Since upgrading to samba 3.3.7, the local users are not able to authenticate. As a result they cannot browse/access shares. Reproducible: Always Steps to Reproduce: 1. Upgrade to samba 3.3.7 (modular layout, separate samba-client and samba-server) 2. Access the machine from a windows desktop: \\hostname\ 3. You are prompted for password but authentication fails (using the correct password of course) From /var/log/samba/log.smbd: [2009/09/16 16:16:27, 2] lib/access.c:check_access(406) Allowed connection from lupin.ics.forth.gr (139.91.70.101) [2009/09/16 16:16:27, 2] smbd/sesssetup.c:setup_new_vc_session(1368) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2009/09/16 16:16:27, 2] smbd/sesssetup.c:setup_new_vc_session(1368) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2009/09/16 16:16:27, 2] auth/auth.c:check_ntlm_password(318) check_ntlm_password: Authentication for user [user1] -> [user1] FAILED with error NT_STATUS_WRONG_PASSWORD [2009/09/16 16:16:27, 2] smbd/sesssetup.c:setup_new_vc_session(1368) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2009/09/16 16:16:27, 2] smbd/sesssetup.c:setup_new_vc_session(1368) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2009/09/16 16:16:27, 2] auth/auth.c:check_ntlm_password(318) check_ntlm_password: Authentication for user [user1] -> [user1] FAILED with error NT_STATUS_WRONG_PASSWORD [2009/09/16 16:16:27, 2] smbd/sesssetup.c:setup_new_vc_session(1368) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2009/09/16 16:16:27, 2] smbd/sesssetup.c:setup_new_vc_session(1368) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2009/09/16 16:16:27, 2] auth/auth.c:check_ntlm_password(318) check_ntlm_password: Authentication for user [user1] -> [user1] FAILED with error NT_STATUS_WRONG_PASSWORD [2009/09/16 16:16:27, 2] smbd/sesssetup.c:setup_new_vc_session(1368) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2009/09/16 16:16:27, 2] smbd/sesssetup.c:setup_new_vc_session(1368) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2009/09/16 16:16:27, 2] auth/auth.c:check_ntlm_password(318) check_ntlm_password: Authentication for user [user1] -> [user1] FAILED with error NT_STATUS_WRONG_PASSWORD [2009/09/16 16:16:32, 2] smbd/sesssetup.c:setup_new_vc_session(1368) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2009/09/16 16:16:32, 2] smbd/sesssetup.c:setup_new_vc_session(1368) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2009/09/16 16:16:32, 2] auth/auth.c:check_ntlm_password(318) check_ntlm_password: Authentication for user [user1] -> [user1] FAILED with error NT_STATUS_WRONG_PASSWORD foo samba # emerge --info Portage 2.1.6.13 (default/linux/x86/2008.0/desktop, gcc-4.3.3, glibc-2.10.1-r0, 2.6.30-gentoo-r5-longarglist i686) ================================================================= System uname: Linux-2.6.30-gentoo-r5-longarglist-i686-Intel-R-_Core-TM-2_Duo_CPU_E6750_@_2.66GHz-with-gentoo-2.0.1 Timestamp of tree: Wed, 16 Sep 2009 00:00:21 +0000 app-shells/bash: 4.0_p33 dev-java/java-config: 1.3.7-r1, 2.1.9 dev-lang/python: 2.4.4-r15, 2.5.4-r2, 2.6.2-r1 dev-python/pycrypto: 2.0.1-r8 dev-util/cmake: 2.6.4-r2 sys-apps/baselayout: 2.0.1 sys-apps/openrc: 0.4.3-r3 sys-apps/sandbox: 2.1 sys-devel/autoconf: 2.13, 2.63-r1 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2, 1.11 sys-devel/binutils: 2.19.1-r1 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6a virtual/os-headers: 2.6.30-r1 ACCEPT_KEYWORDS="x86 ~x86" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=pentium4 -O2 -fomit-frame-pointer -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-march=pentium4 -O2 -fomit-frame-pointer -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="ftp://files.gentoo.gr/ http://ftp.ntua.gr/pub/linux/gentoo/" LANG="en_GB.UTF-8" LDFLAGS="-Wl,-O1" LINGUAS="el en en_GB" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage/layman/desktop-effects /usr/local/portage/layman/mozilla /usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X a52 aac acl acpi adns ads aiglxi aim alsa apache2 avahi avi bash-completion berkdb bluetooth branding bzip2 bzlib cairo cdr cli codecs consolekit cracklib crypt cups dba dbus dga directfb divx4linux dri dts dvd dvdr eds emboss encode esd evo exif fam fbcon firefox flac flatfile foomaticdb fortran ftp gd gdbm gif glitz gnome gnutls gphoto2 gpm gstreamer gtk gtk2 hal i8x0 iconv icq ieee1394 imagemagick imap imlib inifile ipv6 isdnlog jabber jpeg jpeg2k lcms ldap libnotify libwww lirc lm_sensors mad mikmod mmx mono mp3 mp4 mpeg msn mudflap mysql ncurses newspr nls nptl nptlonly nsplugin offensive ogg oggvorbis opengl openmp pam pcre pdf pdflib perl php png ppds pppd pulseaudio python qt3support quicktime readline reflection samba sdl session sockets spell spl sse sse2 ssl startup-notification svg sysfs sysvipc tcpd tetex thunar tidy tiff tokenizer truetype truetype-fonts udev unicode usb v4l v4l2 vhosts vorbis win32codecs wmf x264 x86 xine xml xorg xpm xscreensaver xulrunner xv xvid yahoo zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" CAMERAS="canon directory" ELIBC="glibc" INPUT_DEVICES="keyboard vmmouse mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="el en en_GB" USERLAND="GNU" VIDEO_CARDS="fglrx v4l" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
There's this bit among changes: The passdb tdbsam version has been raised as among other things the RID counter has been moved from the winbindd_idmap.tdb to the passdb.tdb file to make "passdb backend = tdbsam" working in clustered environments. Please note that an updated passdb.tdb file is _not_ compatible with Samba versions before 3.3.0! Please backup your passdb.tdb file if you use "passdb backend = tdbsam". That can be achieved by running 'tdbbackup /etc/samba/passdb.tdb' before the update. Relevant ?
I've already tried using "passdb backend = tdbsam" after reading some comments in /etc/samba/smb.conf.default. I don't think it helps. An interesting aspect of the problem is that there is no problem when I use smbclient. Which is really weird. Could it be a PAM issue here? I would like to try completely wiping samba files (passwords etc) and resetting my password (there are no other users). Is there any other place except /var/lib/samba that I should wipe? (In reply to comment #1) > There's this bit among changes: > The passdb tdbsam version has been raised as among other things the RID counter > has been moved from the winbindd_idmap.tdb to the passdb.tdb file to make > "passdb backend = tdbsam" working in clustered environments. > > Please note that an updated passdb.tdb file is _not_ compatible with Samba > versions before 3.3.0! Please backup your passdb.tdb file if > you use "passdb backend = tdbsam". That can be achieved by running > > 'tdbbackup /etc/samba/passdb.tdb' > > before the update. > > Relevant ? >
Same problem here with samba-server-3.3.8 Wiping /var/lib/samba (and reemerging samba-server, to recreate the directory structure) did not help.
It looks like my problem wasn't with samba-3.3, it was with my ISP! Apparently, if your ISP redirects invalid DNS requests to advertisement pages (and many major ISPs in the US have started doing this), Samba stops working. To work around ISP idiocy, you have to: * add "name resolve order = lmhosts wins bcast host" to global section of smb.conf * add "wins" to hosts line in nsswitch.conf See https://bugs.launchpad.net/ubuntu/+source/samba/+bug/375593 and http://ubuntuforums.org/showthread.php?t=1169149
Seems to be fixed - samba-server package is removed (samba now), and the original issue seems to be braindead ISP.
