkg/samba/lib/mylprm %p %j
   printcap name = /york/pkg/samba/lib/printcap
   load printers = yes
   use client driver = yes
  guest account = nobody
  log file = /spool/misc/samba/log.%m
   max log size = 20
    short preserve case = yes
    preserve case = yes
   lock directory = /spool/misc/samba/locks
   locking = yes
   security = user
   encrypt passwords = yes
   socket options = TCP_NODELAY
interfaces =
    local master = yes
   os level = 33
   domain master = yes
   preferred master = yes
    wins support = yes
  name resolve order = wins hosts bcast

and the non-master's:
        workgroup = YKCSCI
        netbios name = PISA
        server string = WWW/FTP server
        interfaces =
        security = SERVER
        password server = SAMBA1
        log level = 1
        log file = /var/log/samba/log.%m
        max log size = 50
        lock directory = /var/log/samba/locks
        name resolve order = hosts bcast
        preferred master = No
        local master = No
        domain master = No
Comment 1 Volker Lendecke 2007-05-15 13:58:40 UTC
Can you please upload a debug level 10 log of smbd running on pisa?


Comment 2 James F. Carter 2007-05-16 08:58:01 UTC
Created attachment 2695 [details]
output of "smbd -d 10 -i" from affected server

pisa is a production server, and i had to revert it to 3.0.24 to keep it working. i've set up an equivalent server (pc004) - which suffers from exactly the problem, so i've attached the log from that.

Comment 3 Christian Perrier (dead mail address) 2007-05-17 03:35:21 UTC
To bug reporter: do you use "username map" on the client?

There's a very similar bug (which I just reproduced) in Debian: http://bugs.debian.org/424046

The bug doesn't happen with "security=domain". However, "our" bug is definitely related to "username map" and I'm trying to find whether I should report it separately or not.
Comment 4 Christian Perrier (dead mail address) 2007-05-17 10:03:53 UTC
A similar bug was reported on Debian:
Comment 5 Christian Perrier (dead mail address) 2007-05-17 10:07:12 UTC
Please ignore my previous comment. It was intended for #4619
Comment 6 Gerald (Jerry) Carter (dead mail address) 2007-05-22 07:22:44 UTC
Fixed for 3.0.25a