Ricardo Campos
2023-Oct-06 17:03 UTC
[Samba] Simple question about netbios name and workgroup, in smb.conf
Hi, all. I need some help. I've installed samba 4.4 in a SuSE 42.2, years ago and it was still running smoothly till weeks ago. It is still running but new windows machines and old ones that were updated with some Microsoft software could not enter the domain because of a sort of loss of confidence error. Well, I was called to solve the problem. It seemed to me that the better way to do it was to install the new version of samba (4.19.0) which was said to correct the issue. I'm exactly at this point. I installed it, and openldap, in a Ubuntu 22.04 LTS box, from source and started some tests, but I couldn't go far enough because smbd finds errors: [2023/09/25 13:56:40.683717, 0] ../../source3/passdb/pdb_ldap_util.c:313(smbldap_search_domain_info) smbldap_search_domain_info: Adding domain info for *NEWATENA* failed with NT_STATUS_UNSUCCESSFUL [2023/09/25 13:56:40.683755, 0] ../../source3/passdb/pdb_ldap.c:6716(pdb_ldapsam_init_common) pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain. We cannot work reliably without it. [2023/09/25 13:56:40.683769, 0] ../../source3/passdb/pdb_interface.c:182(make_pdb_method_name) pdb backend ldapsam:ldap://127.0.0.1 did not correctly init (error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO) A piece of the smb.conf file follows: server max protocol = NT1 # preserve case = no time server = yes inherit acls = yes nt acl support = yes netbios name = *newatena* netbios aliases = newatena inherit permissions = yes printing = cups logon script = logon.bat dos charset = iso-8859-1 local master = yes workgroup = *FUTURO* os level = 33 Both newatena and FUTURO are temporary names, since I still have the samba 4.4 running. With slapcat we can see this (partial) entry: dn: sambaDomainName=*FUTURO*,dc=xxxx,dc=xxx,dc=xx sambaDomainName: *FUTURO* sambaAlgorithmicRidBase: 1000 sambaNextUserRid: 1000 sambaMinPwdLength: 5 structuralObjectClass: sambaDomain My simple question is this: why would samba asks for a domain using the *netbios name* instead of the *workgroup*? If you need more information, please ask. Thanks for any help. Ricardo
Rowland Penny
2023-Oct-06 18:02 UTC
[Samba] Simple question about netbios name and workgroup, in smb.conf
On Fri, 6 Oct 2023 14:03:55 -0300 Ricardo Campos via samba <samba at lists.samba.org> wrote:> Hi, all. I need some help. > > I've installed samba 4.4 in a SuSE 42.2, years ago and it was still > running smoothly till weeks ago. It is still running but new windows > machines and old ones that were updated with some Microsoft software > could not enter the domain because of a sort of loss of confidence > error. > > Well, I was called to solve the problem. It seemed to me that the > better way to do it was to install the new version of samba (4.19.0) > which was said to correct the issue. I'm exactly at this point. > > I installed it, and openldap, in a Ubuntu 22.04 LTS box, from source > and started some tests, but I couldn't go far enough because smbd > finds errors: > > [2023/09/25 13:56:40.683717, 0] > ../../source3/passdb/pdb_ldap_util.c:313(smbldap_search_domain_info) > smbldap_search_domain_info: Adding domain info for *NEWATENA* > failed with NT_STATUS_UNSUCCESSFUL > [2023/09/25 13:56:40.683755, 0] > ../../source3/passdb/pdb_ldap.c:6716(pdb_ldapsam_init_common) > pdb_init_ldapsam: WARNING: Could not get domain info, nor add one > to the domain. We cannot work reliably without it. > [2023/09/25 13:56:40.683769, 0] > ../../source3/passdb/pdb_interface.c:182(make_pdb_method_name) > pdb backend ldapsam:ldap://127.0.0.1 did not correctly init (error > was NT_STATUS_CANT_ACCESS_DOMAIN_INFO) > > A piece of the smb.conf file follows:Please do not post part of a smb.conf , it doesn't really help, it would be better to post the output of 'testparm -s'> > server max protocol = NT1 > # > preserve case = no > time server = yes > inherit acls = yes > nt acl support = yes > netbios name = *newatena* > netbios aliases = newatena > inherit permissions = yes > printing = cups > logon script = logon.bat > dos charset = iso-8859-1 > local master = yes > workgroup = *FUTURO* > os level = 33 > > Both newatena and FUTURO are temporary names, since I still have the > samba 4.4 running.Samba 4.4 is extremely old> > With slapcat we can see this (partial) entry: > > dn: sambaDomainName=*FUTURO*,dc=xxxx,dc=xxx,dc=xx > sambaDomainName: *FUTURO* > sambaAlgorithmicRidBase: 1000 > sambaNextUserRid: 1000 > sambaMinPwdLength: 5 > structuralObjectClass: sambaDomain > > My simple question is this: why would samba asks for a domain using > the *netbios > name* instead of the *workgroup*?Because, there are two workgroups on a Samba server, one, the 'local' one, uses the NetBIOS name and the 'domain' that uses the NetBIOS domain name.> > If you need more information, please ask.Yes, why are you trying to keep an old obsolete system working ? The old 'PDC' type domains rely on SMBv1 and that protocol is very, very insecure. You would be better off either upgrading your existing domain to AD, or setting up a new domain, the latter is probably better because it gets rid of all the really old ways of doing things. Rowland