After upgrading from Samba 3.2.8 to 3.2.10, domain logins do not work correctly anymore for Windows XP clients that do not have SP3 installed. Environment: OpenSUSE 11.0 PDC and BDC with Samba 3.2.10 and OpenLDAP. Clients are Windows XP Pro with SP3 or SP2. Symptoms: After login, an lsass.exe error is displayed, and windows starts shutting down (60 secs left). This happens reproducibly with all Windows XP SP2 clients. If I stop the shutdown, I can work with the mounted shares. If I open, however, the control panel system properties "computer name" tab, a popup tells me that there is no RPC server, and the domain name is "*unknown*". There are some more symptoms. It is possible to log locally into a computer, to mount shares on the PDC manually and to work normally with them. The problem seems to be related to domain and/or security functions, not to file services. I downgraded the PDC and the BDC to 3.2.8, and with that, everything is fine again. This unfortunately means that I cannot do any testing. Peter Rindfuss ------------------------- smb.conf [global] display charset = UTF-8 workgroup = WZB server string = File Server interfaces = 127.0.0.1, 193.174.6.4 bind interfaces only = Yes passdb backend = ldapsam:ldapi://%2fvar%2frun%2fslapd%2fldapi/ guest account = guest passwd program = /usr/local/sbin/wzbpasswd -U -M -s -x %u passwd chat = *Enter*password* %n\n *Re-enter*password* %n\n *changed* username map = /etc/samba/smbusers unix password sync = Yes syslog = 0 smb ports = 139 time server = Yes unix extensions = No socket options = TCP_NODELAY SO_KEEPALIVE load printers = No printcap name = /dev/null add user script = /usr/local/sbin/wzbuseradd -q -I -y -c %u delete user script = /usr/local/sbin/wzbuserdel -q -d %u add group script = /usr/local/sbin/wzbgroupadd -q -y '%g' delete group script = /usr/local/sbin/wzbgroupdel -q '%g' add user to group script = /usr/local/sbin/wzbgroupmemberadd -q '%g' %u delete user from group script = /usr/local/sbin/wzbgroupmemberdel -q '%g' %u set primary group script = /usr/local/sbin/wzbgroupprim -q %u '%g' add machine script = /usr/local/sbin/wzbuseradd -q -y -x %m logon script = login.cmd logon path = logon home = \\selene\wzb domain logons = Yes os level = 65 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes kernel oplocks = No ldap admin dn = cn=root,dc=wzb,dc=eu ldap group suffix = ou=groups ldap machine suffix = ou=machines ldap suffix = ou=accounts,dc=wzb,dc=eu ldap user suffix = ou=users host msdfs = No ldapsam:trusted = Yes admin users = @admins create mask = 0700 directory mask = 0700 hosts allow = 193.174.6.0/255.255.254.0 ea support = Yes map acl inherit = Yes cups options = raw hide unreadable = Yes map archive = No mangled names = No store dos attributes = Yes dos filemode = Yes [netlogon] comment = Network Logon Service path = /wzb/netlogon valid users = @admins, @users, root admin users = @admins, root guest ok = Yes browseable = No [wzb] comment = WZB File Server path = /wzb/samba valid users = @admins, @users, root admin users = @admins, root read only = No inherit permissions = Yes inherit acls = Yes inherit owner = Yes use sendfile = Yes hide dot files = No hide special files = Yes map readonly = permissions mangled names = Yes root preexec = /usr/local/sbin/wzbldapsettime %u sambaLogonTime root postexec = /usr/local/sbin/wzbldapsettime %u sambaLogoffTime [pmail] comment = Pegasus Mail Share path = /wzb/pmail valid users = @admins, @users read only = No inherit permissions = Yes inherit acls = Yes inherit owner = Yes hide special files = Yes map readonly = permissions mangled names = Yes [antivirus] path = /wzb/antivirus valid users = @admins, @users read only = No inherit permissions = Yes inherit acls = Yes inherit owner = Yes mangled names = Yes
Created attachment 4067 [details] Test. Ok, here is a reverse diff of changes in the rpc_server subsystems between 3.2.8 (which works) and 3.2.10 (which doesn't). Could you apply this patch to 3.2.10 and see if the clients start working again ? If they do, then let's narrow down which change it was that caused the problem. My guess would be the changes in rpc_server/srv_netlogon_nt.c which were added to allow us to cope with upcoming Windows 7 code. So you could try swapping the 3.2.8 and 3.2.10 versions of that file into 3.2.10 and seeing if that fixes the issue. Your help on this would be greatly appreciated ! Thanks, Jeremy.
Jeremy, I'd be happy to help, but - I have no testing environment - We are talking about our central server (up to 450 workstations attached) - I usually do not compile Samba, but apply opensuse binaries. But I could try on Saturday (April 18) afternoon, if that is soon enough, and if I manage to modify and compile the opensuse source rpm. Best, Peter
*** Bug 6265 has been marked as a duplicate of this bug. ***
Jeremy, I know what is going on and I am able to reproduce.
Thanks for the diff Jeremy, that really helped :) A fix for this is pushed to all branches: v3-2-test: http://git.samba.org/?p=samba.git;a=commitdiff;h=f049fb5643f93cc4806ada5db8e591bbe4cb9204 v3-3-test: http://git.samba.org/?p=samba.git;a=commitdiff;h=597be402e40ff880b595ae49a8600b932365cbcb Everyone please test.
Created attachment 4070 [details] Patch for 3.2.x. In case people can't get to git, here is Guenther's patch as an attachment for 3.2.x. Jeremy.
I am having the exact same error on Vista Business 32bit w/ SP1 and all updates installed. I thought it was a bad Windows Update pushed out by Microsoft (our WSUS server pushes out all updates automatically). My only solution was to go in to safe mode as administrator, open a cmd prompt and run: net stop winmgmt /y del /s /q c:\windows\system32\wbem\Repository\*.* and then reboot. But now that you mention it, I was only getting that error after I joined the Vista clients to my domain.
Just verified with Vista: And yes, without typing or pressing anything, Vista SP1 gets into an infinite crashe and reboot loop. The fix that has been published and pushed resolves this. We also made sure in our automated testsuite that this never happens again. If we could have any further positive feedback we could close this bug.
3.2.11 works fine with WinXP / SP2. Cheers, Peter
Thanks for verifiying, Peter. Closing as fixed.