On Jul 14, 2011, at 7:13 AM, Gaiseric Vandal wrote: > On 07/14/2011 01:21 AM, Ben Sigman wrote: >> After upgrading to 3.4.0, I can no longer add new users. Any users that were >> added beforehand work fine. Any users that I attempt to create cannot login >> (error: NT_STATUS_LOGON_FAILURE). I was able to get one new user account to >> work (see below), but I cannot add any new users. >> >> The server is Ubuntu 9.10 running Samba 3.4.0. >> >> I am using: >> >> security = user >> pam password change = yes >> >> Updating passwords for existing users using passwd successfully updates on >> smbpass (auth.log): >> >> Jul 13 21:19:05 server passwd[3026]: pam_smbpass(passwd:chauthtok): password >> for (smbuser/1001) changed by (root/0) >> >> ...And authentication over smb works (auth.log): >> >> Jul 13 21:42:53 server smbd[3684]: pam_unix(samba:session): session opened >> for user ben by (uid=0) >> >> ...In samba.log: >> >> [2011/07/13 21:42:53, 4] auth/auth_sam.c:137(sam_account_ok) >> sam_account_ok: Checking SMB password for user smbuser >> [2011/07/13 21:42:53, 5] auth/auth.c:297(check_ntlm_password) >> check_ntlm_password: PAM Account for user [ben] succeeded >> >> However, if I do: >> >> smbpasswd -x user >> Failed to find entry for user smbuser. >> >> If I add a new user using: >> >> useradd newuser >> passwd newuser >> smbpasswd -a newuser >> >> This appears in auth.log: >> Jul 13 21:20:07 server passwd[3033]: pam_smbpass(passwd:chauthtok): Failed >> to find entry for user newuser. >> >> And if I attempt to authenticate (samba.log): >> >> [2011/07/13 21:50:11, 3] auth/auth_sam.c:282(check_sam_security) >> check_sam_security: Couldn't find user 'newuser' in passdb. >> [2011/07/13 21:50:11, 5] auth/auth.c:274(check_ntlm_password) >> check_ntlm_password: sam authentication for user [newuser] FAILED with >> error NT_STATUS_NO_SUCH_USER >> [2011/07/13 21:50:11, 2] auth/auth.c:320(check_ntlm_password) >> check_ntlm_password: Authentication for user [newuser] -> [newuser] >> FAILED with error NT_STATUS_NO_SUCH_USER >> >> Now... Here's where it gets interesting. At this point, I converted my >> smbpasswd containing newuser to tdb...: >> pdbedit -i smbpasswd -e tdbsam >> ...the account newuser now authenticate over SMB. However, adding any other >> new users is still not working. >> >> I have attempted to repeat the steps described above for adding a user and >> then converting smbpasswd to tdb again, but to no avail. >> >> I have not defined passdb backend in smb.conf. >> >> Anyone know what could be causing this? >> >> > Did you check the output of "testparm -v" to make sure the password backend > and password file is where you expect it to be? > > Did you try adding a user with "pdbedit" instead? > > Can you type "which smbpasswd" "which pdbedit" etc - I suspect you are using > "smbpasswd" command from the "old" version of samba. >
Thanks for the reply. You're right, the documentation I had read said that smbpasswd would work with the new tdb backend. Can I not use it? For now, here are the outputs you requested: >From testparm: passdb backend = tdbsam idmap backend = tdb idmap alloc backend = >From which: /usr/bin/pdbedit /usr/bin/smbpasswd Maybe this will help, smbuser is a new user on my system who cannot authenticate over SMB. When I try to use smbpasswd -a -D10 smbuser I get an error in the middle of the output that says: Get_Pwnam_internals did find user [smbuser]! Here is the full output: [root@server:/]# smbpasswd -a -D10 smbuser (07-14 13:26) Netbios name list:- my_netbios_names[0]="SERVER" Attempting to register passdb backend ldapsam Successfully added passdb backend 'ldapsam' Attempting to register passdb backend ldapsam_compat Successfully added passdb backend 'ldapsam_compat' Attempting to register passdb backend NDS_ldapsam Successfully added passdb backend 'NDS_ldapsam' Attempting to register passdb backend NDS_ldapsam_compat Successfully added passdb backend 'NDS_ldapsam_compat' Attempting to register passdb backend smbpasswd Successfully added passdb backend 'smbpasswd' Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Attempting to register passdb backend wbc_sam Successfully added passdb backend 'wbc_sam' Attempting to find a passdb backend to match tdbsam (tdbsam) Found pdb backend tdbsam pdb backend tdbsam has a valid init New SMB password: Retype new SMB password: tdbsam_open: successfully opened /etc/samba/passdb.tdb pdb_set_username: setting username smbuser, was pdb_set_domain: setting domain SERVER, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name , was pdb_set_homedir: setting home dir \\server\homes\%u, was pdb_set_dir_drive: setting dir drive m:, was NULL Finding user smbuser Trying _Get_Pwnam(), username as lowercase is smbuser Get_Pwnam_internals did find user [smbuser]! pdb_set_logon_script: setting logon script users.bat, was pdb_set_profile_path: setting profile path \\server\profiles\%u, was pdb_set_workstations: setting workstations , was account_policy_get: name: password history, val: 0 pdb_set_user_sid: setting user sid S-1-5-21-115255976-287349760-2125325791-1011 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-115255976-287349760-2125325791-1011 from rid 1011 account_policy_get: name: maximum password age, val: -1 Finding user smbuser Trying _Get_Pwnam(), username as lowercase is smbuser Get_Pwnam_internals did find user [smbuser]! account_policy_get: name: password history, val: 0 pdb_set_username: setting username smbuser, was pdb_set_domain: setting domain SERVER, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name , was pdb_set_homedir: setting home dir \\server\homes\%u, was pdb_set_dir_drive: setting dir drive m:, was NULL Finding user smbuser Trying _Get_Pwnam(), username as lowercase is smbuser Get_Pwnam_internals did find user [smbuser]! pdb_set_logon_script: setting logon script users.bat, was pdb_set_profile_path: setting profile path \\server\profiles\%u, was pdb_set_workstations: setting workstations , was account_policy_get: name: password history, val: 0 pdb_set_user_sid: setting user sid S-1-5-21-115255976-287349760-2125325791-1011 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-115255976-287349760-2125325791-1011 from rid 1011 account_policy_get: name: password history, val: 0 pdb_set_username: setting username smbuser, was pdb_set_domain: setting domain SERVER, was pdb_set_nt_username: setting nt username , was pdb_set_full_name: setting full name , was pdb_set_homedir: setting home dir \\server\homes\%u, was pdb_set_dir_drive: setting dir drive m:, was NULL Finding user smbuser Trying _Get_Pwnam(), username as lowercase is smbuser Get_Pwnam_internals did find user [smbuser]! pdb_set_logon_script: setting logon script users.bat, was pdb_set_profile_path: setting profile path \\server\profiles\%u, was pdb_set_workstations: setting workstations , was account_policy_get: name: password history, val: 0 pdb_set_user_sid: setting user sid S-1-5-21-115255976-287349760-2125325791-1011 pdb_set_user_sid_from_rid: setting user sid S-1-5-21-115255976-287349760-2125325791-1011 from rid 1011 account_policy_get: name: maximum password age, val: -1 account_policy_get: name: password history, val: 0 Storing account smbuser with RID 1011 Locking key 555345525F736D627573 Allocated locked data 0x0x28ea050 Unlocking key 555345525F736D627573 tdb_update_sam: Updating key for RID 1011 Locking key 5249445F303030303033 Allocated locked data 0x0x28e6ad0 Unlocking key 5249445F303030303033 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba