[Samba] 3.5.6 to 3.6.6: session setup failed

[Thiago Parolin]

Hi,
I think that someone has the solution for my problem! ;)
After i did the upgrade process in a samba server, from debian squeeze to
wheezy, the new samba version (3.6.6) is not working.
Searching on web, there are many causes for this error, and i dont know
what is mine.
I can't connect with smbclient -L host -U ldapuser, that give me error
"session setup failed: NT_STATUS_UNSUCCESSFUL"


How can i fix this?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

[Gaiseric Vandal]

Does "pdbedit -Lv" still show users? You want to verify that samba is
able to access LDAP.

[Thiago Parolin]

if i do: smbclient -L 127.0.0.1 -U%, the resources are showed, but with
smbclient -L 127.0.0.1 -U ldapuser, i get : session setup failed:
NT_STATUS_UNSUCCESSFUL

the samba log says:
[2013/07/12 14:17:28.607965, 0] auth/check_samsec.c:491(check_sam_security)
check_sam_security: make_server_info_sam() failed with
'NT_STATUS_UNSUCCESSFUL'




2013/7/12 Thiago Parolin <tlpa...@gmail.com>

>
> the "pdbedit -Lv" shows:
> sid S-xxxxxx.....-3024 does not belong to our domain
> sid S-xxxxxx.....-3018 does not belong to our domain
> sid S-xxxxxx.....-3022 does not belong to our domain
> sid S-xxxxxx.....-3026 does not belong to our domain
> sid S-xxxxxx.....-3030 does not belong to our domain
> sid S-xxxxxx.....-3032 does not belong to our domain
> sid S-xxxxxx.....-3034 does not belong to our domain
>
> (i think) the comunication with ldap is ok. (ldapsearch, getent passwd,
> group..).
> deleted sambadomain in ldap tree, then restarted the samba service to
> recreate the entries, and all these process is ok.
>
> the output in samba server (used for printer): net getdomainsid
> SID for local machine SPSI is:
> S-1-5-21-380................................638
> SID for domain PSI is: S-1-5-21-272.............................099
>
> the samba in ldap server: net getdomainsid is the same for SPSI above.
>
> pdbedit -Lv userldap shows:
> User SID: S-1-5-21-380................................638-3432
> Primary Group SID: S-1-5-21-272.............................099-513
>
> the samba log says:
> [2013/07/12 14:17:28.607965, 0] auth/check_samsec.c:491(check_sam_security)
> check_sam_security: make_server_info_sam() failed with
> 'NT_STATUS_UNSUCCESSFUL'
>
>
>
>
> 2013/7/12 Gaiseric Vandal <gaiseri...@gmail.com>

>> instructions: https://lists.samba.org/**mailman/options/samba<https://lists.samba.org/mailman/options/samba>

[Thiago Parolin]

I've been trying many things, and one of them was reinstall samba for print
server.
After reinstall, i set the SID for print server to the same SID for samba's
ldap server.
Now, when i type pdbedit -Lv in print server, i get all users from my ldap
tree.
the command smbclient -L 127.0.0.1 -U ldapuser, now shows all resources
normally, but (there are always a "but") when i try to print, i got :
NT_STATUS_ACCESS_DENIED opening remote spool Página_de_teste.

Anyone can help me with this?


2013/7/12 Thiago Parolin <tlpa...@gmail.com>

[Thiago Parolin]

Solved!
My steps:
reinstall samba on print server, without erase smb.conf.
set sid for print server the same for ldap/samba server.
after this, to fix the error NT_STATUS_ACCESS_DENIED opening remote spool,
i set in smb.conf printer section "use client driver = yes"
now, printer is working again!!
thanks.


2013/7/12 Thiago Parolin <tlpa...@gmail.com>