Hi , I have just upgraded samba from 4.5.10 to 4.7.3 and my NTLM auth is completely broken on starting winbind its complaining about Unknown parameter encountered: "winbindd privileged socket directory" Ignoring unknown parameter "winbindd privileged socket directory" In our case it needs to be specified on startup via smb.conf and not at compile time. This was working fine all this while and there is no mention of these being deprecated in 4.7. Can someone comment. Many Thanks Arnab
On Wed, 22 Nov 2017 18:01:52 +0000 Arnab Roy via samba <samba at lists.samba.org> wrote:> Hi , > > I have just upgraded samba from 4.5.10 to 4.7.3 and my NTLM auth is > completely broken > on starting winbind its complaining about > > Unknown parameter encountered: "winbindd privileged socket directory" > Ignoring unknown parameter "winbindd privileged socket directory" > > In our case it needs to be specified on startup via smb.conf and not > at compile time.The parameter was removed because the code that it was used with was removed several versions ago.> > This was working fine all this while and there is no mention of these > being deprecated in 4.7.It might have seemed to have worked, but it really didn't do anything ;-) Rowland
On Wed, 2017-11-22 at 18:01 +0000, Arnab Roy via samba wrote:> Hi , > > I have just upgraded samba from 4.5.10 to 4.7.3 and my NTLM auth is > completely broken > on starting winbind its complaining about > > Unknown parameter encountered: "winbindd privileged socket directory" > Ignoring unknown parameter "winbindd privileged socket directory" > > In our case it needs to be specified on startup via smb.conf and not at > compile time. > > This was working fine all this while and there is no mention of these being > deprecated in 4.7.This is the commit and rationale: commit bd8d9559bf8e6cdbf080902bc2460dbc12848054 Author: Andrew Bartlett <abartlet at samba.org> Date: Tue Jan 3 20:46:59 2017 +1300 param: Remove winbindd privileged socket directory option This option is unused and has not been used since before Samba 4.3 when the source4/ winbindd code went away. The associated dynconfig parameters used for the default are also removed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10066 Signed-off-by: Andrew Bartlett <abartlet at samba.org> Reviewed-by: Ralph Boehme <slow at samba.org>> Can someone comment.I hope this helps, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Hi Rowland/Andrew, Apologies I think I overlooked something here, its just previously winbindd wasn't complaining and now it is, on closer look it looks like winbindd socket directory is still valid phew!! please dont take this away or I will be dead in the water :( after a little careful attention I was missing ntlm auth = mschapv2-and-ntlmv2-only which is why I was upgrading samba in the first place to get rid of NTLMv1. Thanks again for your help and apologies once again. Many Thanks Arnab On Wed, Nov 22, 2017 at 7:03 PM, Arnab Roy <arniekol at gmail.com> wrote:> Hi Rowland, > > I will not argue with you but in our case 4.5.x worked with those > parameters as we have multiple winbind instances and the pipe was used by a > customised ntlm_auth. Looks like we will be stuck on 4.5 for the > foreseeable future. > > Many Thanks > Arnab > > > On 22 Nov 2017 6:34 pm, "Rowland Penny" <rpenny at samba.org> wrote: > > On Wed, 22 Nov 2017 18:01:52 +0000 > Arnab Roy via samba <samba at lists.samba.org> wrote: > > > Hi , > > > > I have just upgraded samba from 4.5.10 to 4.7.3 and my NTLM auth is > > completely broken > > on starting winbind its complaining about > > > > Unknown parameter encountered: "winbindd privileged socket directory" > > Ignoring unknown parameter "winbindd privileged socket directory" > > > > In our case it needs to be specified on startup via smb.conf and not > > at compile time. > > The parameter was removed because the code that it was used with was > removed several versions ago. > > > > > This was working fine all this while and there is no mention of these > > being deprecated in 4.7. > > It might have seemed to have worked, but it really didn't do > anything ;-) > > Rowland > > >