Rommel Rodriguez Toirac
2020-Jun-03 14:08 UTC
[Samba] Some clients cannot change their passwords when they expire.
Hello to all; I use CentOS Linux release 7.8.2003. I have installed samba4 Version 4.11.4 When compiling samba4 I used the following: ./configure --enable-fhs --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-debug --enable-selftest -j2 -p --cross-answers --cross-execute --enable-cups --disable-iprint --with-acl-support --with-profiling-data --with-systemd I use samba on three servers, on one as Active Directory and Domain Controller, on the other two servers as Domain Servers mainly to share directories and files or saves. The operating systems used as clients in our network range mainly from Windows XP to Windows 10. With Windows XP operating systems is happening that when it comes time for a user to change their password, they cannot do it, because the system tells them that they cannot find the domain or it is not available. So I have to change it directly on the samba4 server and that's when they can start their sessions. This situation is happening to me only with PCs with Windows XP operating systems. What could be happening? This is my samba configuration on AD DC server: # Global parameters [global] workgroup = ATGTM00 realm = GTM.ONAT.GOB.CU netbios name = GTMAD server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate idmap_ldb:use rfc2307 = yes time server = yes eventlog list = Application System Security SyslogLinux log file = /var/log/samba/%m.log log level = 3 max log size = 5000 tls enabled = yes tls keyfile = /var/lib/samba/private/tls/gtmad.gtm.onat.gob.cu.key tls certfile = /var/lib/samba/private/tls/gtmad.gtm.onat.gob.cu.cert tls cafile = /var/lib/samba/private/tls/cacert.pem ldap server require strong auth = allow_sasl_over_tls [netlogon] path = /var/lib/samba/sysvol/gtm.onat.gob.cu/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No On the other hand,, I would have a problem updating from version 4.11.4 to version 4.12.3 with this configuration? Thanks in advance. -- Rommel Rodriguez Toirac rommelrt at nauta.cu
Rowland penny
2020-Jun-03 14:28 UTC
[Samba] Some clients cannot change their passwords when they expire.
On 03/06/2020 15:08, Rommel Rodriguez Toirac via samba wrote:> The operating systems used as clients in our network range mainly from Windows XP to Windows 10. > > With Windows XP operating systems is happening that when it comes time for a user to change their password, they cannot do it, because the system tells them that they cannot find the domain or it is not available. So I have to change it directly on the samba4 server and that's when they can start their sessions. This situation is happening to me only with PCs with Windows XP operating systems. > > What could be happening?You now also have (as the default) in smb.conf: client min protocol = SMB2_02 server min protocol = SMB2_02 This means NTLMv1 is turned off and XP uses this by default, so you have a few options, change the Samba defaults (not recommended), make your XP machines use NTLMv2 or better still, stop using XP as it is six years since it went EOL. Rowland
Rommel Rodriguez Toirac
2020-Jun-03 15:42 UTC
[Samba] Some clients cannot change their passwords when they expire.
El 3 de junio de 2020 10:28:19 GMT-04:00, Rowland penny via samba <samba at lists.samba.org> escribi?:>On 03/06/2020 15:08, Rommel Rodriguez Toirac via samba wrote: >> The operating systems used as clients in our network range mainly >from Windows XP to Windows 10. >> >> With Windows XP operating systems is happening that when it comes >time for a user to change their password, they cannot do it, because >the system tells them that they cannot find the domain or it is not >available. So I have to change it directly on the samba4 server and >that's when they can start their sessions. This situation is happening >to me only with PCs with Windows XP operating systems. >> >> What could be happening? > >You now also have (as the default) in smb.conf: > >client min protocol = SMB2_02 >server min protocol = SMB2_02 > >This means NTLMv1 is turned off and XP uses this by default, so you >have >a few options, change the Samba defaults (not recommended), make your >XP >machines use NTLMv2 or better still, stop using XP as it is six years >since it went EOL. > >Rowland > > > > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/sambaGrateful for answer me; How can I configure XP to use NTMLv2? Any special suggestion for this? I still have workstations that are old enough no to support even Windows 7 About upgrading from version 4.11.4 to version 4.12.3, will I have problems with that smb.conf and with the ./configure used? Will Windows XP be a problem even when I switch to NTMLv2? -- Rommel Rodriguez Toirac rommelrt at nauta.cu