Hello-- I upgraded my RH9 samba PDC server from 3.0.9pre3 to 3.0.11 using packaged RH9 rpm from samba site, using rpm -U samba*rpm. no complaints from rpm. samba stops/starts fine. However, clients can no longer log in to domain. All clients (W2k,XP) get the same error message "The system could not log you on,...etc". clients can mount samba shares, however. I saved a copy of /etc/samba before the upgrade, and copied old secrets.tdb & smbpasswd to /etc/samba/., but this made no difference, I still have no domain control. Im at a loss to where to go next and this will really be a drag tommorrow when everyone comes in to work if I cant get domain control working again thanks---
Hello-- I upgraded my RH9 samba PDC server from 3.0.9pre3 to 3.0.11 using packaged RH9 rpm from samba site, using rpm -U samba*rpm. no complaints from rpm. samba stops/starts fine. However, clients can no longer log in to domain. All clients (W2k,XP) get the same error message "The system could not log you on,...etc". clients can mount samba shares, however. I saved a copy of /etc/samba before the upgrade, and copied old secrets.tdb & smbpasswd to /etc/samba/., but this made no difference, I still have no domain control. Im at a loss to where to go next and this will really be a drag tommorrow when everyone comes in to work if I cant get domain control working again thanks---
I have determined that members of the root group can logon to domain, no problem. If you are not a member of the unix root group, you are sol... file permissions somewhere not right? please, i dont want to have to add all my users to root group before tomorrow morning ;-) g Gordon Russell wrote:> Hello-- > > I upgraded my RH9 samba PDC server from 3.0.9pre3 to 3.0.11 using > packaged RH9 rpm from samba site, using rpm -U samba*rpm. > > no complaints from rpm. samba stops/starts fine. However, clients can > no longer log in to domain. All clients (W2k,XP) get the same error > message "The system could not log you on,...etc". > clients can mount samba shares, however. > > I saved a copy of /etc/samba before the upgrade, and copied old > secrets.tdb & smbpasswd to /etc/samba/., but this made no difference, I > still have no domain control. Im at a loss to where to go next and this > will really be a drag tommorrow when everyone comes in to work if I cant > get domain control working again > > thanks--- >
Gerald (Jerry) Carter
2005-Feb-09 01:37 UTC
[Samba] Re: upgrade to 3.0.11, lost domain control
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 8 Feb 2005, Gordon Russell wrote:> I have determined that members of the root group can logon to domain, no > problem. If you are not a member of the unix root group, you are sol... > file permissions somewhere not right? please, i dont want to have to > add all my users to root group before tomorrow morning ;-) gI would look for name resolution issues. Perhaps you have a bad wins.dat. Also get a level 10 debug log from smbd and `grep NT_STATUS log.smbd | grep -v OK`. Then locate any messages in the log file such as ACCESS_DENIED, NONE_MAPPED, etc... cheers, jerry ====================================================================Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFCCWlHIR7qMdg1EfYRAjDAAKDxPQzy5GxsmYL1f2wQPdMzc5ZNpQCcCGyt GEHebWqipITMq40fdgxiSQE=LPx3 -----END PGP SIGNATURE-----
Gerald (Jerry) Carter wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tue, 8 Feb 2005, Gordon Russell wrote: > > >>I have determined that members of the root group can logon to domain, no >>problem. If you are not a member of the unix root group, you are sol... >>file permissions somewhere not right? please, i dont want to have to >>add all my users to root group before tomorrow morning ;-) g > > > I would look for name resolution issues. Perhaps you have a bad wins.dat. > Also get a level 10 debug log from smbd and `grep NT_STATUS log.smbd | > grep -v OK`. Then locate any messages in the log file such as > ACCESS_DENIED, NONE_MAPPED, etc... >I had upped the debug level to 3 and started seeing NT_STATUS_WRONG_PASSWORD errors when users were failing to log in. I reset those users passwords in smbpasswd and passwd and everything works fine. At this point I have about 6 out of 50+ users whose passwords seem to have been corrupted for some reason. -- the root group logon was a red herring. As usual, thanks for the quick responses and great work gordon