I am facing a very strange problem with samba running as PDC and using LDAP. The new users that I create using smbldap-tools aren't able to log in, but they can browse shares on the server. I had the problem with samba 2.2 and hoped it would be solved with 3.0. I spent two days testing without success even with samba 3.0.2pre1. In the log I can't see anything wrong : it says "sam authentication for user [testuser2] succeeded" and "check_password returned status NT_STATUS_OK" and then nothing valuable but the user can't log in on a W2K workstation. When comparing logs between users who can log and others, the difference start at line 250 where unlucky users have :
[2004/01/09 16:47:53, 4] rpc_parse/parse_net.c:init_dom_sid2s(867) init_dom_sid2s:
instead of :
[2004/01/08 11:51:03, 10] auth/auth_ntlmssp.c:auth_ntlmssp_check_password(129) Got NT session key of length 16
But I can't figure why...
It was due to the "logon caching feature" of Windows who allowed users who already logged to continue logging and refusing new users.
It was refusing logging because of a SID domain change. Restoring old domain SID solved it.
=> I don't know exactly where this is handled but may be an explicit error message about mismatched SID could be added.
Thanks.
Attached is the unsuccessful logon log.
Thanks for any help.
Xavier Poinsard
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
