Hai, Can you post your smb.conf that helps. But you probly forgot to set: ntlm auth = yes and maybe more, a summup: This is the full list: https://wiki.samba.org/index.php/Samba_Features_added/changed_(by_release) The complete history, have a look at the X.x.0 release notes. https://www.samba.org/samba/history/ For the major differences (new features, etc.) Upgrade samba from a : 4.4.x => 4.5.x ! remove all idmap config lines from your smb.conf of the DC's. ! run: net cache flush ! Restart samba or reboot the DC 4.4.1 => 4.5.0 : smb.conf changes https://www.samba.org/samba/history/samba-4.5.0.html =============== Parameter Name Description Default -------------- ----------- ------- kccsrv:samba_kcc Changed default yes ntlm auth Changed default no only user Removed password hash gpg key ids New shadow:snapprefix New shadow:delimiter New _GMT smb2 leases Changed default yes username Removed 4.4.0 => 4.4.1 !! YOU MUST READ THIS ONE !! ( lots changed here ) https://www.samba.org/samba/history/samba-4.4.1.html smb.conf new settings ---------------- Parameter Name + default setting. ------------- allow dcerpc auth level connect = no client ipc signing = default client ipc max protocol = default client ipc min protocol = default ldap server require strong auth = yes raw NTLMv2 auth = no tls verify peer = as_strict_as_possible tls priority = NORMAL:-VERS-SSL3.0 4.3.0 => 4.4.0 : smb.conf changes https://www.samba.org/samba/history/samba-4.4.0.html smb.conf changes ---------------- Parameter Name Description Default -------------- ----------- ------ aio max threads New 100 ldap page size Changed default 1000 server multi channel support New No interfaces Extended syntax 4.2.0 => 4.3.0 : smb.conf changes https://www.samba.org/samba/history/samba-4.3.0.html smb.conf changes ---------------- Parameter Name Description Default -------------- ----------- ------- logging New (empty) msdfs shuffle referrals New no smbd profiling level New off spotlight New no tls priority New NORMAL:-VERS-SSL3.0 use ntdb Removed change notify Changed to [global] kernel change notify Changed to [global] client max protocol Changed default SMB3_11 server max protocol Changed default SMB3_11 4.1.0 => 4.2.0 : smb.conf changes https://www.samba.org/samba/history/samba-4.2.0.html smb.conf changes ---------------- Parameter Name Description Default -------------- ----------- ------- allow nt4 crypto New no neutralize nt4 emulation New no reject md5 client New no reject md5 servers New no require strong key New yes smb2 max read Changed default 8388608 smb2 max write Changed default 8388608 smb2 max trans Changed default 8388608 winbind expand groups Changed default 0 Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Luis Felipe > Dominguez Vega via samba > Verzonden: woensdag 28 december 2016 13:41 > Aan: samba at lists.samba.org > Onderwerp: [Samba] Error with samba update in debian. > > Hello, I am a network admin and I have Samba 4 (4.5.2+dfsg-2) running into > Debian Testing, before i update to this version my proxy (squid) > authenticate with NTLM with ntlm_auth correctly, same to my FreeRadius > server authenticating with winbind. But now with this update i can get to > work again the autentications, when i request the NT_KEY to ntlm_auth it > not return that key. > > this is the output of ntlm_auth > > root at proxy:~# ntlm_auth --diagnostic --helper-protocol=squid-2.5-ntlmssp > MTZ\luis.dominguez <my_pass> > BH SPNEGO request invalid prefix > > and the output of squid > ERROR: NTLM Authentication validating user. Result: {result=BH, > notes={message: NT_STATUS_UNSUCCESSFUL NT_STATUS_UNSUCCESSFUL; }} > > Requesting the nt key used by freeradius (the nt key is not in the output) > > root at proxy:~# /usr/bin/ntlm_auth --request-nt-key -- > username=luis.dominguez > Password: > NT_STATUS_OK: Success (0x0) > > --------------------------------------- > Al tanto > Ing. Luis Felipe Domínguez Vega > Administrador de la Red de Desoft Matanzas > GNU/Linux Kernel Developer - rtlwifi kernel module > > "No es grande aquel que nunca falla, es grande el que nunca se da por > vencido? " > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On Wed, 28 Dec 2016 13:57:58 +0100 "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:> Hai, > Can you post your smb.conf that helps. > > But you probly forgot to set: > ntlm auth = yes > > and maybe more, a summup: > > This is the full list: > https://wiki.samba.org/index.php/Samba_Features_added/changed_(by_release) > > > The complete history, have a look at the X.x.0 release notes. > https://www.samba.org/samba/history/ > > For the major differences (new features, etc.) > > Upgrade samba from a : 4.4.x => 4.5.x > ! remove all idmap config lines from your smb.conf of the DC's. > ! run: net cache flush > ! Restart samba or reboot the DC >Nearly correct ;-) It should be: If you have 'idmap config' lines in a smb.conf on a DC, remove them. They had absolutely no affect and did nothing before Samba version 4.5.0, from Samba 4.5.0 they lead to errors. Rowland
Luis Felipe Dominguez Vega
2016-Dec-28 13:45 UTC
[Samba] Error with samba update in debian.
I comment the idmap line and "systemctl restart samba-ad-dc" but the squid not authenticate, same error... --------------------------------------- Al tanto Ing. Luis Felipe Domínguez Vega Administrador de la Red de Desoft Matanzas GNU/Linux Kernel Developer - rtlwifi kernel module "No es grande aquel que nunca falla, es grande el que nunca se da por vencido… " ----- Original Message ----- From: "Rowland Penny via samba" <samba at lists.samba.org> To: samba at lists.samba.org Sent: Wednesday, December 28, 2016 8:12:30 AM Subject: Re: [Samba] Error with samba update in debian. On Wed, 28 Dec 2016 13:57:58 +0100 "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:> Hai, > Can you post your smb.conf that helps. > > But you probly forgot to set: > ntlm auth = yes > > and maybe more, a summup: > > This is the full list: > https://wiki.samba.org/index.php/Samba_Features_added/changed_(by_release) > > > The complete history, have a look at the X.x.0 release notes. > https://www.samba.org/samba/history/ > > For the major differences (new features, etc.) > > Upgrade samba from a : 4.4.x => 4.5.x > ! remove all idmap config lines from your smb.conf of the DC's. > ! run: net cache flush > ! Restart samba or reboot the DC >Nearly correct ;-) It should be: If you have 'idmap config' lines in a smb.conf on a DC, remove them. They had absolutely no affect and did nothing before Samba version 4.5.0, from Samba 4.5.0 they lead to errors. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba