thr3ads.net - samba - [Samba] v3.0.2a: can't login into domain after switching to pdb

If this information is useful, please help other people find it:
Share via:
Yuri Nosyrev
2004-Apr-13 02:56 UTC
[Samba] v3.0.2a: can't login into domain after switching to pdb_mysql

Hello list.samba.org

FreeBSD-5.2.1, samba from port with tdbsam-backend configured as PDC
Everything is working fine: i.e. registering at samba domain and logging on
to it,
but after I switch to mysql-backend (pdb-mysql)
I can only successfully register my Windows 2k3 at Samba domain
(messagebox 'Welcome to slavel.ru domain' has appiered),
i.e. can successfully change domain of my workstation
from WindowsNT domain to Samba domain,
but after prompt to reboot and followed rebooting can't logon into domain...
Mysql log shows me some strange queries to samba db with where-clause of
none existing samba user

Here is samba.conf and mysql logs:
**************************************************************
hercules# cat /usr/local/etc/smb.conf
[global]
        workgroup = SLAVEL.RU
        server string = Slavel.ru Samba %v
        interfaces = xl0
        passdb backend = mysql:mysql
        logon path = \\%N\homes\%u\
        logon home = \\%N\homes\%u\
        logon drive = H:
        domain logons = Yes
        os level = 33
        preferred master = Yes
        domain master = Yes
        mysql:mysql host = localhost
        mysql:mysql user = root # for dbugging only
        mysql:mysql password = blablabla
        mysql:mysql database = samba
        admin users = nua
        printer admin = nua
        deadtime = 10
        follow symlinks = no
        max smbd processes = 1000

[netlogon]
        path = /var/spool/samba/shares/netlogon
        read only = yes

[profiles]
        path = /var/spool/samba/shares/homes/%u/profiles
        browseable = no
        read only = No
        guest ok = no
        create mask = 0600
        directory mask = 0700

[homes]
        path = /var/spool/samba/shares/homes/%u
        browseable = no
        read only = No
        guest ok = no
        create mask = 0600
        directory mask = 0700
**************************************************************
this's registering of Windows Workstation (NUA) at domain: everything's
OK!
(for debugging purpose samba user is mysql root)

040413 12:29:53      59 Connect     root@localhost on samba
                     60 Connect     root@localhost on samba
                     60 Query       SELECT
logon_time,logoff_time,kickoff_time,pass_last_set_time,pass_can_change_time,
pass_must_change_time,username,domain,nt_username,nt_fullname,home_dir,dir_d
rive,logon_script,profile_path,acct_desc,workstations,unknown_str,munged_dia
l,user_sid,group_sid,lm_pw,nt_pw,NULL,acct_ctrl,unknown_3,logon_divs,hours_l
en,bad_password_count,logon_count,unknown_6 FROM user WHERE username
'root'
                     60 Query       SELECT
logon_time,logoff_time,kickoff_time,pass_last_set_time,pass_can_change_time,
pass_must_change_time,username,domain,nt_username,nt_fullname,home_dir,dir_d
rive,logon_script,profile_path,acct_desc,workstations,unknown_str,munged_dia
l,user_sid,group_sid,lm_pw,nt_pw,NULL,acct_ctrl,unknown_3,logon_divs,hours_l
en,bad_password_count,logon_count,unknown_6 FROM user WHERE username
'root'
040413 12:29:54      61 Connect     root@localhost on samba
                     61 Query       SELECT
logon_time,logoff_time,kickoff_time,pass_last_set_time,pass_can_change_time,
pass_must_change_time,username,domain,nt_username,nt_fullname,home_dir,dir_d
rive,logon_script,profile_path,acct_desc,workstations,unknown_str,munged_dia
l,user_sid,group_sid,lm_pw,nt_pw,NULL,acct_ctrl,unknown_3,logon_divs,hours_l
en,bad_password_count,logon_count,unknown_6 FROM user WHERE username
'root'
                     61 Query       SELECT
logon_time,logoff_time,kickoff_time,pass_last_set_time,pass_can_change_time,
pass_must_change_time,username,domain,nt_username,nt_fullname,home_dir,dir_d
rive,logon_script,profile_path,acct_desc,workstations,unknown_str,munged_dia
l,user_sid,group_sid,lm_pw,nt_pw,NULL,acct_ctrl,unknown_3,logon_divs,hours_l
en,bad_password_count,logon_count,unknown_6 FROM user WHERE username
'root'
040413 12:29:55      61 Query       SELECT
logon_time,logoff_time,kickoff_time,pass_last_set_time,pass_can_change_time,
pass_must_change_time,username,domain,nt_username,nt_fullname,home_dir,dir_d
rive,logon_script,profile_path,acct_desc,workstations,unknown_str,munged_dia
l,user_sid,group_sid,lm_pw,nt_pw,NULL,acct_ctrl,unknown_3,logon_divs,hours_l
en,bad_password_count,logon_count,unknown_6 FROM user WHERE username
'nua$'
                     61 Query       SELECT
logon_time,logoff_time,kickoff_time,pass_last_set_time,pass_can_change_time,
pass_must_change_time,username,domain,nt_username,nt_fullname,home_dir,dir_d
rive,logon_script,profile_path,acct_desc,workstations,unknown_str,munged_dia
l,user_sid,group_sid,lm_pw,nt_pw,NULL,acct_ctrl,unknown_3,logon_divs,hours_l
en,bad_password_count,logon_count,unknown_6 FROM user WHERE username
'NUA$'
                     61 Query       SELECT
logon_time,logoff_time,kickoff_time,pass_last_set_time,pass_can_change_time,
pass_must_change_time,username,domain,nt_username,nt_fullname,home_dir,dir_d
rive,logon_script,profile_path,acct_desc,workstations,unknown_str,munged_dia
l,user_sid,group_sid,lm_pw,nt_pw,NULL,acct_ctrl,unknown_3,logon_divs,hours_l
en,bad_password_count,logon_count,unknown_6 FROM user WHERE user_sid
'S-1-5-21-1839053707-3782651528-722872119-3004'
                     61 Query       SELECT
logon_time,logoff_time,kickoff_time,pass_last_set_time,pass_can_change_time,
pass_must_change_time,username,domain,nt_username,nt_fullname,home_dir,dir_d
rive,logon_script,profile_path,acct_desc,workstations,unknown_str,munged_dia
l,user_sid,group_sid,lm_pw,nt_pw,NULL,acct_ctrl,unknown_3,logon_divs,hours_l
en,bad_password_count,logon_count,unknown_6 FROM user WHERE user_sid
'S-1-5-21-1839053707-3782651528-722872119-3004'
                     61 Query       SELECT
logon_time,logoff_time,kickoff_time,pass_last_set_time,pass_can_change_time,
pass_must_change_time,username,domain,nt_username,nt_fullname,home_dir,dir_d
rive,logon_script,profile_path,acct_desc,workstations,unknown_str,munged_dia
l,user_sid,group_sid,lm_pw,nt_pw,NULL,acct_ctrl,unknown_3,logon_divs,hours_l
en,bad_password_count,logon_count,unknown_6 FROM user WHERE user_sid
'S-1-5-21-1839053707-3782651528-722872119-3004'
                     61 Query       UPDATE user SET acct_ctrl 128,logon_time =
0,logoff_time = 0,kickoff_time = 0,pass_can_change_time
1081823395,pass_must_change_time = 2147483647,pass_last_set_time
1081823395,hours_len = 21,logon_divs = 168,user_sid
'S-1-5-21-1839053707-3782651528-722872119-3004',group_sid
'S-1-5-21-1839053707-3782651528-722872119-515',username =
'nua$',domain 'SLAVEL.RU',nt_fullname = '123',lm_pw
'26396180C4512CF1AB0DE75D71872AD7',nt_pw
'AA76E19EAB5A2A5EC49F5FEF44D2D162' WHERE user_sid
'S-1-5-21-1839053707-3782651528-722872119-3004'

...the registering finished with success

...but after that mysql.log show me strange query: it's strange because
there's NO such user_sid at samba.user table:
mysql> select username,user_sid from user;
+----------+-----------------------------------------------+
| username | user_sid                                      |
+----------+-----------------------------------------------+
| nua      | S-1-5-21-1839053707-3782651528-722872119-3002 |
| nua$     | S-1-5-21-1839053707-3782651528-722872119-3004 |
| root     | S-1-5-21-1839053707-3782651528-722872119-1000 |
+----------+-----------------------------------------------+
3 rows in set (0.00 sec)

and this's that 'suspicious' query (WHERE user_sid
'S-1-5-21-1839053707-3782651528-722872119-501'):

040413 12:30:01      61 Query       SELECT
logon_time,logoff_time,kickoff_time,pass_last_set_time,pass_can_change_time,
pass_must_change_time,username,domain,nt_username,nt_fullname,home_dir,dir_d
rive,logon_script,profile_path,acct_desc,workstations,unknown_str,munged_dia
l,user_sid,group_sid,lm_pw,nt_pw,NULL,acct_ctrl,unknown_3,logon_divs,hours_l
en,bad_password_count,logon_count,unknown_6 FROM user WHERE user_sid
'S-1-5-21-1839053707-3782651528-722872119-501'
040413 12:30:02      61 Query       SELECT
logon_time,logoff_time,kickoff_time,pass_last_set_time,pass_can_change_time,
pass_must_change_time,username,domain,nt_username,nt_fullname,home_dir,dir_d
rive,logon_script,profile_path,acct_desc,workstations,unknown_str,munged_dia
l,user_sid,group_sid,lm_pw,nt_pw,NULL,acct_ctrl,unknown_3,logon_divs,hours_l
en,bad_password_count,logon_count,unknown_6 FROM user WHERE username
'NUA$'
                     61 Query       SELECT
logon_time,logoff_time,kickoff_time,pass_last_set_time,pass_can_change_time,
pass_must_change_time,username,domain,nt_username,nt_fullname,home_dir,dir_d
rive,logon_script,profile_path,acct_desc,workstations,unknown_str,munged_dia
l,user_sid,group_sid,lm_pw,nt_pw,NULL,acct_ctrl,unknown_3,logon_divs,hours_l
en,bad_password_count,logon_count,unknown_6 FROM user WHERE user_sid
'S-1-5-21-1839053707-3782651528-722872119-501'

...after rebooting of Windows (needed to change domain's membership) I see
exact query to samba.user so logon always fails

Any ideas?
------------------------
Best Regards,
Yuri Nosyrev                            mailto: nua at slavel.ru
Russia, Chita
Apparently Analagous Threads

Search for more reasonably related threads
samba - Apr 2004 - v3.0.2a: can't login into domain after switching to pdb_mysql

[Samba] v3.0.2a: can't login into domain after switching to pdb_mysql

Apparently Analagous Threads

Wisdom of the Ancients
