[Bug 1572122] Re: Samba upgrade break LDAP authentification only for my w7 clients

John Edwards 1572122 at bugs.launchpad.net
Wed Apr 20 15:53:15 UTC 2016 

I should mention that all the servers effected where using the LDAP
backend setup via smbldap-tools. Some server were running winbind but
not all. Machines were mix of 32-bit and 64-bit installs.

Clients with login problems were both Windows 7 and XP joined to a
domain. Sometimes a user could login to a machine using a recently used
user account (info probably cached on locally on Windows machine). File
access to server was fine. Leaving and rejoining the domain produced no
error, but users could still not login.

Example of Samba log file from when the login failed:
[2016/04/19 10:00:37.960814,  0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_S
erverAuthenticate3)
  _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth 
request from client WIN7-DATABASE machine account WIN7-DATABASE$
[2016/04/19 10:00:37.978252,  1] rpc_server/srv_pipe.c:1845(api_pipe_request)
  srv_pipe_check_verification_trailer: failed
[2016/04/19 10:00:50.068608,  1] smbd/process.c:457(receive_smb_talloc)
[2016/04/19 10:01:39.597632,  0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_S
erverAuthenticate3)
  _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth 
request from client WIN7-DATABASE machine account WIN7-DATABASE$
[2016/04/19 10:01:39.620571,  1] rpc_server/srv_pipe.c:1845(api_pipe_request)
  srv_pipe_check_verification_trailer: failed
[2016/04/19 10:01:55.838151,  1] smbd/process.c:457(receive_smb_talloc)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1572122

Title:
  Samba upgrade break LDAP authentification only  for my w7 clients

Status in samba package in Ubuntu:
  Confirmed
Status in samba package in CentOS:
  Unknown
Status in samba package in Debian:
  New

Bug description:
  Hi,

  Problem :  The last samba upgrade broke my ldap authentification for windows 7 client. 
  Upgrade : samba 2:3.6.3-2ubuntu2 -> samba 2:3.6.25-0ubuntu0.12.04.2 
  Config : Ubuntu serveur, 12.04 with Samba 3 + ldap

  Win 7 errors : "The trust relationship between this workstation and the primary domain failed" 
  windows client can't join the domain

  Linux client can authentificate themselves without problems.

  Does anyone  have similar problems ?

  
  Thanks

  
      cat /var/log/samba/log.pc075

      [2016/04/19 08:40:30.050073,  2] smbd/sesssetup.c:1291(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
      [2016/04/19 08:40:30.051311,  2] smbd/sesssetup.c:1291(setup_new_vc_session) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
      [2016/04/19 08:40:30.051511,  2] lib/smbldap.c:1018(smbldap_open_connection) smbldap_open_connection: connection opened
      [2016/04/19 08:40:30.059872,  2] rpc_server/samr/srv_samr_nt.c:3976(_samr_LookupDomain) Returning domain sid for domain ENSASE -> S-1-5-21-1348238158-1112093341-1520777740
      [2016/04/19 08:40:30.060329,  2] passdb/pdb_ldap.c:553(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: pc075$
      [2016/04/19 08:40:30.069236,  2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515
      [2016/04/19 08:40:30.069747,  2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515
      [2016/04/19 08:40:30.070223,  2] ../libcli/auth/credentials.c:308(netlogon_creds_server_check_internal) credentials check failed
      [2016/04/19 08:40:30.070271,  0] rpc_server/netlogon/srv_netlog_nt.c:976(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting auth request from client PC075 machine account PC075$
      [2016/04/19 08:40:30.072638,  2] rpc_server/samr/srv_samr_nt.c:3976(_samr_LookupDomain)
    Returning domain sid for domain ENSASE -> S-1-5-21-1348238158-1112093341-1520777740
      [2016/04/19 08:40:30.073005,  2] passdb/pdb_ldap.c:553(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: pc075$
      [2016/04/19 08:40:30.073580,  2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515
      [2016/04/19 08:40:30.076775,  1] rpc_server/srv_pipe.c:1845(api_pipe_request) srv_pipe_check_verification_trailer: failed

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1572122/+subscriptions

More information about the foundations-bugs mailing list