Jiří Černý
2020-Nov-19 15:02 UTC
[Samba] winbind use default domain = yes doesn't work on Samba 4.13?
Hello everybody. I just upgraded our Fedora fileserver to version 30, which has Samba 4.13.2. Now, I can see this errors in log: check_ntlm_password: Authentication for user [dmu60evo] -> [dmu60evo] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1 Auth: [SMB2,(null)] user []\[dmu60evo] at [?t, 19 lis 2020 15:50:26.373477 CET] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [] remote host [ipv4:192.168.18.34:37038] mapped to []\[dmu60evo]. local host [ipv4:192.168.1.3:445] {"timestamp": "2020-11-19T15:50:26.373527+0100", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 2}, "eventId": 4625, "logonId": "0", "logonType": 3, "status": "NT_STATUS_NO_SUCH_USER", "localAddress": "ipv4:192.168.1.3:445", "remoteAddress": "ipv4:192.168.18.34:37038", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "", "clientAccount": "dmu60evo", "workstation": "", "becameAccount": null, "becameDomain": null, "becameSid": null, "mappedAccount": "dmu60evo", "mappedDomain": "", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv2", "duration": 1836}} So, we have user dmu60evo in our domain, but on client machine, we are not able to use username in format DOMAIN\dmu60evo. So we have to use winbind use default domain = yes. Is this normal? Some new setting has to be done? Or it's just bug in Fedora package? Thanks for answers. Jiri
Rowland penny
2020-Nov-19 15:26 UTC
[Samba] winbind use default domain = yes doesn't work on Samba 4.13?
On 19/11/2020 15:02, Ji?? ?ern? via samba wrote:> Hello everybody. > > I just upgraded our Fedora fileserver to version 30, which has Samba > 4.13.2. > > So, we have user dmu60evo in our domain, but on client machine, we are > not able to use username in format DOMAIN\dmu60evo. So we have to use > winbind use default domain = yes.Please post your smb.conf Rowland
Jiří Černý
2020-Nov-20 13:45 UTC
[Samba] winbind use default domain = yes doesn't work on Samba 4.13?
Yes. In the first name, I wrote DOMAIN, but our real workgroup is SVMETAL, as you cas see in smb.conf. [global] netbios name = fs0001 workgroup = SVMETAL security = ADS realm = SAMDOM.SVMETAL.CZ dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab acl allow execute always = True idmap config *:backend = tdb idmap config *:range = 70001-99999 idmap config SVMETAL:backend = ad idmap config SVMETAL:schema_mode = rfc2307 idmap config SVMETAL:range = 500-40000 #for legacy reasons idmap config SVMETAL:unix_nss_info = yes idmap config SVMETAL:unix_primary_group = yes winbind nss info = rfc2307 winbind use default domain = yes winbind refresh tickets = Yes log level = 2 max log size = 1024000 map to guest = bad user load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes #Enable SMB1 ntlm auth = yes server min protocol = LANMAN1 allow insecure wide links = yes map acl inherit = Yes store dos attributes = Yes vfs objects = full_audit acl_xattr btrfs vfs_full_audit:prefix = %U|%I|%M|%S full_audit:success = unlink rmdir pwrite full_audit:failure = none full_audit:facility = local5 full_audit:priority = NOTICE #BTRFS log errors workaround get quota command = /etc/samba/samba-btrfs-quota.sh #Shares [Company] path = /home/samba/fs0001/Company read only = no follow symlinks = yes wide links = yes vfs objects = full_audit acl_xattr recycle btrfs recycle:repository = .recycle/%U recycle:touch = Yes recycle:keeptree = Yes recycle:versions = Yes recycle:directory_mode = 0777 recycle:subdir_mode = 0700 recycle:noversions *.tmp,*.temp,*.o,*.obj,*.TMP,*.TEMP,*.db,.~lock*,$*,~$* recycle:exclude *.tmp,*.temp,*.o,*.obj,*.TMP,*.TEMP,*.db,.~lock*,$*,~$* recycle:excludedir = /recycle,/tmp,/temp,/TMP,/TEMP Thanks Jiri>>> Rowland penny <rpenny at samba.org> 19.11.2020 16:26 >>>On 19/11/2020 15:02, Ji?? ?ern? via samba wrote:> Hello everybody. > > I just upgraded our Fedora fileserver to version 30, which has Samba > 4.13.2. > > So, we have user dmu60evo in our domain, but on client machine, weare> not able to use username in format DOMAIN\dmu60evo. So we have touse> winbind use default domain = yes.Please post your smb.conf Rowland
Seemingly Similar Threads
- winbind use default domain = yes doesn't work on Samba 4.13?
- Upgrade to Samba 4.12 question
- Samba 4.8.4 + BIND 9.9.4 - possibility of nonsecure DNS updates
- BUILTIN\Administrators - failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
- Samba 4.8.4 + BIND 9.9.4 - possibility of nonsecure DNS updates