Bug 8143 - machine account case-sensitivity issue causes trust relationship to fail
machine account case-sensitivity issue causes trust relationship to fail
Status: RESOLVED FIXED
Product: Samba 3.4
Classification: Unclassified
Component: User & Group Accounts
unspecified
All All
: P5 normal
: ---
Assigned To: Samba Bugzilla Account
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-05-17 18:54 UTC by Rob J. Caskey
Modified: 2013-03-11 14:34 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Rob J. Caskey 2011-05-17 18:54:11 UTC
[2011/05/17 12:35:46,  1] auth/auth_util.c:577(make_server_info_sam)
  User HEDESK4$ in passdb, but getpwnam() fails!
[2011/05/17 12:35:46,  0] auth/auth_sam.c:355(check_sam_security)
  check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER'

Changing the machine account name in /etc/passwd from hedesk4$ to HEDESK4$ immediately fixed the problem. getpwnam seems to be case sensitive thus causing make_server_info_sam().

The clients are stock Windows 7 machines with the reg patch from the Wiki applied. I believe the problem would probably happen with XP as well, but all our XP clients use machine accounts that were migrated not added so I don't knwo for sure. The machine joins the domain fine, but when I try to add an admin user from the domain to the machine either as part of the join domain process or after the fact with the users control panel, I bump into the above issue.

Running stock packages from Ubuntu 10.04.

[global]
   workgroup = AHA
   server string = Buckbeak File Server
   admin users = @admin
 if you want to automatically load your printer list rather
   printcap name = cups
   load printers = yes
   printing = cups
   log file = /var/log/samba/log.%m
   max log size = 50
log level=1
  guest account = nobody
   security = user
  encrypt passwords = true
  unix password sync = Yes
  pam password change = yes
 username map = /etc/samba/smbusers
   acl compatibility = win2k
   max log size = 5000
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces=192.168.1.251/24 10.4.10.30/24
   local master = yes
   os level = 35
   domain master = yes
   preferred master = yes
   time server = yes
   domain logons = yes
   logon script = %U.bat
   logon path =
   logon drive =
 add user script = /usr/sbin/useradd -s /bin/false '%u'
 delete user script = /usr/sbin/userdel '%s'
 add user to group script = /usr/bin/gpasswd -a '%u' '%g'
 delete user from group script = /usr/bin/gpasswd -d '%u' '%g'
 set primary group script = /usr/sbin/usermod -g '%g' '%u'
 add group script = /usr/sbin/groupadd %g && getent group '%g'|awk -F: '{print $3}'
 delete group script = /usr/sbin/groupdel '%g'
add machine script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false '%u'
 passdb backend = tdbsam
 idmap uid = 15000-20000
 idmap gid = 15000-20000

wins support = yes
   dns proxy = no
  preserve case = yes
  default case = lower
  case sensitive = no
   dos charset = 437
   unix charset = ISO8859-1
Comment 1 Jeremy Allison 2011-05-17 22:54:37 UTC
I'm pretty sure this is fixed in 3.5.8. Please test there and report back, thanks !
Jeremy.
Comment 2 Björn Jacke 2013-03-11 14:34:31 UTC
Rob: if possible, please give feedback if it works or not now. I'll close this for now, hoping it is fixed.