I migrated a complete Samba configuration from an old server to a new one, including the entire /etc/samba directory and all user accounts. At first, no clients were aware that anything had changed. But when I changed the passwords of two users they suddenly couldn't connect. Doesn't matter whether it's the old or new password - Samba rejects it as invalid. I even tried to change the passwords back to what they were, with no success. Oddly, they can both connect fine from the server itself when I do this:
smbclient -L 127.0.0.1 -U username Password: ...
But when I issue the same command from a remote machine, it fails:
smbclient -L servername.domain.com -U username Password: session setup failed: NT_STATUS_LOGON_FAILURE
Local OK, remote bad. It boggles the mind. Here are some things I've tried:
- I made sure that the UIDs all match.
- I made sure that the new server has the old server's local SID, and that the users' SIDs matched the machine SID.
- I disabled the firewall.
- I made sure the old server is off.
So this really is a case of Samba rejecting a login for a remote machine but allowing the same login locally - but only for users with changed passwords. It's version 3.0.2a, which came with Yellow Dog Linux. I'm guessing it's something in the secrets.tdb database, though when I delete the database and Samba recreates it, the problems are not solved. Anyone ever seen anything like this?
Thanks in advance, Ed
--
:: Ed Holden :: Administrator, Research Information Systems :: McLean Hospital :: Tel: (617) 855-2822 :: Web: http://research.mclean.harvard.edu/ris
Any information, including protected health information (PHI), transmitted in this email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential and or exempt from disclosure under applicable Federal or State law. Any review, retransmission, dissemination or other use of or taking of any action in reliance upon, protected health information (PHI) by persons or entities other than the intended recipient is prohibited. If you received this email in error, please contact the sender and delete the material from any computer.
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
