Atrox
2007-Jun-21 11:23 UTC
[Samba] cannot login from some machines after upgrading from 2 to 3
Hi. I've got a strange issue here. Some time ago (in march ;) I upgraded my FreeBSD-6.0 Samba 2.2 to 3.0 (currently 3.0.24). After creating groupmaps and doing all the other upgrade tasks, everything seemed to be alright. However, it was not possible to login from some machines (getting error for the wrong password). After disjoining and rejoining domain with these machines, it was possible again. Does anybody know, what could be the problem? There are still some such machines left. One of these is a Windows 2000. When I try to login to domain from there, I see the according log-lines ending with: ====[2007/06/21 11:40:27, 3] auth/auth.c:check_ntlm_password(270) check_ntlm_password: sam authentication for user [silver] succeeded [2007/06/21 11:40:27, 5] auth/auth.c:check_ntlm_password(296) check_ntlm_password: PAM Account for user [silver] succeeded [2007/06/21 11:40:27, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [silver] -> [silver] -> [silver] succeeded [2007/06/21 11:40:27, 5] auth/auth_util.c:free_user_info(1867) attempting to free (and zero) a user_info structure [2007/06/21 11:40:27, 10] auth/auth_util.c:free_user_info(1871) structure was created for silver ==== When checking some successful login's log, I see that information about user's groups should follow: ====[2007/06/21 13:24:57, 10] auth/auth_util.c:free_user_info(1871) structure was created for silver [2007/06/21 13:24:57, 10] auth/auth_util.c:create_local_token(1023) Could not convert SID S-1-1-0 to gid, ignoring it [2007/06/21 13:24:57, 10] auth/auth_util.c:create_local_token(1023) Could not convert SID S-1-5-2 to gid, ignoring it [2007/06/21 13:24:57, 10] auth/auth_util.c:create_local_token(1023) Could not convert SID S-1-5-32-546 to gid, ignoring it [2007/06/21 13:24:57, 10] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-770051042-1162095659-2196661315-501 contains 4 SIDs SID[ 0]: S-1-5-21-770051042-1162095659-2196661315-501 SID[ 1]: S-1-1-0 SID[ 2]: S-1-5-2 SID[ 3]: S-1-5-32-546 ==== I checked the "server schannel" also and verified that this is not the case as this w2k's according security settings match server's settings. What else could cause this? Thanks in advance, Silver -- View this message in context: http://www.nabble.com/cannot-login-from-some-machines-after-upgrading-from-2-to-3-tf3958124.html#a11231169 Sent from the Samba - General mailing list archive at Nabble.com.
Atrox
2007-Aug-14 14:12 UTC
[Samba] cannot login from some machines after upgrading from 2 to 3
Atrox wrote:> > Hi. > > I've got a strange issue here. Some time ago (in march ;) I upgraded my > FreeBSD-6.0 Samba 2.2 to 3.0 (currently 3.0.24). After creating groupmaps > and doing all the other upgrade tasks, everything seemed to be alright. > However, it was not possible to login from some machines (getting error > for the wrong password). After disjoining and rejoining domain with these > machines, it was possible again. > > Does anybody know, what could be the problem? > > There are still some such machines left. One of these is a Windows 2000. > When I try to login to domain from there, I see the according log-lines > ending with: > ====> [2007/06/21 11:40:27, 3] auth/auth.c:check_ntlm_password(270) > check_ntlm_password: sam authentication for user [silver] succeeded > [2007/06/21 11:40:27, 5] auth/auth.c:check_ntlm_password(296) > check_ntlm_password: PAM Account for user [silver] succeeded > [2007/06/21 11:40:27, 2] auth/auth.c:check_ntlm_password(309) > check_ntlm_password: authentication for user [silver] -> [silver] -> > [silver] succeeded > [2007/06/21 11:40:27, 5] auth/auth_util.c:free_user_info(1867) > attempting to free (and zero) a user_info structure > [2007/06/21 11:40:27, 10] auth/auth_util.c:free_user_info(1871) > structure was created for silver > ====> > When checking some successful login's log, I see that information about > user's groups should follow: > ====> [2007/06/21 13:24:57, 10] auth/auth_util.c:free_user_info(1871) > structure was created for silver > [2007/06/21 13:24:57, 10] auth/auth_util.c:create_local_token(1023) > Could not convert SID S-1-1-0 to gid, ignoring it > [2007/06/21 13:24:57, 10] auth/auth_util.c:create_local_token(1023) > Could not convert SID S-1-5-2 to gid, ignoring it > [2007/06/21 13:24:57, 10] auth/auth_util.c:create_local_token(1023) > Could not convert SID S-1-5-32-546 to gid, ignoring it > [2007/06/21 13:24:57, 10] auth/auth_util.c:debug_nt_user_token(454) > NT user token of user S-1-5-21-770051042-1162095659-2196661315-501 > contains 4 SIDs > SID[ 0]: S-1-5-21-770051042-1162095659-2196661315-501 > SID[ 1]: S-1-1-0 > SID[ 2]: S-1-5-2 > SID[ 3]: S-1-5-32-546 > ====> > I checked the "server schannel" also and verified that this is not the > case as this w2k's according security settings match server's settings. > > What else could cause this? > > Thanks in advance, > Silver >Hello. Update: some machines allow some users to login, but some users not to. Even though the user is in the users group and can login to Samba with smbclient, login from (at least some) machines fails. Hasn't anyone experienced smth like that? Silver -- View this message in context: http://www.nabble.com/cannot-login-from-some-machines-after-upgrading-from-2-to-3-tf3958124.html#a12145332 Sent from the Samba - General mailing list archive at Nabble.com.