System error 1240 error, but not the usual problem - SMB

This is a discussion on System error 1240 error, but not the usual problem - SMB ; We upgraded one (of four) domain controllers to 2003 server today. All of a sudden, one of my samba (2.2.7) servers (under rh 7.3) won't work correctly. I get the System error 1240 has occured, "The account is not authorized ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: System error 1240 error, but not the usual problem

  1. System error 1240 error, but not the usual problem


    We upgraded one (of four) domain controllers to 2003 server today.
    All of a sudden, one of my samba (2.2.7) servers (under rh 7.3)
    won't work correctly. I get the System error 1240 has occured,
    "The account is not authorized to log in from this station."

    Two other servers work just fine.

    But, it can't be that encrypted password bit. And I don't think it's
    related to the DC update since other samba servers are fine. I use
    security = domain and the machine account seems to be fine.

    Note, it works just fine if I specify an ip address. If I specify
    an incorrect username, it rejects it as expected. If I specify a good
    username and incorrect password, it rejects it as expected.

    It only returns the 1240 error (from XP workstation) if I use
    the netbios name and if I use correct password.

    Also, if I move the secrets.tdb file away, all logons are rejected,
    as expected. Put it back, and only the IP address ones work again.

    Also note, when it fails, at log level 99, there are no NT_STATUS
    messages recorded at all.

    I'm at witt's end on this one.... Any help greatly appreciated. In
    hindsight, I shouldn't have upgraded my domain to 2003 server, but in
    all testing in a lab, everything seemed fine. :-(


    --

    Ken Weaverling (ken @ weaverling.org) WHOIS: KJW http://www.weaverling.org/


  2. Re: System error 1240 error, but not the usual problem

    In article ,
    Ken Weaverling wrote:
    >
    >We upgraded one (of four) domain controllers to 2003 server today.
    >All of a sudden, one of my samba (2.2.7) servers (under rh 7.3)
    >won't work correctly. I get the System error 1240 has occured,
    >"The account is not authorized to log in from this station."


    Just as a followup to my own post, looks like smb signing is the issue.

    http://lists.samba.org/archive/samba...ay/066356.html

    I haven't actually tried this yet, but I think the author of that note
    could be considered authoritive on the subject! Still, it doesn't
    explain why I have some samba clients authing OK, and some not. I
    pointed all of the password server settings to one of our 2000 server
    DCs and still have the mixed results (we only have 1 of 4 DCs as 2003
    server now)

    We're planning to also migrate to RHEL 3 over the holidays, which
    includes Samba 3, so I hope my problems on this one go away.

    Next, I get to deal with problems using 2003 server as a Kerberos
    server... :-(

    --

    Ken Weaverling (ken @ weaverling.org) WHOIS: KJW http://www.weaverling.org/


  3. Re: System error 1240 error, but not the usual problem

    Ken Weaverling wrote:

    > In article ,
    > Ken Weaverling wrote:
    >>
    >>We upgraded one (of four) domain controllers to 2003 server today.
    >>All of a sudden, one of my samba (2.2.7) servers (under rh 7.3)
    >>won't work correctly. I get the System error 1240 has occured,
    >>"The account is not authorized to log in from this station."

    >
    > Just as a followup to my own post, looks like smb signing is the issue.
    >
    > http://lists.samba.org/archive/samba...ay/066356.html
    >
    > I haven't actually tried this yet, but I think the author of that note
    > could be considered authoritive on the subject! Still, it doesn't
    > explain why I have some samba clients authing OK, and some not. I
    > pointed all of the password server settings to one of our 2000 server
    > DCs and still have the mixed results (we only have 1 of 4 DCs as 2003
    > server now)
    >
    > We're planning to also migrate to RHEL 3 over the holidays, which
    > includes Samba 3, so I hope my problems on this one go away.
    >
    > Next, I get to deal with problems using 2003 server as a Kerberos
    > server... :-(
    >


    I haven't had the need to do this yet, but I am aware of it none the less.
    What I will/would be looking for is a linux setting in smb.conf that would
    enable the correct signing of packets. That way, you can keep from any
    possible windows related problems to tinkering with server 2003 settings.



    --

    ************************************************** ****************************
    Registered Linux User Number 185956
    http://groups.google.com/groups?hl=e...ff&group=linux
    Join me in chat at #linux-users on irc.freenode.net
    This email account no longers accepts attachments or messages containing
    html.
    11:51am up 80 days, 16:44, 7 users, load average: 0.15, 0.05, 0.01

  4. Re: System error 1240 error, but not the usual problem

    In article ,
    Ken Weaverling wrote:
    >In article ,
    >Ken Weaverling wrote:
    >>
    >>We upgraded one (of four) domain controllers to 2003 server today.
    >>All of a sudden, one of my samba (2.2.7) servers (under rh 7.3)
    >>won't work correctly. I get the System error 1240 has occured,
    >>"The account is not authorized to log in from this station."

    >
    >Just as a followup to my own post, looks like smb signing is the issue.
    >
    >http://lists.samba.org/archive/samba...ay/066356.html


    Sigh, guess not. After rebooting both the 2003 server and the client
    desktop AND restarting my samba processes after applying the above GPO
    and waiting several hours, I still get the error on just that one
    samba server.

    Uncanny. Weird. Insane. :-(



    --

    Ken Weaverling (ken @ weaverling.org) WHOIS: KJW http://www.weaverling.org/


  5. Re: System error 1240 error, but not the usual problem

    Ken Weaverling wrote:

    > In article ,
    > Ken Weaverling wrote:
    >
    >>In article ,
    >>Ken Weaverling wrote:
    >>
    >>>We upgraded one (of four) domain controllers to 2003 server today.
    >>>All of a sudden, one of my samba (2.2.7) servers (under rh 7.3)
    >>>won't work correctly. I get the System error 1240 has occured,
    >>>"The account is not authorized to log in from this station."

    >>
    >>Just as a followup to my own post, looks like smb signing is the issue.
    >>
    >>http://lists.samba.org/archive/samba...ay/066356.html

    >
    >
    > Sigh, guess not. After rebooting both the 2003 server and the client
    > desktop AND restarting my samba processes after applying the above GPO
    > and waiting several hours, I still get the error on just that one
    > samba server.
    >
    > Uncanny. Weird. Insane. :-(
    >
    >
    >


    Are the other servers running the same version of Samba ? Not exactly
    related, but when we switched to Native mode an older version of Samba
    running on AIX magically stopped working. All other machines that were
    at 2.2.7 or newer were unaffected.

    Just wondering if updating to either the latest 2.2.x or 3.x would "fix" it.

    --
    - Matt -

  6. Re: System error 1240 error, but not the usual problem

    In article , Matt wrote:
    >Ken Weaverling wrote:
    >
    >Are the other servers running the same version of Samba ? Not exactly
    >related, but when we switched to Native mode an older version of Samba
    >running on AIX magically stopped working. All other machines that were
    >at 2.2.7 or newer were unaffected.


    I'm running 2.2.7 under redhat 7.3 on them all.

    For now, I'm shelving this. Part of our holiday work is upgrading all
    of our boxes including the linux ones to RHEL 3.0 which comes with
    Samba 3. I'll then pray it all fits together.

    Now you'd think in a sane organzation, all of this would be tested
    ahead of time in a lab, but this isn't a sane organzation. It's a
    college! :-) There are far more important things to do than waste time
    testing things. There are faculty pet projects to spend time on. We're
    here to serve our students, not serve our paranoias, techs spend too
    much time hundled in dark offices "playing" instead of interacting
    directly with faculty as they should, etc, etc...

    And now shall I shut up before I get myself in trouble, or more trouble!

    --

    Ken Weaverling (ken @ weaverling.org) WHOIS: KJW http://www.weaverling.org/


  7. Re: System error 1240 error, but not the usual problem


    "Ken Weaverling" wrote in message
    news:bs0h39$cv4$1@news.dtcc.edu...
    >
    > We upgraded one (of four) domain controllers to 2003 server today.
    > All of a sudden, one of my samba (2.2.7) servers (under rh 7.3)
    > won't work correctly. I get the System error 1240 has occured,
    > "The account is not authorized to log in from this station."
    >
    > Two other servers work just fine.
    >
    > But, it can't be that encrypted password bit. And I don't think it's
    > related to the DC update since other samba servers are fine. I use
    > security = domain and the machine account seems to be fine.
    >
    > Note, it works just fine if I specify an ip address. If I specify
    > an incorrect username, it rejects it as expected. If I specify a good
    > username and incorrect password, it rejects it as expected.
    >
    > It only returns the 1240 error (from XP workstation) if I use
    > the netbios name and if I use correct password.
    >
    > Also, if I move the secrets.tdb file away, all logons are rejected,
    > as expected. Put it back, and only the IP address ones work again.
    >


    I'm thinking that if Samba is part of a domain, you could eliminate the
    smbpasswd file (and secrets.tdb) all together. Authentication should be to
    the DC's. (password server = *).

    > Also note, when it fails, at log level 99, there are no NT_STATUS
    > messages recorded at all.
    >
    > I'm at witt's end on this one.... Any help greatly appreciated. In
    > hindsight, I shouldn't have upgraded my domain to 2003 server, but in
    > all testing in a lab, everything seemed fine. :-(
    >
    >
    > --
    >
    > Ken Weaverling (ken @ weaverling.org) WHOIS: KJW

    http://www.weaverling.org/
    >




+ Reply to Thread