James Atwell
2020-May-15 18:52 UTC
[Samba] Upgrade from 4.11.6 to 4.12.2 created authentication issues
Hello, ??????? I upgraded two DC's to 4.12.2 from 4.11.6 before I noticed authentication issues with a couple Netgear ReadyNAS we have. For reference I have a total of 6 DC's with 4 running 4.11.6 and two now running 4.12.2.? I ran the usual ./configure,make,make install from tar without issues. However running samba-tool drs showrepl I noticed a couple errors.? Looking through the list I found someone else with the same initial problems.? See thread here https://lists.samba.org/archive/samba/2020-April/229230.html From this thread I did what was suggested by Alex and that resolved those initial errors.? This brings me back to the Netgear file servers. I am no longer able to authenticate the ReadyNAS with my domain.? I receive a join error within the Netgear dashboard with no additional info. No error code, nothing. I turned up the logging on the Samba server I pointed the ReadyNAS at and could see the log for the administrator user I'm using to try and join and authenticate. Samba shows a successful authentication but then it appears to end there.? Additional details below about my setup. OS Ubuntu 16.04.6 smb.conf # Global parameters [global] ??????? workgroup = SAMBA ??????? realm = SAMBA.LOCAL? (I know about the local usage) ??????? netbios name = PFDC1 ??????? server role = active directory domain controller ??????? dns forwarder = 75.75.75.75 208.67.222.222 ??????? idmap_ldb:use rfc2307 = Yes ??????? log file = /usr/local/samba/var/log.samba ??????? log level = 2 auth_audit:3 auth_json_audit:3 ??????? debug timestamp = Yes ??????? debug uid = Yes ??????? debug pid = Yes ??????? load printers = No ??????? printcap name = /dev/null ??????? disable spoolss = Yes ??????? ldap server require strong auth = no I tried pointing the ReadyNAS to the other DC's that have yet to be upgraded but that doesn't resolve the issue. Still can't authenticate.? I should point out one of the DC's I upgraded from 4.11.6 to 4.12.2 holds all the FSMO roles. Thanks for any suggestions. -James
Rowland penny
2020-May-16 09:00 UTC
[Samba] Upgrade from 4.11.6 to 4.12.2 created authentication issues
On 15/05/2020 19:52, James Atwell via samba wrote:> Hello, > > ??????? I upgraded two DC's to 4.12.2 from 4.11.6 before I noticed > authentication issues with a couple Netgear ReadyNAS we have. For > reference I have a total of 6 DC's with 4 running 4.11.6 and two now > running 4.12.2.? I ran the usual ./configure,make,make install from > tar without issues. However running samba-tool drs showrepl I noticed > a couple errors.? Looking through the list I found someone else with > the same initial problems.? See thread here > https://lists.samba.org/archive/samba/2020-April/229230.html From this > thread I did what was suggested by Alex and that resolved those > initial errors.? This brings me back to the Netgear file servers. I am > no longer able to authenticate the ReadyNAS with my domain.? I receive > a join error within the Netgear dashboard with no additional info. No > error code, nothing. I turned up the logging on the Samba server I > pointed the ReadyNAS at and could see the log for the administrator > user I'm using to try and join and authenticate. Samba shows a > successful authentication but then it appears to end there.? > Additional details below about my setup.You need to see the logs for the readynas to try and find out what is going on. This is what I would do: Seize the FSMO roles to one of the 4.11.6 DC's Demote the two 4.12.2 DC's Remove everything in /usr/local/samba Test if your readynas now connects to the domain again, try a re-join if not If you have connection, then good, if not, you need to find out why not and this will require seeing the readynas logs, you may have to ask netgear about that. Once you have connection from the readynas, run 'make install' again (No, you shouldn't have to totally build Samba again) Once Samba is installed again, try joining as a DC, hopefully it should now work. The only major change between 4.11.x and 4.12.x is that you now need Python 3.5, perhaps you do not have this ? Rowland
James Atwell
2020-May-16 13:40 UTC
[Samba] Upgrade from 4.11.6 to 4.12.2 created authentication issues
On 5/16/2020 5:00 AM, Rowland penny via samba wrote:> On 15/05/2020 19:52, James Atwell via samba wrote: >> Hello, >> >> ??????? I upgraded two DC's to 4.12.2 from 4.11.6 before I noticed >> authentication issues with a couple Netgear ReadyNAS we have. For >> reference I have a total of 6 DC's with 4 running 4.11.6 and two now >> running 4.12.2.? I ran the usual ./configure,make,make install from >> tar without issues. However running samba-tool drs showrepl I noticed >> a couple errors. Looking through the list I found someone else with >> the same initial problems.? See thread here >> https://lists.samba.org/archive/samba/2020-April/229230.html From >> this thread I did what was suggested by Alex and that resolved those >> initial errors.? This brings me back to the Netgear file servers. I >> am no longer able to authenticate the ReadyNAS with my domain.? I >> receive a join error within the Netgear dashboard with no additional >> info. No error code, nothing. I turned up the logging on the Samba >> server I pointed the ReadyNAS at and could see the log for the >> administrator user I'm using to try and join and authenticate. Samba >> shows a successful authentication but then it appears to end there. >> Additional details below about my setup. > > You need to see the logs for the readynas to try and find out what is > going on. > > This is what I would do: > > Seize the FSMO roles to one of the 4.11.6 DC's > > Demote the two 4.12.2 DC's > > Remove everything in /usr/local/samba > > Test if your readynas now connects to the domain again, try a re-join > if not > > If you have connection, then good, if not, you need to find out why > not and this will require seeing the readynas logs, you may have to > ask netgear about that. > > Once you have connection from the readynas, run 'make install' again > (No, you shouldn't have to totally build Samba again) > > Once Samba is installed again, try joining as a DC, hopefully it > should now work. > > The only major change between 4.11.x and 4.12.x is that you now need > Python 3.5, perhaps you do not have this ? > > Rowland > > >Thanks for the input. Before I do I want to add additional troubleshooting details.? Replication works among all DC's with no obvious samba errors or windows authentication errors.? I unjoined a Windows 10 machine and rejoined to the domain without issue. Everything else is working as it should (i.e, user creation, dns admin, gpo's).? The one other thing I did do different this time and I should have noted previously was use the Verified Package Dependencies from the Wiki to ensure I wasn't missing any. Other than that the build was the same. I haven't had to do a seize in a long time of the FSMO roles. If the DC's I upgraded appear to be working should I just transfer or seize? Thanks. -James
Possibly Parallel Threads
- Upgrade from 4.11.6 to 4.12.2 created authentication issues
- Upgrade from 4.11.6 to 4.12.2 created authentication issues
- Upgrade from 4.11.6 to 4.12.2 created authentication issues
- Upgrade from 4.11.6 to 4.12.2 created authentication issues
- Upgrade from 4.11.6 to 4.12.2 created authentication issues