samba - Mar 2022 - authentication issue moving from Samba 4.11.x to 4.13.14

I have several Solaris 11.4 servers in an AD domain.??? File sharing is 
provide to Windows clients via Samba, and to Linux clients via nfs. ? ?? 
We also support some git repos over ssh.


To ensure user ID mapping consistency between all services and servers,? 
I was configuring? systems as followed:

        In smb.conf

         ??? ??? ??? winbind use default domain = no

        In /etc/nsswitch.conf

         ?? ??? ? ?? passwd: files ldap winbind
         ??? ??? ??? group:? files ldap? winbind


Unfortunately a Solaris update created a conflict between ldap caching 
and winbind , so I changed the configuration as follows


        In smb.conf

         ??? ??? ??? winbind use default domain = yes

        In /etc/nsswitch.conf

         ?? ??? ? ?? passwd: files ldap
         ??? ??? ??? group:? files ldap


This works fine with Samba? 4.11.x.


As part of a recent OS patching, Samba was upgrade to 4.13.14. I am 
unable to connect to shares from Windows.? I get a pop-up asking for 
user name and password, but I can not authenticate. The logs show


 ??? ??? ??? ??? ??? [2022/03/20 11:18:05.707722,? 3] 
../../source3/auth/auth_util.c:1901(check_account)
 ? ??? ??? ??? ??? ??? Failed to find authenticated user MYDOMAIN\myname 
via getpwnam(), denying access.
 ??? ??? ??? ??? ??? [2022/03/20 11:18:05.707800,? 3] 
../../source3/smbd/smb2_server.c:3861(smbd_smb2_request_error_ex)
 ?? ???? ??? ??? ??? ? smbd_smb2_request_error_ex: 
smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] || at 
../../source3/smbd/smb2_sesssetup.c:146
 ??? ??? ??? ??? ??? [2022/03/20 11:18:05.729871,? 3] 
../../source3/smbd/server_exit.c:220(exit_server_common)
 ? ??? ??? ??? ??? ??? Server exit (NT_STATUS_CONNECTION_RESET)


Since my uidNumber is < 1000, I updated smb.conf as follows (but it 
doesn't help.)

 ??? ??? ??? ??? ??? ??? min domain uid = 100


I was update to temporarily workaround the problem by update 
/etc/nsswitch.conf as follows


 ?? ??? ? ?? passwd: files ldap winbind
 ??? ??? ??? group:? files ldap



Appreciate any advice.


Thanks

On Mon, 2022-03-21 at 11:04 -0400, Gaiseric Vandal via samba
wrote:
> I have several Solaris 11.4 servers in an AD domain.    File sharing
> is 
> provide to Windows clients via Samba, and to Linux clients via nfs.  
>    
> We also support some git repos over ssh.
Please post the entire 'global' portion of your smb.conf, also, do you
use the 'ldap' for anything else ?

Rowland

Am 2022-03-21 um 16:04 schrieb Gaiseric Vandal via
samba:
> I have several Solaris 11.4 servers in an AD domain.??? File sharing is 
> provide to Windows clients via Samba, and to Linux clients via nfs. We 
> also support some git repos over ssh.
> 
> 
> To ensure user ID mapping consistency between all services and servers, 
> I was configuring? systems as followed:
> 
>  ?????? In smb.conf
> 
>  ??????? ??? ??? ??? winbind use default domain = no
> 
>  ?????? In /etc/nsswitch.conf
> 
>  ??????? ?? ??? ? ?? passwd: files ldap winbind
>  ??????? ??? ??? ??? group:? files ldap? winbind
> 
> 
> Unfortunately a Solaris update created a conflict between ldap caching 
> and winbind , so I changed the configuration as follows
> 
> 
>  ?????? In smb.conf
> 
>  ??????? ??? ??? ??? winbind use default domain = yes
> 
>  ?????? In /etc/nsswitch.conf
> 
>  ??????? ?? ??? ? ?? passwd: files ldap
>  ??????? ??? ??? ??? group:? files ldap
> 
> 
> This works fine with Samba? 4.11.x.
> 
> 
> As part of a recent OS patching, Samba was upgrade to 4.13.14. I am 
> unable to connect to shares from Windows.? I get a pop-up asking for 
> user name and password, but I can not authenticate. The logs show
Hello Gaiseric,

you could try to update to the latest SRU44 from Oracle which has 
samba-4.13.17, this solved similar problems for me.

Franz