Alberto José García Fumero
2019-Jul-12 20:29 UTC
[Samba] Problem after upgrading to Debian 10
El vie, 12-07-2019 a las 21:05 +0100, Rowland penny via samba escribi?:> On 12/07/2019 20:23, Alberto Jos? Garc?a Fumero via samba wrote: > > Excuse me if I bother you, but I badly need help. > > > > Let me describe the situation. In my network there is a group of > > Windows boxes in a Windows domain (THE_DOMAIN), > What is the Windows DC ? > > three computers with > > Debian 9.x not linked to the domain (in a workgroup named > > TECHNOLOGY, > > and the parameter security=user) one of which I use, and other > > three > > computers with Debian 7.x in another workgroup (and security=share, > > so > > no problem accessing these). > You will have a problem when you upgrade the EOL Debian Wheezy, > 'security = share' no longer exists. > > When using Debian 9.x I was able to access (by way of Nautilus) the > > shared resources in all boxes in the domain THE_DOMAIN identifying > > me > > as the user administrator of the Samba 4 domain in the dialog > > window. > > After upgrading to Debian 10, this is no longer possible. > > > > What I am doing wrong? Is it necessary to join the domain, after > > this > > upgrade? > This is probably down to the value for 'ntlm auth' being changed > from > 'yes' to 'ntlmv2-only' at 4.7.0 > > Rowland > >The domain controller is a Samba 4. So what could I do? Is it possible to modify that parameter? -- M.Sc. Alberto Garc?a Fumero Usuario Linux 97 138, registrado 10/12/1998 http://interese.cubava.cu No son las horas que pones en tu trabajo lo que cuenta, sino el trabajo que pones en esas horas.
On 12/07/2019 21:29, Alberto Jos? Garc?a Fumero wrote:> El vie, 12-07-2019 a las 21:05 +0100, Rowland penny via samba escribi?: >> On 12/07/2019 20:23, Alberto Jos? Garc?a Fumero via samba wrote: >>> Excuse me if I bother you, but I badly need help. >>> >>> Let me describe the situation. In my network there is a group of >>> Windows boxes in a Windows domain (THE_DOMAIN), >> What is the Windows DC ? >>> three computers with >>> Debian 9.x not linked to the domain (in a workgroup named >>> TECHNOLOGY, >>> and the parameter security=user) one of which I use, and other >>> three >>> computers with Debian 7.x in another workgroup (and security=share, >>> so >>> no problem accessing these). >> You will have a problem when you upgrade the EOL Debian Wheezy, >> 'security = share' no longer exists. >>> When using Debian 9.x I was able to access (by way of Nautilus) the >>> shared resources in all boxes in the domain THE_DOMAIN identifying >>> me >>> as the user administrator of the Samba 4 domain in the dialog >>> window. >>> After upgrading to Debian 10, this is no longer possible. >>> >>> What I am doing wrong? Is it necessary to join the domain, after >>> this >>> upgrade? >> This is probably down to the value for 'ntlm auth' being changed >> from >> 'yes' to 'ntlmv2-only' at 4.7.0 >> >> Rowland >> >> > The domain controller is a Samba 4. > > So what could I do? Is it possible to modify that parameter?What version of Samba is running on the DC ? What is the OS the DC is running on ? How is Samba running on the DC, as an NT4-style PDC or an AD DC ? Rowland
On 12/07/2019 22:01, Rowland penny via samba wrote:> On 12/07/2019 21:29, Alberto Jos? Garc?a Fumero wrote: >> El vie, 12-07-2019 a las 21:05 +0100, Rowland penny via samba escribi?: >>> On 12/07/2019 20:23, Alberto Jos? Garc?a Fumero via samba wrote: >>>> Excuse me if I bother you, but I badly need help. >>>> >>>> Let me describe the situation. In my network there is a group of >>>> Windows boxes in a Windows domain (THE_DOMAIN), >>> What is the Windows DC ? >>>> ?? three computers with >>>> Debian 9.x not linked to the domain (in a workgroup named >>>> TECHNOLOGY, >>>> and the parameter security=user) one of which I use, and other >>>> three >>>> computers with Debian 7.x in another workgroup (and security=share, >>>> so >>>> no problem accessing these). >>> You will have a problem when you upgrade the EOL Debian Wheezy, >>> 'security = share' no longer exists. >>>> When using Debian 9.x I was able to access (by way of Nautilus) the >>>> shared resources in all boxes in the domain THE_DOMAIN identifying >>>> me >>>> as the user administrator of the Samba 4 domain in the dialog >>>> window. >>>> After upgrading to Debian 10, this is no longer possible. >>>> >>>> What I am doing wrong? Is it necessary to join the domain, after >>>> this >>>> upgrade? >>> This is probably down to the value for 'ntlm auth' being changed >>> from >>> 'yes' to 'ntlmv2-only' at 4.7.0 >>> >>> Rowland >>> >>> >> The domain controller is a Samba 4. >> >> So what could I do? Is it possible to modify that parameter? > > What version of Samba is running on the DC ? > > What is the OS the DC is running on ? > > How is Samba running on the DC, as an NT4-style PDC or an AD DC ? > > Rowland > > >Whilst waiting for my questions to be answered, I took another look at the smb.conf. After removing all the default lines, it becomes this: [global] ??? workgroup = TECHNOLOGY ??? server string = Desarrollo ??? security = user ??? hosts allow = 192.168.0. 127. ??? cups options = raw ??? username map = /etc/samba/smbusers ??? log file = /var/log/samba/%m.log ??? max log size = 50 ??? local master = no [homes] ??? comment = Home Directories ??? browseable = no ??? read only = no [printers] ??? comment = All Printers ??? path = /usr/spool/samba ??? guest ok = yes ??? printable = yes [compartido] ??? comment = Lo que comparte Desarrollo ??? path = /Compartido ??? guest ok = yes I have to ask, did this ever work ? You have 'guest ok = yes' set in two of the shares, but the default for 'map to guest' is 'never', so you cannot have guest access, for this you need 'map to guest = bad user' set in [global]. Not that this really matters because you do not have 'unix passwd sync = yes' set in [global]. This means that nobody can connect to any of your shares. With a properly set up Samba standalone server on Devuan Ascii (aka Debian Stretch without systemd), I can connect to shares on a Domain computer as a Domain user. I can also connect to a Domain share as a guest user. Rowland