Hai,
Can you post your smb.conf that helps.
But you probly forgot to set:
ntlm auth = yes
and maybe more, a summup:
This is the full list:
https://wiki.samba.org/index.php/Samba_Features_added/changed_(by_release)
The complete history, have a look at the X.x.0 release notes.
https://www.samba.org/samba/history/
For the major differences (new features, etc.)
Upgrade samba from a : 4.4.x => 4.5.x
! remove all idmap config lines from your smb.conf of the DC's.
! run: net cache flush
! Restart samba or reboot the DC
4.4.1 => 4.5.0 : smb.conf changes
https://www.samba.org/samba/history/samba-4.5.0.html
=============== Parameter Name Description Default
-------------- ----------- -------
kccsrv:samba_kcc Changed default yes
ntlm auth Changed default no
only user Removed
password hash gpg key ids New
shadow:snapprefix New
shadow:delimiter New _GMT
smb2 leases Changed default yes
username Removed
4.4.0 => 4.4.1 !! YOU MUST READ THIS ONE !! ( lots changed here )
https://www.samba.org/samba/history/samba-4.4.1.html
smb.conf new settings
----------------
Parameter Name + default setting.
-------------
allow dcerpc auth level connect = no
client ipc signing = default
client ipc max protocol = default
client ipc min protocol = default
ldap server require strong auth = yes
raw NTLMv2 auth = no
tls verify peer = as_strict_as_possible
tls priority = NORMAL:-VERS-SSL3.0
4.3.0 => 4.4.0 : smb.conf changes
https://www.samba.org/samba/history/samba-4.4.0.html
smb.conf changes
----------------
Parameter Name Description Default
-------------- ----------- ------
aio max threads New 100
ldap page size Changed default 1000
server multi channel support New No
interfaces Extended syntax
4.2.0 => 4.3.0 : smb.conf changes
https://www.samba.org/samba/history/samba-4.3.0.html
smb.conf changes
----------------
Parameter Name Description Default
-------------- ----------- -------
logging New (empty)
msdfs shuffle referrals New no
smbd profiling level New off
spotlight New no
tls priority New NORMAL:-VERS-SSL3.0
use ntdb Removed
change notify Changed to [global]
kernel change notify Changed to [global]
client max protocol Changed default SMB3_11
server max protocol Changed default SMB3_11
4.1.0 => 4.2.0 : smb.conf changes
https://www.samba.org/samba/history/samba-4.2.0.html
smb.conf changes
----------------
Parameter Name Description Default
-------------- ----------- -------
allow nt4 crypto New no
neutralize nt4 emulation New no
reject md5 client New no
reject md5 servers New no
require strong key New yes
smb2 max read Changed default 8388608
smb2 max write Changed default 8388608
smb2 max trans Changed default 8388608
winbind expand groups Changed default 0
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Luis Felipe
> Dominguez Vega via samba
> Verzonden: woensdag 28 december 2016 13:41
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Error with samba update in debian.
>
> Hello, I am a network admin and I have Samba 4 (4.5.2+dfsg-2) running into
> Debian Testing, before i update to this version my proxy (squid)
> authenticate with NTLM with ntlm_auth correctly, same to my FreeRadius
> server authenticating with winbind. But now with this update i can get to
> work again the autentications, when i request the NT_KEY to ntlm_auth it
> not return that key.
>
> this is the output of ntlm_auth
>
> root at proxy:~# ntlm_auth --diagnostic --helper-protocol=squid-2.5-ntlmssp
> MTZ\luis.dominguez <my_pass>
> BH SPNEGO request invalid prefix
>
> and the output of squid
> ERROR: NTLM Authentication validating user. Result: {result=BH,
> notes={message: NT_STATUS_UNSUCCESSFUL NT_STATUS_UNSUCCESSFUL; }}
>
> Requesting the nt key used by freeradius (the nt key is not in the output)
>
> root at proxy:~# /usr/bin/ntlm_auth --request-nt-key --
> username=luis.dominguez
> Password:
> NT_STATUS_OK: Success (0x0)
>
> ---------------------------------------
> Al tanto
> Ing. Luis Felipe Domínguez Vega
> Administrador de la Red de Desoft Matanzas
> GNU/Linux Kernel Developer - rtlwifi kernel module
>
> "No es grande aquel que nunca falla, es grande el que nunca se da por
> vencido? "
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
On Wed, 28 Dec 2016 13:57:58 +0100 "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:> Hai, > Can you post your smb.conf that helps. > > But you probly forgot to set: > ntlm auth = yes > > and maybe more, a summup: > > This is the full list: > https://wiki.samba.org/index.php/Samba_Features_added/changed_(by_release) > > > The complete history, have a look at the X.x.0 release notes. > https://www.samba.org/samba/history/ > > For the major differences (new features, etc.) > > Upgrade samba from a : 4.4.x => 4.5.x > ! remove all idmap config lines from your smb.conf of the DC's. > ! run: net cache flush > ! Restart samba or reboot the DC >Nearly correct ;-) It should be: If you have 'idmap config' lines in a smb.conf on a DC, remove them. They had absolutely no affect and did nothing before Samba version 4.5.0, from Samba 4.5.0 they lead to errors. Rowland
Luis Felipe Dominguez Vega
2016-Dec-28 13:45 UTC
[Samba] Error with samba update in debian.
I comment the idmap line and "systemctl restart samba-ad-dc" but the squid not authenticate, same error... --------------------------------------- Al tanto Ing. Luis Felipe Domínguez Vega Administrador de la Red de Desoft Matanzas GNU/Linux Kernel Developer - rtlwifi kernel module "No es grande aquel que nunca falla, es grande el que nunca se da por vencido… " ----- Original Message ----- From: "Rowland Penny via samba" <samba at lists.samba.org> To: samba at lists.samba.org Sent: Wednesday, December 28, 2016 8:12:30 AM Subject: Re: [Samba] Error with samba update in debian. On Wed, 28 Dec 2016 13:57:58 +0100 "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:> Hai, > Can you post your smb.conf that helps. > > But you probly forgot to set: > ntlm auth = yes > > and maybe more, a summup: > > This is the full list: > https://wiki.samba.org/index.php/Samba_Features_added/changed_(by_release) > > > The complete history, have a look at the X.x.0 release notes. > https://www.samba.org/samba/history/ > > For the major differences (new features, etc.) > > Upgrade samba from a : 4.4.x => 4.5.x > ! remove all idmap config lines from your smb.conf of the DC's. > ! run: net cache flush > ! Restart samba or reboot the DC >Nearly correct ;-) It should be: If you have 'idmap config' lines in a smb.conf on a DC, remove them. They had absolutely no affect and did nothing before Samba version 4.5.0, from Samba 4.5.0 they lead to errors. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba