75756 – Samba quit allowing NT4 Domain style logins after update

Bug 75756 - Samba quit allowing NT4 Domain style logins after update

Summary: Samba quit allowing NT4 Domain style logins after update

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	x86 Linux

Importance:	High normal (vote)
Assignee:	Gentoo's SAMBA Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2004-12-26 22:39 UTC by Nick Ellson
Modified:	2004-12-28 09:18 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Nick Ellson 2004-12-26 22:39:01 UTC

I have had a simple file sharing Samba config that acted as a Domain Member server to my W2K domain controller. I did a long over due "emerge -uDav --newuse world" and made sure my smb.conf and such did not get over written. Samba starts, but I only get this trying to connect to my shares from a windows XP system.

[2004/12/26 22:24:12, 0] auth/auth_util.c:make_server_info_info3(1134)
  make_server_info_info3: pdb_init_sam failed!
[2004/12/26 22:24:23, 0] auth/auth_util.c:make_server_info_info3(1134)
  make_server_info_info3: pdb_init_sam failed!
[2004/12/26 22:24:25, 0] auth/auth_util.c:make_server_info_info3(1134)
  make_server_info_info3: pdb_init_sam failed!

I am still able to joing the domain from Samba:

goonie private # net join --server=wubbleu --workgroup=home --user=nick
Password:
Joined domain HOME.

And I am unable to see why this is broken?


Reproducible: Always
Steps to Reproduce:
1. I am uncertain how to lists the steps, I do not know what broke it. But you simply try to map a drive using domain credentials from a Windows PC. In my case: \\goonie\share using "home\nick" which maps to the local user "grimm"
2.
3.

Actual Results:  
I get the login box back asking for new credentials, over and over. And I get 
the log lines shown above in the /var/log/samba/<machine name>.log

Expected Results:  
I should have seen the share open on my screen in a file browser.

goonie samba # emerge info
Portage 2.0.51-r8 (default-linux/x86/2004.0, gcc-3.3.4, glibc-2.3.4.20041102-
r0, 2.6.7-gentoo-r8 i686)
=================================================================
System uname: 2.6.7-gentoo-r8 i686 AMD Athlon(tm) XP 2000+
Gentoo Base System version 1.6.8
Python:              dev-lang/python-2.2.3-r1,dev-lang/python-2.3.4 [2.3.4 (#1, 
Dec 26 2004, 10:52:09)]
dev-lang/python:     2.2.3-r1, 2.3.4
sys-devel/autoconf:  2.59-r6, 2.13
sys-devel/automake:  1.8.5-r2, 1.5, 1.4_p6, 1.6.3, 1.7.9, 1.9.3
sys-devel/binutils:  2.15.92.0.2-r1, 2.15.92.0.2-r2
sys-devel/libtool:   1.5.10-r2
virtual/os-headers:  2.6.8.1-r1
ACCEPT_KEYWORDS="x86 ~x86"
AUTOCLEAN="yes"
CFLAGS="-O2 -march=athlon-xp"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /opt/glftpd/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/con
fig /usr/kde/3.1/share/config /usr/kde/3.2/share/config /usr/kde/3/share/config 
/usr/lib/mozilla/defaults/pref /usr/share/config /var/bind /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -march=athlon-xp"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs autoconfig candy ccache distlocks sandbox sfperms"
GENTOO_MIRRORS="http://gentoo.ccccom.com http://mirrors.tds.net/gentoo 
ftp://mirrors.tds.net/gentoo ftp://gentoo.ccccom.com http://gentoo.ccccom.com"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="x86 X acl alsa apache2 avi berkdb bitmap-fonts cdr crypt cups dlloader dmx 
encode fam font-server foomaticdb fortran gd gdbm gif gnome gpm gstreamer gtk 
gtk2 gtkhtml imagemagick imlib java jpeg junit libwww mad mbox mikmod milter 
motif mozilla mpeg mysql ncurses nls nptl oggvorbis opengl oss pam pdflib perl 
pic pie png pwdb python quicktime readline samba sdl slang spell ssl svga tcpd 
tiff truetype truetype-fonts type1-fonts xml xml2 xmms xprint xv zlib"

Comment 1 Nick Ellson 2004-12-28 09:18:40 UTC

Added level 2 debuging and noticed that Samba is now performing the smbusers translation BEFORE sendng the login attempt to the Win NT domain controller. It did not used to do that. I created a user in the NT Domain matching my local Unix user and login passes. (same password of course)

So I normally have an NT account "home\nick" and I map that to my unix account "grimm"  and when logging at debug I now see:

[2004/12/28 09:07:01, 2] auth/auth.c:check_ntlm_password(312)
  check_ntlm_password:  Authentication for user [nick] -> [grimm] FAILED with error NT_STATUS_NO_SUCH_USER
[2004/12/28 09:07:11, 2] smbd/server.c:exit_server(571)
  Closing connections

leading me to believe that the translation was now being done too soon. It was my understanding that this translation was to allow me to use my NT authentication to assume the permissions of a different local Unix user. It had been operating that way for some time. 

This sounds like a change in Samba's behavior, not a bug in what the portage package is doing. I'll investigate with teh Samba site.

Nick