Hi guys,
It appears that Samba 4.8 breaks the Windows' ability to log in without
specifying a matching domain name.
Since the upgrade, logging in with just the username or .\username has
become impossible, and only SAMBAHOSTNAME\username still works.
I'm running an Apple OpenDirectory + nslcd setup. The username (e_user)
still resolves properly via NSS.
Is there anything I could have missed when upgrading?
Auth attempt log:
check_ntlm_password: Checking password for unmapped user
[WIN-9F1GSF1XXXX]\[e_user]@[WIN-9F1GSF1XXXX] with the new password interface
check_ntlm_password: mapped user is:
[WIN-9F1GSF1XXXX]\[e_user]@[WIN-9F1GSF1XXXX]
Check auth for: [e_user]
auth_check_ntlm_password: anonymous had nothing to say
Check auth for: [e_user]
is_myname("WIN-9F1GSF1XXXX") returns 0
check_samstrict_security: WIN-9F1GSF1XXXX is not one of my local names or
domain name (DC)
auth_check_ntlm_password: sam had nothing to say
Globals:
disable netbios = Yes
dns proxy = No
domain logons = Yes
ldap admin dn = uid=diradmin,cn=users,dc=directory,dc=xxx,dc=com
ldap ssl = no
ldap suffix = dc=directory,dc=xxx,dc=com
map to guest = Bad User
ntlm auth = ntlmv1-permitted
nt pipe support = No
passdb backend = ldapsam:ldap://directory.xxx.com
security = USER
server min protocol = NT1
server string = XXX SMB
workgroup = XXX
idmap config * : backend = tdb
map archive = No
map readonly = no
nt acl support = No
Cheers,
Eugene
On Mon, 11 Mar 2019 11:49:10 +0100 Eugene Pankov via samba <samba at lists.samba.org> wrote:> Hi guys, > > It appears that Samba 4.8 breaks the Windows' ability to log in > without specifying a matching domain name.Hmm, I thought this was actually fixed in 4.8.0, see this bug report: https://bugzilla.samba.org/show_bug.cgi?id=13206 Rowland
I've gone through the changelog, but I think that specific fix might be unrelated, as there's actually a "domain" part being passed by the client (the client's hostname). I tried upgrading to the latest 4.9 as well, and it's still broken. My gut feeling is that it's specific to ldapsam, as similar environments with local users only work as expected. On Mon, Mar 11, 2019 at 12:57 PM Rowland Penny via samba < samba at lists.samba.org> wrote:> On Mon, 11 Mar 2019 11:49:10 +0100 > Eugene Pankov via samba <samba at lists.samba.org> wrote: > > > Hi guys, > > > > It appears that Samba 4.8 breaks the Windows' ability to log in > > without specifying a matching domain name. > > Hmm, I thought this was actually fixed in 4.8.0, see this bug report: > > https://bugzilla.samba.org/show_bug.cgi?id=13206 > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Apparently Analagous Threads
- No write access on new shares until smbd is restarted
- [EXTERNAL] Re: Unable to authenticate to share using UPN
- No write access on new shares until smbd is restarted
- [LLVMdev] DW_TAG_base_type missing DW_AT_name for subrange types
- [LLVMdev] DW_TAG_base_type missing DW_AT_name for subrange types