-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michael Folsom wrote: > Folks: > > I've got several systems attached to a 2003 domain where we use > kerberos to authenticate. > > When I upgraded a system to the latest greatest samba things stopped > working. Just to find where it happened in the different versions of > samba I downloaded, built, & ran 3.0.23d to 3.0.25c using the same > smb.conf file. Turns out the 2.0.23d and 3.0.24 works but from 3.0.25 > on it fails. When it fails it prompts users to login and the system > isn't in the proper domain any more so not sure where the issue is. > I've looked at the 25 change log but frankly don't see anything > obvious that would have caused this...... > > Here's the globals section of my smb.conf file: > > [global] > workgroup = XYZ > interfaces = 1xx.2xx.9.5/24 > comment = Timmy, Samba Server version %v > #status = yes > browseable = yes > guest account = nobody > invalid users = root, daemon > hosts allow = 1xx.2xx. 127. > lock directory = /var/lock/subsys/smb > log file = /var/log/samba/%m.log > syslog = 1 > getwd cache = yes > socket options = TCP_NODELAY > keep alive = 3600 > dead time = 30 > locking = yes > security = server > # > ntlm auth = no > lanman auth = no > client lanmn auth = no > client ntlmv2 auth = yes > # > password server = xxxxxx.yyy.zzzzz.org > local master = no > os level = 33 > domain master = no > preferred master = no > wins support = no > wins server = 1xx.2xx.181.100 > dns proxy = no > #client code page = 437 > netbios aliases = timmy > > ----------------------------------------------------------------------------------------------- >>From the log files.......... > /var/log/samba/winxpclient.log file: > > ....when it works ...... > [2008/01/16 17:21:13, 1] smbd/service.c:make_connection_snum(950) > jarosa (1xx.2xx.9.58) connect to service MWFOLSOM initially as user > mwfolsom (uid=4231, gid=100) (pid 2914) > [2008/01/16 17:21:39, 1] smbd/service.c:close_cnum(1150) > jarosa (1xx.2xx.9.58) closed connection to service MWFOLSOM > ....when it fails ..... > [2008/01/16 17:35:47, 1] auth/auth_server.c:check_smbserver_security(362) > password server XXXXXX.YYY.ZZZZZZ.ORG rejected the password: > NT_STATUS_LOGON_FAILURE > [2008/01/16 17:35:47, 1] auth/auth_server.c:check_smbserver_security(362) > password server XXXXXX.YYY.ZZZZZZ.ORG rejected the password: > NT_STATUS_LOGON_FAILURE > [2008/01/16 17:35:50, 1] auth/auth_server.c:check_smbserver_security(362) > password server XXXXXX.YYY.ZZZZZZ.ORG rejected the password: > NT_STATUS_LOGON_FAILURE > [2008/01/16 17:35:50, 1] auth/auth_server.c:check_smbserver_security(362) > password server XXXXXX.YYY.ZZZZZZ.ORG rejected the password: > NT_STATUS_LOGON_FAILURE > [2008/01/16 17:35:50, 1] auth/auth_server.c:check_smbserver_security(362) > password server XXXXXX.YYY.ZZZZZZ.ORG rejected the password: > NT_STATUS_LOGON_FAILURE > [2008/01/16 17:35:50, 1] auth/auth_server.c:check_smbserver_security(362) > password server XXXXXX.YYY.ZZZZZZ.ORG rejected the password: > NT_STATUS_LOGON_FAILURE > [2008/01/16 17:35:50, 1] auth/auth_server.c:check_smbserver_security(362) > password server XXXXXX.YYY.ZZZZZZ.ORG rejected the password: > NT_STATUS_LOGON_FAILURE > [2008/01/16 17:35:50, 1] auth/auth_server.c:check_smbserver_security(362) > password server XXXXXX.YYY.ZZZZZZ.ORG rejected the password: > NT_STATUS_ACCOUNT_LOCKED_OUT > [2008/01/16 17:36:00, 1] auth/auth_server.c:check_smbserver_security(362) > password server XXXXXX.YYY.ZZZZZZ.ORG rejected the password: > NT_STATUS_ACCOUNT_LOCKED_OUT > [2008/01/16 17:36:00, 1] auth/auth_server.c:check_smbserver_security(362) > password server XXXXXX.YYY.ZZZZZZ.ORG rejected the password: > NT_STATUS_ACCOUNT_LOCKED_OUT > > /var/log/smbd.log > [2008/01/16 17:34:39, 0] smbd/server.c:main(986) > standard input is not a socket, assuming -D option > [2008/01/16 17:34:40, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(241) > startsmbfilepwent_internal: file /usr/local/samba/private/smbpasswd > did not exist. File successfully created.
Did you lose your domain SID somehow? I think this is held in secrets.tdb. - -- ---- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$&| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD4DBQFHj8bMmb+gadEcsb4RAnXrAJj+MIpmvPiDMNRuGkhIHGLHgPlyAJ9VUjRJ 7NKNzNRmJQFe2ybjiPupzg== =rSSU -----END PGP SIGNATURE-----
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
