samba-users May 2010 archive
Main Archive Page > Month Archives  > samba-users archives
samba-users: [Samba] problems after upgrade from 3.3.2 to 3.4.0

[Samba] problems after upgrade from 3.3.2 to 3.4.0

From: Thomas Gutzler <thomas.gutzler_at_nospam>
Date: Wed May 26 2010 - 03:29:25 GMT
To: samba@lists.samba.org

Hi,

After upgrading one of my samba servers from ubuntu jaunty (3.3.2) to
karmic (3.4.0) I cannot access the shares any more.

The server (FINTLEWOODLEWIX) is set up to check authentication via a PDC
(IO), which is also running 3.4.0 (and has been before). Guest access is
allowed so that any users without a local unix account will be granted
read access. Valid users are allowed read/write.

After the upgrade I'm not able to connect to the share any more unless I
specifically use the guest account (nobody) and its password. When
trying to connect from a windows box (KRIKKIT), the logfile says the
following (smbd runs in -d3). It doesn't seem to matter if the user
(tom) has a local unix account or not:

[2010/05/26 11:00:17, 3] libsmb/namequery_dc.c:199(rpc_dc_name)
  rpc_dc_name: Returning DC IO (130.95.136.177) for domain OBEL
[2010/05/26 11:00:17, 3] libsmb/cliconnect.c:2031(cli_start_connection)
  Connecting to host=IO
[2010/05/26 11:00:17, 3] lib/util_sock.c:1025(open_socket_out_send)
  Connecting to 130.95.136.177 at port 445
[2010/05/26 11:00:17, 3] lib/util_sock.c:1025(open_socket_out_send)
  Connecting to 130.95.136.177 at port 139
[2010/05/26 11:00:17, 3] auth/auth.c:222(check_ntlm_password)
  check_ntlm_password: Checking password for unmapped user
[KRIKKIT]\[tom]@[KRIKKIT] with the new password interface
[2010/05/26 11:00:17, 3] auth/auth.c:225(check_ntlm_password)
  check_ntlm_password: mapped user is: [FINTLEWOODLEWIX]\[tom]@[KRIKKIT]
[2010/05/26 11:00:17, 3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/05/26 11:00:17, 3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/05/26 11:00:17, 3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/05/26 11:00:17, 3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/05/26 11:00:17, 3] auth/auth_sam.c:282(check_sam_security)
  check_sam_security: Couldn't find user 'tom' in passdb.
[2010/05/26 11:00:17, 3] auth/auth_winbind.c:54(check_winbind_security)
  check_winbind_security: Not using winbind, requested domain
[FINTLEWOODLEWIX] was for this SAM.
[2010/05/26 11:00:17, 2] auth/auth.c:320(check_ntlm_password)
  check_ntlm_password: Authentication for user [tom] -> [tom] FAILED
with error NT_STATUS_NO_SUCH_USER
[2010/05/26 11:00:17, 3] smbd/error.c:60(error_packet_set)
  error packet at smbd/sesssetup.c(122) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE

The same user can directly connect to IO with not problems. Sending
"OBEL\tom" as user instead gives the following error:
[2010/05/26 11:08:17, 3] auth/auth.c:222(check_ntlm_password)
  check_ntlm_password: Checking password for unmapped user
[OBEL]\[tom]@[KRIKKIT] with the new password interface
[2010/05/26 11:08:17, 3] auth/auth.c:225(check_ntlm_password)
  check_ntlm_password: mapped user is: [FINTLEWOODLEWIX]\[tom]@[KRIKKIT]
[2010/05/26 11:08:17, 3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/05/26 11:08:17, 3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/05/26 11:08:17, 3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/05/26 11:08:17, 3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2010/05/26 11:08:17, 3] auth/auth_sam.c:282(check_sam_security)
  check_sam_security: Couldn't find user 'tom' in passdb.
[2010/05/26 11:08:17, 3] auth/auth_winbind.c:54(check_winbind_security)
  check_winbind_security: Not using winbind, requested domain
[FINTLEWOODLEWIX] was for this SAM.
[2010/05/26 11:08:17, 2] auth/auth.c:320(check_ntlm_password)
  check_ntlm_password: Authentication for user [tom] -> [tom] FAILED
with error NT_STATUS_NO_SUCH_USER
[2010/05/26 11:08:17, 3] smbd/error.c:60(error_packet_set)
  error packet at smbd/sesssetup.c(122) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE

Here is the output from testparm:
Load smb config files from /etc/samba/smb.conf
rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
Processing section "[data]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

[global]
        workgroup = OBEL
        server string = %h file server
        security = DOMAIN
        map to guest = Bad Uid
        password server = 130.95.136.177
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        dns proxy = No
        panic action = /usr/share/samba/panic-action %d
        invalid users = root

[data]
        comment = valuable not backed up research data
        path = /home/fintlewoodlewix/data
        read only = No
        create mask = 0644
        force create mode = 0644
        force directory mode = 0755
        guest ok = Yes

I also set guest account = nobody in the global section which isn't
listed by testparm; maybe because it's the default.

net rpc testjoin reports: Join to 'OBEL' is OK

pdbedit -L only shows the 'nobody' account

Any suggestions how to fix this?

Cheers,
  Tom
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba