Hello, i have problem with login to domain after upgrade from Samba 3.0.30 to Samba 3.4.x After this upgrade doesn't work loging to domain with newly created users (with existing users is all fine). During login to domain i see in samba log that user is authenticated... ... [2009/09/30 22:54:09, 2] auth/auth.c:310(check_ntlm_password) check_ntlm_password: authentication for user [kkohoutova] -> [kkohoutova] -> [kkohoutova] succeeded ... but in WinXP client i got error message "user cannot login. check username/password/domain and be aware that username/password are case sensitive" and loging to domain failed. I tried these three interestedly things: 1) various chenge is smb.conf, then i tried also another (minimalist, only with necesarry items) smb.conf, but with same problem 2) after upgrade i return back passdb.tdb, schannel_store.tdb, secrets.tdb and all work fine - but i think that holding old passdb tdbsam version isnt good. And with each next update i will be must again copy old tdb files:( 3) after upgrade i remove WindowsXP client from domain a then i return this computer back to domain. Good message is, that logging for new users work fine, but something wrong is with communication without samba and this windowsXP client: a) occured some problems in roaming profile (settings something programs is bad), but loading romaing profile was without error b) dont work group mapping without server and client (picture 1.) Group mapping in server is like this: Domain Admins (S-1-5-21-3966653709-1237807765-2450298212-512) -> ntadmins Domain Users (S-1-5-21-3966653709-1237807765-2450298212-513) -> uzivatele Computer account is such: Unix username: PC-ARCHIV$ NT username: Account Flags: [W ] User SID: S-1-5-21-1203430490-2282085455-951066727-1028 Primary Group SID: S-1-5-21-1203430490-2282085455-951066727-513 Full Name: PC-ARCHIV$ Home Directory: \\majerbox\pc-archiv_ HomeDir Drive: U: Logon Script: startup.bat Profile Path: \\majerbox\pc-archiv_\profileNT Domain: MAJER Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: 9223372036854775807 seconds since the Epoch Kickoff time: 9223372036854775807 seconds since the Epoch Password last set: Tue, 08 Dec 2009 21:19:21 CET Password can change: Tue, 08 Dec 2009 21:19:21 CET Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF PC-ARCHIV$:4294967295:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:71599BEE18C8894BEC14D9510EED8BF0:[W ]:LCT-4B1EB4C9: I dont know why all computer have the same UID... PC-ARCHIV$:4294967295:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:71599BEE18C8894BEC14D9510EED8BF0:[W ]:LCT-4B1EB4C9: PC-STEPANKA$:4294967295:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:5113B0B2C514AEE89DFC79CDF38AC5EF:[W ]:LCT-4AFA2D0B: PC-NOVE1$:4294967295:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:FA8EAE6B7BB967F26241BE68F9CFD447:[W ]:LCT-476612B2: ...is this right? I attached log with debug level 10, trace and my smb.conf So... summary of this problem - after upgrade from samba 3.0.30 to Samba 3.4.x doesnt work newly created user account. During loging to domain i got in WinXP client error message "user cannot login. check username/password/domain and be aware that username/password are case sensitive" and loging to domain failed. But in samba is all right (i see auth succeded in log), in trace is as for me also all right and in Event viewer in workstation i dont see any error messages, but new account dont work.. Please can you help me with this problem?
Created attachment 5069 [details] trace during logging to domain
Created attachment 5070 [details] log from samba during loging to domain
Created attachment 5071 [details] my smb.conf
Created attachment 5072 [details] group mapping
i solved already this problem. After upgrade samba created schannel_store.tdb and secrets.tdb in /var/lib/samba/private and in /etc/samba stay on original files schannel_store.tdb and secrets.tdb. I moved this two files from /etc/samba to /var/lib/samba/private and replace newly created files and all work fine.