samba - Oct 2023 - Simple question about netbios name and workgroup, in smb.conf

Hi, all. I need some help.

I've installed samba 4.4 in a SuSE 42.2,  years ago and it was still
running smoothly till weeks ago. It is still running but new windows
machines and old ones that were updated with some Microsoft software could
not enter the domain because of a sort of loss of confidence error.

Well, I was called to solve the problem. It seemed to me that the better
way to do it was to install the new version of samba (4.19.0) which was
said to correct the issue. I'm exactly at this point.

I installed it, and openldap, in a Ubuntu 22.04 LTS box, from source and
started some tests, but I couldn't go far enough because smbd finds errors:

[2023/09/25 13:56:40.683717,  0]
../../source3/passdb/pdb_ldap_util.c:313(smbldap_search_domain_info)
  smbldap_search_domain_info: Adding domain info for *NEWATENA* failed with
NT_STATUS_UNSUCCESSFUL
[2023/09/25 13:56:40.683755,  0]
../../source3/passdb/pdb_ldap.c:6716(pdb_ldapsam_init_common)
  pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the
domain. We cannot work reliably without it.
[2023/09/25 13:56:40.683769,  0]
../../source3/passdb/pdb_interface.c:182(make_pdb_method_name)
  pdb backend ldapsam:ldap://127.0.0.1 did not correctly init (error was
NT_STATUS_CANT_ACCESS_DOMAIN_INFO)

A piece of the smb.conf file follows:

    server max protocol = NT1
    #
    preserve case = no
    time server = yes
    inherit acls = yes
    nt acl support = yes
    netbios name = *newatena*
    netbios aliases = newatena
    inherit permissions = yes
    printing = cups
    logon script = logon.bat
    dos charset = iso-8859-1
    local master = yes
    workgroup = *FUTURO*
    os level = 33

Both newatena and FUTURO are temporary names, since I still have the samba
4.4 running.

With slapcat we can see this (partial) entry:

dn: sambaDomainName=*FUTURO*,dc=xxxx,dc=xxx,dc=xx
sambaDomainName: *FUTURO*
sambaAlgorithmicRidBase: 1000
sambaNextUserRid: 1000
sambaMinPwdLength: 5
structuralObjectClass: sambaDomain

My simple question is this: why would samba asks for a domain using
the *netbios
name* instead of the *workgroup*?

If you need more information, please ask.

Thanks for any help.

Ricardo

On Fri, 6 Oct 2023 14:03:55 -0300
Ricardo Campos via samba <samba at lists.samba.org> wrote:
> Hi, all. I need some help.
> 
> I've installed samba 4.4 in a SuSE 42.2,  years ago and it was still
> running smoothly till weeks ago. It is still running but new windows
> machines and old ones that were updated with some Microsoft software
> could not enter the domain because of a sort of loss of confidence
> error.
> 
> Well, I was called to solve the problem. It seemed to me that the
> better way to do it was to install the new version of samba (4.19.0)
> which was said to correct the issue. I'm exactly at this point.
> 
> I installed it, and openldap, in a Ubuntu 22.04 LTS box, from source
> and started some tests, but I couldn't go far enough because smbd
> finds errors:
> 
> [2023/09/25 13:56:40.683717,  0]
> ../../source3/passdb/pdb_ldap_util.c:313(smbldap_search_domain_info)
>   smbldap_search_domain_info: Adding domain info for *NEWATENA*
> failed with NT_STATUS_UNSUCCESSFUL
> [2023/09/25 13:56:40.683755,  0]
> ../../source3/passdb/pdb_ldap.c:6716(pdb_ldapsam_init_common)
>   pdb_init_ldapsam: WARNING: Could not get domain info, nor add one
> to the domain. We cannot work reliably without it.
> [2023/09/25 13:56:40.683769,  0]
> ../../source3/passdb/pdb_interface.c:182(make_pdb_method_name)
>   pdb backend ldapsam:ldap://127.0.0.1 did not correctly init (error
> was NT_STATUS_CANT_ACCESS_DOMAIN_INFO)
> 
> A piece of the smb.conf file follows:
Please do not post part of a smb.conf , it doesn't really help, it
would be better to post the output of 'testparm -s'
 
> 
>     server max protocol = NT1
>     #
>     preserve case = no
>     time server = yes
>     inherit acls = yes
>     nt acl support = yes
>     netbios name = *newatena*
>     netbios aliases = newatena
>     inherit permissions = yes
>     printing = cups
>     logon script = logon.bat
>     dos charset = iso-8859-1
>     local master = yes
>     workgroup = *FUTURO*
>     os level = 33
> 
> Both newatena and FUTURO are temporary names, since I still have the
> samba 4.4 running.
Samba 4.4 is extremely old
 
> 
> With slapcat we can see this (partial) entry:
> 
> dn: sambaDomainName=*FUTURO*,dc=xxxx,dc=xxx,dc=xx
> sambaDomainName: *FUTURO*
> sambaAlgorithmicRidBase: 1000
> sambaNextUserRid: 1000
> sambaMinPwdLength: 5
> structuralObjectClass: sambaDomain
> 
> My simple question is this: why would samba asks for a domain using
> the *netbios
> name* instead of the *workgroup*?
Because, there are two workgroups on a Samba server, one, the 'local'
one, uses the NetBIOS name and the 'domain' that uses the NetBIOS domain
name.
> 
> If you need more information, please ask.
Yes, why are you trying to keep an old obsolete system working ?
The old 'PDC' type domains rely on SMBv1 and that protocol is very,
very insecure. You would be better off either upgrading your existing
domain to AD, or setting up a new domain, the latter is probably better
because it gets rid of all the really old ways of doing things.

Rowland