JJunge@paritaet-th.de
2005-Jan-14 07:31 UTC
[Samba] Migration PDC from Samba 2.2.8a to 3.0.9 -> Error NT_STATUS_WRONG_PASSWORD
Hello im trying to migrate from Samba 2.2.8a to 3.0.9. The Server is a PDC using ldap and winbind. I used the convertSambaAccount script to convert the ldap schema from old to new. I shut down the old smb server and started the new one. The share one the new server are accessible from my still running W2k machine. If I start another machine und log in as a user, that was logged in before from this machine, everything is fine too. But if i try to log in as User, that was not logged in from that machine before the user can not be authenticated. (Error NT_STATUS_WRONG_PASSWORD, see log) (The registry on my machines is configurated, to keep the registry settings from the last user. So I think the last logged in user ist authenticated through the cached registry) Why can't I authenticate the user towards the PDC? Cheers JJ Machine log: ---snip--- [2005/01/14 07:02:06, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/01/14 07:02:06, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/01/14 07:02:06, 2] lib/access.c:check_access(324) Allowed connection from (172.30.0.101) [2005/01/14 07:02:14, 2] lib/access.c:check_access(324) Allowed connection from (172.30.0.101) [2005/01/14 07:02:14, 2] rpc_parse/parse_prs.c:netsec_decode(1585) netsec_decode: FAILED: packet sequence number: [2005/01/14 07:02:14, 2] lib/util.c:dump_data(1977) [000] 23 47 9E 7C DA 18 69 4E #G.|..iN [2005/01/14 07:02:14, 2] rpc_parse/parse_prs.c:netsec_decode(1587) should be: [2005/01/14 07:02:14, 2] lib/util.c:dump_data(1977) [000] 00 00 00 00 80 00 00 00 ........ [2005/01/14 07:02:14, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) init_sam_from_ldap: Entry found for user: p220fdie$ [2005/01/14 07:02:14, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511) init_sam_from_ldap: Entry found for user: adminneu [2005/01/14 07:02:14, 2] passdb/pdb_ldap.c:init_ldap_from_sam(893) init_ldap_from_sam: Setting entry for user: adminneu [2005/01/14 07:02:14, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [adminneu] -> [adminneu] FAILED with error NT_STATUS_WRONG_PASSWORD [2005/01/14 07:03:12, 2] smbd/server.c:exit_server(571) Closing connections ---/snip--- smb.conf ---snip--- ########################################################################### # # /etc/smb.conf # ########################################################################### [global] # # Basic Server Settings # netbios name = linux workgroup = paritaet-th server string = Paritaet Thueringen Srv (PDC %v) # # PDC and master browser settings # os level = 250 wins support = yes local master = yes preferred master = yes domain master = yes name resolve order = wins host bcast # # LDAP # ldap suffix = dc=paritaet-th,dc=de ldap admin dn = cn=Manager,dc=paritaet-th,dc=de passdb backend = ldapsam:ldap://127.0.0.1/ ldap group suffix = ou=groups ldap user suffix = ou=users ldap machine suffix = ou=computers ldap ssl = off ldap delete dn = Yes add machine script = /usr/local/sbin/smbldap-useradd -w "%U" add user script = /usr/local/sbin/smbldap-useradd -m "%U" #delete user script = /usr/local/sbin/smbldap-userdel "%U" add machine script = /usr/local/sbin/smbldap-useradd -w "%U" add group script = /usr/local/sbin/smbldap-groupadd -p "%g" #delete group script = /usr/local/sbin/smbldap-groupdel "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m "%U" "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%U" "%g" set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%U" # # Security # security = user encrypt passwords = yes domain logons = yes hosts allow = 127.0.0.1 172.30.0.0/255.255.0.0 172.29.0.0/255.255.0.0 # # Log # syslog = 0 log level = 2 # log file = /var/log/samba/log log file = /var/log/samba/log.%m max log size = 100 # # Password # unix password sync = yes min password length = 4 passwd program = /usr/local/sbin/smbldap-passwd.pl %U passwd chat = *password* %n\n *password* %n\n *uccessfull* # # User Profiles and home directory # logon home = \\linux\%U logon drive = W: logon script = netlogon.bat # # General Printer # load printers = yes printing = cups printcap = cups printer admin = @smbadmin # # Server Options # time server = yes map archive = no map hidden = no map system = no # # Char Set # Dos charset = 850 Unix charset = ISO8859-1 ########################################################################### # # Special Shares (home netlogon printers) # ########################################################################### ---/snip--- ----------------------------------------------------------------------------------------------- J?rg Junge IT-Koordinator Parit?tischer Wohlfahrtsverband Landesverband Th?ringen e.V. Bergstr. 11 99192 Neudietendorf Deutschland Tel : +49 36202 26 204 Fax: +49 36202 26 234 http://www.paritaet-th.de