i have problem with login to domain after upgrade from Samba 3.0.30 to Samba 3.4.x
After this upgrade doesn't work loging to domain with newly created users (with existing users is all fine).
During login to domain i see in samba log that user is authenticated...
[2009/09/30 22:54:09, 2] auth/auth.c:310(check_ntlm_password)
check_ntlm_password: authentication for user [kkohoutova] -> [kkohoutova] -> [kkohoutova] succeeded
but in WinXP client i got error message "user cannot login. check username/password/domain and be aware that username/password are case sensitive" and loging to domain failed.
I tried these three interestedly things:
1) various chenge is smb.conf, then i tried also another (minimalist, only with necesarry items) smb.conf, but with same problem
2) after upgrade i return back passdb.tdb, schannel_store.tdb, secrets.tdb and all work fine - but i think that holding old passdb tdbsam version isnt good. And with each next update i will be must again copy old tdb files:(
3) after upgrade i remove WindowsXP client from domain a then i return this computer back to domain. Good message is, that logging for new users work fine, but something wrong is with communication without samba and this windowsXP client:
a) occured some problems in roaming profile (settings something programs is bad), but loading romaing profile was without error
b) dont work group mapping without server and client (picture 1.)
Group mapping in server is like this:
Domain Admins (S-1-5-21-3966653709-1237807765-2450298212-512) -> ntadmins
Domain Users (S-1-5-21-3966653709-1237807765-2450298212-513) -> uzivatele
Computer account is such:
Unix username: PC-ARCHIV$
Account Flags: [W ]
User SID: S-1-5-21-1203430490-2282085455-951066727-1028
Primary Group SID: S-1-5-21-1203430490-2282085455-951066727-513
Full Name: PC-ARCHIV$
Home Directory: \\majerbox\pc-archiv_
HomeDir Drive: U:
Logon Script: startup.bat
Profile Path: \\majerbox\pc-archiv_\profileNT
Logon time: 0
Logoff time: 9223372036854775807 seconds since the Epoch
Kickoff time: 9223372036854775807 seconds since the Epoch
Password last set: Tue, 08 Dec 2009 21:19:21 CET
Password can change: Tue, 08 Dec 2009 21:19:21 CET
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
I dont know why all computer have the same UID...
...is this right?
I attached log with debug level 10, trace and my smb.conf
So... summary of this problem - after upgrade from samba 3.0.30 to Samba 3.4.x doesnt work newly created user account. During loging to domain i got in WinXP client error message "user cannot login. check username/password/domain and be aware that username/password are case sensitive" and loging to domain failed. But in samba is all right (i see auth succeded in log), in trace is as for me also all right and in Event viewer in workstation i dont see any error messages, but new account dont work..
Please can you help me with this problem?
Created attachment 5069 [details]
trace during logging to domain
Created attachment 5070 [details]
log from samba during loging to domain
Created attachment 5071 [details]
Created attachment 5072 [details]
i solved already this problem. After upgrade samba created
schannel_store.tdb and secrets.tdb in /var/lib/samba/private and in
/etc/samba stay on original files schannel_store.tdb and secrets.tdb. I
moved this two
files from /etc/samba to /var/lib/samba/private and replace newly created
files and all work fine.