Bug 6977 - After upgrade from samba 3.0.30 to Samba 3.4.x doesnt work newly created user account
After upgrade from samba 3.0.30 to Samba 3.4.x doesnt work newly created user...
Status: RESOLVED FIXED
Product: Samba 3.4
Classification: Unclassified
Component: Domain Control
unspecified
Other Windows XP
: P3 normal
: ---
Assigned To: Guenther Deschner
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-12-09 09:52 UTC by Lukas DESEYVE
Modified: 2009-12-17 03:35 UTC (History)
0 users

See Also:


Attachments
trace during logging to domain (14.20 KB, application/octet-stream)
2009-12-09 09:53 UTC, Lukas DESEYVE
no flags Details
log from samba during loging to domain (247.54 KB, application/octet-stream)
2009-12-09 09:54 UTC, Lukas DESEYVE
no flags Details
my smb.conf (6.69 KB, text/plain)
2009-12-09 09:58 UTC, Lukas DESEYVE
no flags Details
group mapping (38.70 KB, image/jpeg)
2009-12-09 10:44 UTC, Lukas DESEYVE
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Lukas DESEYVE 2009-12-09 09:52:13 UTC
Hello,

i have problem with login to domain after upgrade from Samba 3.0.30 to Samba 3.4.x

After this upgrade doesn't work loging to domain with newly created users (with existing users is all fine).

During login to domain i see in samba log that user is authenticated...


...
[2009/09/30 22:54:09,  2] auth/auth.c:310(check_ntlm_password)
  check_ntlm_password:  authentication for user [kkohoutova] -> [kkohoutova] -> [kkohoutova] succeeded
...

but in WinXP client i got error message "user cannot login. check username/password/domain and be aware that username/password are case sensitive" and loging to domain failed.


I tried these three interestedly things:
1) various chenge is smb.conf, then i tried also another (minimalist, only with necesarry items) smb.conf, but with same problem

2) after upgrade i return back passdb.tdb, schannel_store.tdb, secrets.tdb and all work fine - but i think that holding old passdb tdbsam version isnt good. And with each next update i will be must again copy old tdb files:(

3) after upgrade i remove WindowsXP client from domain a then i return this computer back to domain. Good message is, that logging for new users work fine, but something wrong is with communication without samba and this windowsXP client:
       a) occured some problems in roaming profile (settings something programs is bad), but loading romaing profile was without error
       b) dont work group mapping without server and client (picture 1.)

Group mapping in server is like this:
Domain Admins (S-1-5-21-3966653709-1237807765-2450298212-512) -> ntadmins
Domain Users (S-1-5-21-3966653709-1237807765-2450298212-513) -> uzivatele

Computer account is such:
Unix username:        PC-ARCHIV$
NT username:
Account Flags:        [W          ]
User SID:             S-1-5-21-1203430490-2282085455-951066727-1028
Primary Group SID:    S-1-5-21-1203430490-2282085455-951066727-513
Full Name:            PC-ARCHIV$
Home Directory:       \\majerbox\pc-archiv_
HomeDir Drive:        U:
Logon Script:         startup.bat
Profile Path:         \\majerbox\pc-archiv_\profileNT
Domain:               MAJER
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          9223372036854775807 seconds since the Epoch
Kickoff time:         9223372036854775807 seconds since the Epoch
Password last set:    Tue, 08 Dec 2009 21:19:21 CET
Password can change:  Tue, 08 Dec 2009 21:19:21 CET
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

PC-ARCHIV$:4294967295:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:71599BEE18C8894BEC14D9510EED8BF0:[W          ]:LCT-4B1EB4C9:

I dont know why all computer have the same UID...

PC-ARCHIV$:4294967295:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:71599BEE18C8894BEC14D9510EED8BF0:[W          ]:LCT-4B1EB4C9:
PC-STEPANKA$:4294967295:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:5113B0B2C514AEE89DFC79CDF38AC5EF:[W          ]:LCT-4AFA2D0B:
PC-NOVE1$:4294967295:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:FA8EAE6B7BB967F26241BE68F9CFD447:[W          ]:LCT-476612B2:

...is this right?


I attached log with debug level 10, trace and my smb.conf


So... summary of this problem - after upgrade from samba 3.0.30 to Samba 3.4.x doesnt work newly created user account. During loging to domain i got in WinXP client error message "user cannot login. check username/password/domain and be aware that username/password are case sensitive" and loging to domain failed. But in samba is all right (i see auth succeded in log), in trace is as for me also all right and in Event viewer in workstation i dont see any error messages, but new account dont work..
Please can you help me with this problem?
Comment 1 Lukas DESEYVE 2009-12-09 09:53:10 UTC
Created attachment 5069 [details]
trace during logging to domain
Comment 2 Lukas DESEYVE 2009-12-09 09:54:14 UTC
Created attachment 5070 [details]
log from samba during loging to domain
Comment 3 Lukas DESEYVE 2009-12-09 09:58:49 UTC
Created attachment 5071 [details]
my smb.conf
Comment 4 Lukas DESEYVE 2009-12-09 10:44:47 UTC
Created attachment 5072 [details]
group mapping
Comment 5 Lukas DESEYVE 2009-12-17 03:35:38 UTC
i solved already this problem. After upgrade samba created
schannel_store.tdb and secrets.tdb in /var/lib/samba/private and in
/etc/samba stay on original files schannel_store.tdb and secrets.tdb. I
moved this two
files from /etc/samba to /var/lib/samba/private and replace newly created
files and all work fine.