Mark Redding
2007-Mar-26 15:10 UTC
[Samba] Upgrade 3.0.10 to 3.0.24 on RHEL4 - NT_STATUS_LOGON_FAILURE
Hi all, I'm having a problem with an upgrade of Samba running on a Redhat4 Update 4 system. The default installation provides only 3.0.10 which doesn't include the privilege model or a number of fixes including some in 3.0.21a and 3.0.23 which it looks like we'll need. The system runs in PDC mode with user accounts in an ldap database. On a test system which I'm using to replicate the problem I've stripped all the ldap security stuff back on the principle that simple is best at least for troubleshooting. We are using the 3.0.24 rpms from http://ftp.sernet.de/pub/samba/rhel/rhel4-i386/ although a compiled from source version of 3.0.24 exhibits the same problems. After the upgrade the services start fine however I can't connect to the domain from a client machine. To test I've been using smbclient like so: [root@eddie ~]# smbclient -L localhost Password: session setup failed: NT_STATUS_LOGON_FAILURE [root@eddie ~]# I've been through the changelog a couple of times and I believe my settings (see group mapping below) should be alright. The set up works fine with 3.0.10 it works fine but as soon as I upgrade I lose the domain. Many Thanks for your help and apologies for the long email. Regards Mark Debug information - My configuration file: [global] workgroup = KCS server string = KCS Domain Controller netbios name = eddie netbios aliases = george time server = yes log level = 2 passdb:5 auth:10 winbind:2 printcap name = /etc/printcap load printers = yes cups options = raw log file = /var/log/samba/%m.log max log size = 5000 security = user encrypt passwords = yes passdb backend = ldapsam:"ldap://localhost ldap://harry.kcs.cambs.sch.uk" ldap admin dn = cn=Directory Manager ldap suffix = dc=kcs,dc=cambs,dc=sch,dc=uk ldap user suffix = ou=People ldap machine suffix = ou=Computers ldap group suffix = ou=Groups # ldap ssl = start_tls ldap delete dn = yes obey pam restrictions = yes add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%m" add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u" delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u" add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g" delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g" add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g%" delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u" ldap passwd sync = yes username map = /etc/samba/smbusers socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = yes os level = 65 domain master = yes preferred master = yes domain logons = yes logon script = logon.bat logon path = \\%L\netlogon logon drive = S: logon home = \\eddie\%U browseable = no strict locking = yes wins support = yes dns proxy = no idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind use default domain = no My samba log file: [2007/03/26 15:30:46, 5] auth/auth_util.c:make_user_info_map(161) make_user_info_map: Mapping user [KCS]\[root] from workstation [EDDIE] [2007/03/26 15:30:46, 5] auth/auth_util.c:is_trusted_domain(2020) is_trusted_domain: Checking for domain trust with [KCS] [2007/03/26 15:30:46, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(340) secrets_fetch failed! [2007/03/26 15:30:46, 5] auth/auth_util.c:make_user_info(75) attempting to make a user_info for root (root) [2007/03/26 15:30:46, 5] auth/auth_util.c:make_user_info(85) making strings for root's user_info struct [2007/03/26 15:30:46, 5] auth/auth_util.c:make_user_info(117) making blobs for root's user_info struct [2007/03/26 15:30:46, 10] auth/auth_util.c:make_user_info(135) made an encrypted user_info for root (root) [2007/03/26 15:30:46, 3] auth/auth.c:check_ntlm_password(221) check_ntlm_password: Checking password for unmapped user [KCS]\[root]@[EDDIE] with the new password interface [2007/03/26 15:30:46, 3] auth/auth.c:check_ntlm_password(224) check_ntlm_password: mapped user is: [KCS]\[root]@[EDDIE] [2007/03/26 15:30:46, 10] auth/auth.c:check_ntlm_password(233) check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) [2007/03/26 15:30:46, 10] auth/auth.c:check_ntlm_password(235) challenge is: [2007/03/26 15:30:46, 10] auth/auth.c:check_ntlm_password(261) check_ntlm_password: guest had nothing to say [2007/03/26 15:30:46, 2] lib/smbldap.c:smbldap_open_connection(788) smbldap_open_connection: connection opened [2007/03/26 15:30:46, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541) init_sam_from_ldap: Entry found for user: root [2007/03/26 15:30:46, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140) init_group_from_ldap: Entry found for group: 513 [2007/03/26 15:30:46, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1480) lookup_global_sam_rid: looking up RID 513. [2007/03/26 15:30:46, 4] passdb/pdb_ldap.c:ldapsam_getsampwsid(1491) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-3942376556-572954482-4204431875-513] count=0 [2007/03/26 15:30:46, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140) init_group_from_ldap: Entry found for group: 513 [2007/03/26 15:30:46, 5] passdb/pdb_interface.c:pdb_default_lookup_rids(1601) lookup_rids: Domain Users:2 [2007/03/26 15:30:46, 4] libsmb/ntlm_check.c:ntlm_password_check(326) ntlm_password_check: Checking NT MD4 password [2007/03/26 15:30:46, 4] auth/auth_sam.c:sam_account_ok(138) sam_account_ok: Checking SMB password for user root [2007/03/26 15:30:46, 5] auth/auth_sam.c:logon_hours_ok(120) logon_hours_ok: user root allowed to logon at this time (Mon Mar 26 14:30:46 2007 ) [2007/03/26 15:30:46, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217) ldapsam_getgroup: Did not find group [2007/03/26 15:30:46, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217) ldapsam_getgroup: Did not find group [2007/03/26 15:30:46, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217) ldapsam_getgroup: Did not find group [2007/03/26 15:30:46, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217) ldapsam_getgroup: Did not find group [2007/03/26 15:30:46, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217) ldapsam_getgroup: Did not find group [2007/03/26 15:30:46, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217) ldapsam_getgroup: Did not find group [2007/03/26 15:30:46, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217) ldapsam_getgroup: Did not find group [2007/03/26 15:30:46, 5] auth/auth_util.c:make_server_info_sam(625) make_server_info_sam: made server info for user root -> root [2007/03/26 15:30:46, 3] auth/auth.c:check_ntlm_password(270) check_ntlm_password: sam authentication for user [root] succeeded [2007/03/26 15:30:46, 4] auth/pampass.c:smb_pam_start(459) smb_pam_start: PAM: Init user: root [2007/03/26 15:30:46, 4] auth/pampass.c:smb_pam_start(476) smb_pam_start: PAM: setting rhost to: 127.0.0.1 [2007/03/26 15:30:46, 4] auth/pampass.c:smb_pam_start(485) smb_pam_start: PAM: setting tty [2007/03/26 15:30:46, 4] auth/pampass.c:smb_pam_start(493) smb_pam_start: PAM: Init passed for user: root [2007/03/26 15:30:46, 4] auth/pampass.c:smb_pam_account(551) smb_pam_account: PAM: Account Management for User: root [2007/03/26 15:30:46, 4] auth/pampass.c:smb_pam_account(570) smb_pam_account: PAM: Account OK for User: root [2007/03/26 15:30:46, 4] auth/pampass.c:smb_pam_end(440) smb_pam_end: PAM: PAM_END OK. [2007/03/26 15:30:46, 5] auth/auth.c:check_ntlm_password(296) check_ntlm_password: PAM Account for user [root] succeeded [2007/03/26 15:30:46, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [root] -> [root] -> [root] succeeded [2007/03/26 15:30:46, 5] auth/auth_util.c:free_user_info(1867) attempting to free (and zero) a user_info structure [2007/03/26 15:30:46, 10] auth/auth_util.c:free_user_info(1871) structure was created for root [2007/03/26 15:30:46, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217) ldapsam_getgroup: Did not find group [2007/03/26 15:30:46, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217) ldapsam_getgroup: Did not find group [2007/03/26 15:30:46, 10] auth/auth_util.c:create_local_token(1023) Could not convert SID S-1-1-0 to gid, ignoring it [2007/03/26 15:30:46, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217) ldapsam_getgroup: Did not find group [2007/03/26 15:30:46, 10] auth/auth_util.c:create_local_token(1023) Could not convert SID S-1-5-2 to gid, ignoring it [2007/03/26 15:30:46, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217) ldapsam_getgroup: Did not find group [2007/03/26 15:30:46, 10] auth/auth_util.c:create_local_token(1023) Could not convert SID S-1-5-11 to gid, ignoring it [2007/03/26 15:30:46, 10] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-3942376556-572954482-4204431875-1000 contains 13 SIDs SID[ 0]: S-1-5-21-3942376556-572954482-4204431875-1000 SID[ 1]: S-1-5-21-3942376556-572954482-4204431875-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-0 SID[ 6]: S-1-22-2-1 SID[ 7]: S-1-22-2-2 SID[ 8]: S-1-22-2-3 SID[ 9]: S-1-22-2-4 SID[ 10]: S-1-22-2-6 SID[ 11]: S-1-22-2-10 SID[ 12]: S-1-22-2-513 SE_PRIV 0x0 0x0 0x0 0x0 [2007/03/26 15:30:46, 4] auth/pampass.c:smb_pam_start(459) smb_pam_start: PAM: Init user: root [2007/03/26 15:30:46, 4] auth/pampass.c:smb_pam_start(476) smb_pam_start: PAM: setting rhost to: 127.0.0.1 [2007/03/26 15:30:46, 4] auth/pampass.c:smb_pam_start(485) smb_pam_start: PAM: setting tty [2007/03/26 15:30:46, 4] auth/pampass.c:smb_pam_start(493) smb_pam_start: PAM: Init passed for user: root [2007/03/26 15:30:46, 4] auth/pampass.c:smb_internal_pam_session(630) smb_internal_pam_session: PAM: tty set to: smb/5302/101 [2007/03/26 15:30:46, 0] auth/pampass.c:smb_pam_error_handler(73) smb_pam_error_handler: PAM: session setup failed : System error [2007/03/26 15:30:46, 4] auth/pampass.c:smb_pam_end(440) smb_pam_end: PAM: PAM_END OK. [2007/03/26 15:30:46, 1] smbd/session.c:session_claim(134) pam_session rejected the session for root [smb/5302/101] [2007/03/26 15:30:46, 1] smbd/password.c:register_vuid(310) Failed to claim session for vuid=101 Group mapping : [root@eddie ~]# net groupmap list Domain Computers (S-1-5-21-3942376556-572954482-4204431875-515) -> Domain Computers Administrators (S-1-5-32-544) -> Administrators Account Operators (S-1-5-32-548) -> Account Operators Print Operators (S-1-5-32-550) -> Print Operators Backup Operators (S-1-5-32-551) -> Backup Operators Replicators (S-1-5-32-552) -> Replicators pupils (S-1-5-21-3942376556-572954482-4204431875-3003) -> pupils rec (S-1-5-21-3942376556-572954482-4204431875-3005) -> rec staff (S-1-5-21-3942376556-572954482-4204431875-3011) -> staff Domain Admins (S-1-5-21-3942376556-572954482-4204431875-512) -> Domain Admins Domain Users (S-1-5-21-3942376556-572954482-4204431875-513) -> Domain Users Domain Guests (S-1-5-21-3942376556-572954482-4204431875-514) -> Domain Guests
Mark Redding
2007-Apr-03 13:04 UTC
[Samba] Upgrade 3.0.10 to 3.0.24 on RHEL4 - NT_STATUS_LOGON_FAILURE - FIXED
Hi Again, I finally tracked this down to the "obey pam restrictions = yes" directive. With no other changes to the system whatsoever removing this line from the config makes the new version run. I've looked through the change logs as carefully as I can and I can't see any mention of a change in the behaviour of this directive. The PAM setup is the default RHEL setup apart from having ldap authentication setup using authconfig but I don't believe this will have touched the Samba PAM configuration. Anyway hope this helps someone else. Regards, Mark Redding. -----Original Message----- From: samba-bounces+mark.redding=linuxit.com@lists.samba.org [mailto:samba-bounces+mark.redding=linuxit.com@lists.samba.org] On Behalf Of Mark Redding Sent: 26 March 2007 15:43 To: samba@samba.org Subject: [Samba] Upgrade 3.0.10 to 3.0.24 on RHEL4 - NT_STATUS_LOGON_FAILURE Hi all, I'm having a problem with an upgrade of Samba running on a Redhat4 Update 4 system. The default installation provides only 3.0.10 which doesn't include the privilege model or a number of fixes including some in 3.0.21a and 3.0.23 which it looks like we'll need. The system runs in PDC mode with user accounts in an ldap database. On a test system which I'm using to replicate the problem I've stripped all the ldap security stuff back on the principle that simple is best at least for troubleshooting. We are using the 3.0.24 rpms from http://ftp.sernet.de/pub/samba/rhel/rhel4-i386/ although a compiled from source version of 3.0.24 exhibits the same problems. After the upgrade the services start fine however I can't connect to the domain from a client machine. To test I've been using smbclient like so: [root@eddie ~]# smbclient -L localhost Password: session setup failed: NT_STATUS_LOGON_FAILURE [root@eddie ~]# I've been through the changelog a couple of times and I believe my settings (see group mapping below) should be alright. The set up works fine with 3.0.10 it works fine but as soon as I upgrade I lose the domain. Many Thanks for your help and apologies for the long email. Regards Mark Debug information - My configuration file: [global] workgroup = KCS server string = KCS Domain Controller netbios name = eddie netbios aliases = george time server = yes log level = 2 passdb:5 auth:10 winbind:2 printcap name = /etc/printcap load printers = yes cups options = raw log file = /var/log/samba/%m.log max log size = 5000 security = user encrypt passwords = yes passdb backend = ldapsam:"ldap://localhost ldap://harry.kcs.cambs.sch.uk" ldap admin dn = cn=Directory Manager ldap suffix = dc=kcs,dc=cambs,dc=sch,dc=uk ldap user suffix = ou=People ldap machine suffix = ou=Computers ldap group suffix = ou=Groups # ldap ssl = start_tls ldap delete dn = yes obey pam restrictions = yes add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%m" add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u" delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u" add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g" delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g" add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g%" delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u" ldap passwd sync = yes username map = /etc/samba/smbusers socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = yes os level = 65 domain master = yes preferred master = yes domain logons = yes logon script = logon.bat logon path = \\%L\netlogon logon drive = S: logon home = \\eddie\%U browseable = no strict locking = yes wins support = yes dns proxy = no idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind use default domain = no My samba log file: [2007/03/26 15:30:46, 5] auth/auth_util.c:make_user_info_map(161) make_user_info_map: Mapping user [KCS]\[root] from workstation [EDDIE] [2007/03/26 15:30:46, 5] auth/auth_util.c:is_trusted_domain(2020) is_trusted_domain: Checking for domain trust with [KCS] [2007/03/26 15:30:46, 5] passdb/secrets.c:secrets_fetch_trusted_domain_password(340) secrets_fetch failed! [2007/03/26 15:30:46, 5] auth/auth_util.c:make_user_info(75) attempting to make a user_info for root (root) [2007/03/26 15:30:46, 5] auth/auth_util.c:make_user_info(85) making strings for root's user_info struct [2007/03/26 15:30:46, 5] auth/auth_util.c:make_user_info(117) making blobs for root's user_info struct [2007/03/26 15:30:46, 10] auth/auth_util.c:make_user_info(135) made an encrypted user_info for root (root) [2007/03/26 15:30:46, 3] auth/auth.c:check_ntlm_password(221) check_ntlm_password: Checking password for unmapped user [KCS]\[root]@[EDDIE] with the new password interface [2007/03/26 15:30:46, 3] auth/auth.c:check_ntlm_password(224) check_ntlm_password: mapped user is: [KCS]\[root]@[EDDIE] [2007/03/26 15:30:46, 10] auth/auth.c:check_ntlm_password(233) check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) [2007/03/26 15:30:46, 10] auth/auth.c:check_ntlm_password(235) challenge is: [2007/03/26 15:30:46, 10] auth/auth.c:check_ntlm_password(261) check_ntlm_password: guest had nothing to say [2007/03/26 15:30:46, 2] lib/smbldap.c:smbldap_open_connection(788) smbldap_open_connection: connection opened [2007/03/26 15:30:46, 2] passdb/pdb_ldap.c:init_sam_from_ldap(541) init_sam_from_ldap: Entry found for user: root [2007/03/26 15:30:46, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140) init_group_from_ldap: Entry found for group: 513 [2007/03/26 15:30:46, 5] passdb/pdb_interface.c:lookup_global_sam_rid(1480) lookup_global_sam_rid: looking up RID 513. [2007/03/26 15:30:46, 4] passdb/pdb_ldap.c:ldapsam_getsampwsid(1491) ldapsam_getsampwsid: Unable to locate SID [S-1-5-21-3942376556-572954482-4204431875-513] count=0 [2007/03/26 15:30:46, 2] passdb/pdb_ldap.c:init_group_from_ldap(2140) init_group_from_ldap: Entry found for group: 513 [2007/03/26 15:30:46, 5] passdb/pdb_interface.c:pdb_default_lookup_rids(1601) lookup_rids: Domain Users:2 [2007/03/26 15:30:46, 4] libsmb/ntlm_check.c:ntlm_password_check(326) ntlm_password_check: Checking NT MD4 password [2007/03/26 15:30:46, 4] auth/auth_sam.c:sam_account_ok(138) sam_account_ok: Checking SMB password for user root [2007/03/26 15:30:46, 5] auth/auth_sam.c:logon_hours_ok(120) logon_hours_ok: user root allowed to logon at this time (Mon Mar 26 14:30:46 2007 ) [2007/03/26 15:30:46, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217) ldapsam_getgroup: Did not find group [2007/03/26 15:30:46, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217) ldapsam_getgroup: Did not find group [2007/03/26 15:30:46, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217) ldapsam_getgroup: Did not find group [2007/03/26 15:30:46, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217) ldapsam_getgroup: Did not find group [2007/03/26 15:30:46, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217) ldapsam_getgroup: Did not find group [2007/03/26 15:30:46, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217) ldapsam_getgroup: Did not find group [2007/03/26 15:30:46, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217) ldapsam_getgroup: Did not find group [2007/03/26 15:30:46, 5] auth/auth_util.c:make_server_info_sam(625) make_server_info_sam: made server info for user root -> root [2007/03/26 15:30:46, 3] auth/auth.c:check_ntlm_password(270) check_ntlm_password: sam authentication for user [root] succeeded [2007/03/26 15:30:46, 4] auth/pampass.c:smb_pam_start(459) smb_pam_start: PAM: Init user: root [2007/03/26 15:30:46, 4] auth/pampass.c:smb_pam_start(476) smb_pam_start: PAM: setting rhost to: 127.0.0.1 [2007/03/26 15:30:46, 4] auth/pampass.c:smb_pam_start(485) smb_pam_start: PAM: setting tty [2007/03/26 15:30:46, 4] auth/pampass.c:smb_pam_start(493) smb_pam_start: PAM: Init passed for user: root [2007/03/26 15:30:46, 4] auth/pampass.c:smb_pam_account(551) smb_pam_account: PAM: Account Management for User: root [2007/03/26 15:30:46, 4] auth/pampass.c:smb_pam_account(570) smb_pam_account: PAM: Account OK for User: root [2007/03/26 15:30:46, 4] auth/pampass.c:smb_pam_end(440) smb_pam_end: PAM: PAM_END OK. [2007/03/26 15:30:46, 5] auth/auth.c:check_ntlm_password(296) check_ntlm_password: PAM Account for user [root] succeeded [2007/03/26 15:30:46, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [root] -> [root] -> [root] succeeded [2007/03/26 15:30:46, 5] auth/auth_util.c:free_user_info(1867) attempting to free (and zero) a user_info structure [2007/03/26 15:30:46, 10] auth/auth_util.c:free_user_info(1871) structure was created for root [2007/03/26 15:30:46, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217) ldapsam_getgroup: Did not find group [2007/03/26 15:30:46, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217) ldapsam_getgroup: Did not find group [2007/03/26 15:30:46, 10] auth/auth_util.c:create_local_token(1023) Could not convert SID S-1-1-0 to gid, ignoring it [2007/03/26 15:30:46, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217) ldapsam_getgroup: Did not find group [2007/03/26 15:30:46, 10] auth/auth_util.c:create_local_token(1023) Could not convert SID S-1-5-2 to gid, ignoring it [2007/03/26 15:30:46, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217) ldapsam_getgroup: Did not find group [2007/03/26 15:30:46, 10] auth/auth_util.c:create_local_token(1023) Could not convert SID S-1-5-11 to gid, ignoring it [2007/03/26 15:30:46, 10] auth/auth_util.c:debug_nt_user_token(454) NT user token of user S-1-5-21-3942376556-572954482-4204431875-1000 contains 13 SIDs SID[ 0]: S-1-5-21-3942376556-572954482-4204431875-1000 SID[ 1]: S-1-5-21-3942376556-572954482-4204431875-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-22-2-0 SID[ 6]: S-1-22-2-1 SID[ 7]: S-1-22-2-2 SID[ 8]: S-1-22-2-3 SID[ 9]: S-1-22-2-4 SID[ 10]: S-1-22-2-6 SID[ 11]: S-1-22-2-10 SID[ 12]: S-1-22-2-513 SE_PRIV 0x0 0x0 0x0 0x0 [2007/03/26 15:30:46, 4] auth/pampass.c:smb_pam_start(459) smb_pam_start: PAM: Init user: root [2007/03/26 15:30:46, 4] auth/pampass.c:smb_pam_start(476) smb_pam_start: PAM: setting rhost to: 127.0.0.1 [2007/03/26 15:30:46, 4] auth/pampass.c:smb_pam_start(485) smb_pam_start: PAM: setting tty [2007/03/26 15:30:46, 4] auth/pampass.c:smb_pam_start(493) smb_pam_start: PAM: Init passed for user: root [2007/03/26 15:30:46, 4] auth/pampass.c:smb_internal_pam_session(630) smb_internal_pam_session: PAM: tty set to: smb/5302/101 [2007/03/26 15:30:46, 0] auth/pampass.c:smb_pam_error_handler(73) smb_pam_error_handler: PAM: session setup failed : System error [2007/03/26 15:30:46, 4] auth/pampass.c:smb_pam_end(440) smb_pam_end: PAM: PAM_END OK. [2007/03/26 15:30:46, 1] smbd/session.c:session_claim(134) pam_session rejected the session for root [smb/5302/101] [2007/03/26 15:30:46, 1] smbd/password.c:register_vuid(310) Failed to claim session for vuid=101 Group mapping : [root@eddie ~]# net groupmap list Domain Computers (S-1-5-21-3942376556-572954482-4204431875-515) -> Domain Computers Administrators (S-1-5-32-544) -> Administrators Account Operators (S-1-5-32-548) -> Account Operators Print Operators (S-1-5-32-550) -> Print Operators Backup Operators (S-1-5-32-551) -> Backup Operators Replicators (S-1-5-32-552) -> Replicators pupils (S-1-5-21-3942376556-572954482-4204431875-3003) -> pupils rec (S-1-5-21-3942376556-572954482-4204431875-3005) -> rec staff (S-1-5-21-3942376556-572954482-4204431875-3011) -> staff Domain Admins (S-1-5-21-3942376556-572954482-4204431875-512) -> Domain Admins Domain Users (S-1-5-21-3942376556-572954482-4204431875-513) -> Domain Users Domain Guests (S-1-5-21-3942376556-572954482-4204431875-514) -> Domain Guests -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba