Running Samba mostly on Redhat 5 with version 3.5.4-0.83 Also failed on Debian 3.5.6 and Solaris with a 3.5 version. Logging details here are from Redhat case. We have a similar problem on all Unix/Linux systems using ADS as the backend authentication for samba shares on Unix/Linux. It was working before today and we didn't change anything. Today, any time we try smbclient or a Windows drive map to connect, and the user is not in /etc/passwd, it fails. Yet if they are in /etc/passwd, it succeeds. "net ads testjoin" returns OK. If I take the user not in /etc/passwd and use either: wbinfo -a username%password or kinit username@xxxxxxxxxxxxxx it works. Winbind and samba services have been restarted. SSH login using AD auth works fine. We have reduced to minimal /etc/pam.d/samba: auth required pam_env.so auth sufficient pam_winbind.so use_first_pass debug auth required pam_deny.so account required pam_permit.so Login attempt: $ smbclient -U username //www/test Enter username's password: session setup failed: NT_STATUS_LOGON_FAILURE Log level 10: [2011/10/03 15:22:03.546880, 6] param/loadparm.c:7133(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Mon Oct 3 15:21:45 2011 [2011/10/03 15:22:03.546943, 5] auth/auth_util.c:211(make_user_info_map) Mapping user [MYDOMAIN]\[username] from workstation [LABRADOR] [2011/10/03 15:22:03.547328, 5] auth/auth_util.c:122(make_user_info) attempting to make a user_info for username (username) [2011/10/03 15:22:03.547351, 5] auth/auth_util.c:132(make_user_info) making strings for username's user_info struct [2011/10/03 15:22:03.547370, 5] auth/auth_util.c:164(make_user_info) making blobs for username's user_info struct [2011/10/03 15:22:03.547390, 10] auth/auth_util.c:182(make_user_info) made an encrypted user_info for username (username) [2011/10/03 15:22:03.547411, 3] auth/auth.c:216(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [MYDOMAIN]\[username]@[LABRADOR] with the new password interface [2011/10/03 15:22:03.547434, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: mapped user is: [MYDOMAIN]\[username]@[LABRADOR] [2011/10/03 15:22:03.547453, 10] auth/auth.c:228(check_ntlm_password) check_ntlm_password: auth_context challenge created by NTLMSSP callback (NTLM2) [2011/10/03 15:22:03.547473, 10] auth/auth.c:230(check_ntlm_password) challenge is: [2011/10/03 15:22:03.547488, 5] ../lib/util/util.c:278(_dump_data) [0000] 89 E2 DB 1A E5 3D A7 6C .....=.l [2011/10/03 15:22:03.547529, 10] auth/auth.c:256(check_ntlm_password) check_ntlm_password: guest had nothing to say [2011/10/03 15:22:03.547560, 8] lib/util.c:1869(is_myname) is_myname("MYDOMAIN") returns 0 [2011/10/03 15:22:03.547580, 6] auth/auth_sam.c:556(check_samstrict_security) check_samstrict_security: MYDOMAIN is not one of my local names (ROLE_DOMAIN_MEMBER) [2011/10/03 15:22:03.547603, 10] auth/auth.c:256(check_ntlm_password) check_ntlm_password: sam had nothing to say [2011/10/03 15:22:03.547624, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2011/10/03 15:22:03.547646, 3] smbd/uid.c:429(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2011/10/03 15:22:03.547665, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/10/03 15:22:03.547685, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2011/10/03 15:22:03.547702, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/10/03 15:22:03.551090, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/10/03 15:22:03.551129, 5] lib/username.c:133(Get_Pwnam_alloc) Finding user MYDOMAIN\username [2011/10/03 15:22:03.551148, 5] lib/username.c:77(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is acadia\username [2011/10/03 15:22:03.551276, 5] lib/username.c:85(Get_Pwnam_internals) Trying _Get_Pwnam(), username as given is MYDOMAIN\username [2011/10/03 15:22:03.551388, 5] lib/username.c:95(Get_Pwnam_internals) Trying _Get_Pwnam(), username as uppercase is MYDOMAIN\MPOWER [2011/10/03 15:22:03.551491, 5] lib/username.c:104(Get_Pwnam_internals) Checking combinations of 0 uppercase letters in acadia\username [2011/10/03 15:22:03.551526, 5] lib/username.c:110(Get_Pwnam_internals) Get_Pwnam_internals didn't find user [MYDOMAIN\username]! [2011/10/03 15:22:03.551546, 5] lib/username.c:133(Get_Pwnam_alloc) Finding user username [2011/10/03 15:22:03.551564, 5] lib/username.c:77(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is username [2011/10/03 15:22:03.551666, 5] lib/username.c:95(Get_Pwnam_internals) Trying _Get_Pwnam(), username as uppercase is MPOWER [2011/10/03 15:22:03.551779, 5] lib/username.c:104(Get_Pwnam_internals) Checking combinations of 0 uppercase letters in username [2011/10/03 15:22:03.551799, 5] lib/username.c:110(Get_Pwnam_internals) Get_Pwnam_internals didn't find user [username]! [2011/10/03 15:22:03.551861, 5] auth/auth.c:268(check_ntlm_password) check_ntlm_password: winbind authentication for user [username] FAILED with error NT_STATUS_NO_SUCH_USER [2011/10/03 15:22:03.551889, 2] auth/auth.c:314(check_ntlm_password) check_ntlm_password: Authentication for user [username] -> [username] FAILED with error NT_STATUS_NO_SUCH_USER [2011/10/03 15:22:03.551910, 5] auth/auth_util.c:2119(free_user_info) attempting to free (and zero) a user_info structure [2011/10/03 15:22:03.551934, 10] auth/auth_util.c:2123(free_user_info) structure was created for username [2011/10/03 15:22:03.551964, 3] smbd/error.c:80(error_packet_set) error packet at smbd/sesssetup.c(111) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2011/10/03 15:22:03.552000, 5] lib/util.c:617(show_msg) [2011/10/03 15:22:03.552013, 5] lib/util.c:627(show_msg) size=35 smb_com=0x73 smb_rcls=109 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51203 smb_tid=0 smb_pid=6992 smb_uid=100 smb_mid=3 smt_wct=0 smb_bcc=0 [2011/10/03 15:22:03.552941, 5] lib/util_sock.c:462(read_fd_with_timeout) read_fd_with_timeout: blocking read. EOF from client. [2011/10/03 15:22:03.552994, 10] smbd/process.c:286(receive_smb_raw_talloc) receive_smb_raw: NT_STATUS_END_OF_FILE [2011/10/03 15:22:03.553025, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/10/03 15:22:03.553046, 5] auth/token_util.c:525(debug_nt_user_token) NT user token: (NULL) [2011/10/03 15:22:03.553066, 5] auth/token_util.c:551(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2011/10/03 15:22:03.553105, 5] smbd/uid.c:369(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2011/10/03 15:22:03.553127, 3] smbd/connection.c:31(yield_connection) Yielding connection to [2011/10/03 15:22:03.553179, 10] lib/dbwrap_tdb.c:100(db_tdb_fetch_locked) Locking key B56E0000FFFFFFFFFFFF [2011/10/03 15:22:03.553204, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) [2011/10/03 15:22:03.553204, 10] lib/dbwrap_tdb.c:129(db_tdb_fetch_locked) Allocated locked data 0x0x7f9ba627a6f0 [2011/10/03 15:22:03.553228, 10] lib/dbwrap_tdb.c:42(db_tdb_record_destr) Unlocking key B56E0000FFFFFFFFFFFF [2011/10/03 15:22:03.553324, 3] smbd/server.c:906(exit_server_common) Server exit (failed to receive smb request) The Windows admin doesn't believe they changed anything on their end. Where do we look next? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba