Hello I have an older Debian 11 with Samba 4.13 as domain member serving som industrial systems with files. Today I decided to upgrade both Debian (to 12) and Samba (to 4.17 and then 4.20). The upgrade using the backport repo worked after some extra steps. Som dependencies had to be installed separately (winbind and samba-common-bin) before the main samba package was installed. So far so good. The services started up correctly after a reboot. When I tested the first client, I was unable to connect to any of the shares on the server. The error message on the client side was Access Denied and in the server's client machine and winbind logs I found repeated "Failed to find a local account DOMAIN\username. The domain was of course correct as was the username, same as before the upgrade process. The server is a virtual machine so I made a copy of the Deb 12/Samba 4.20 and restored the saved VM files. After a restart of Deb 11/Samba 4.13, the clients was able to connect to the shares again. I did not change anything in the smb.conf file, so this may or may not be the reason for the failure. Here is my samba config (masked domain) [global] security = ADS workgroup = HPXX realm = HO-PLAT.SE server role = member server log file = /var/log/samba/%m.log log level = 2 winbind:5 bind interfaces only = yes interfaces = lo enp1s0 # Needed due to the ancient industrial system with Linux/Samba 3.x client min protocol = NT1 server min protocol = NT1 winbind use default domain = yes winbind enum users = yes winbind enum groups = yes username map = /etc/samba/user.map min domain uid = 0 winbind refresh tickets = Yes dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab vfs objects = acl_xattr map acl inherit = yes acl_xattr:ignore system acls = yes idmap config * : backend = tdb idmap config * : range = 3000-7999 idmap config HPXX: backend = rid idmap config HPXX : range = 10000-999999 [bock] path = /data/BOCK2 read only = no hide unreadable = yes [laser] path = /data/LASER read only = no hide unreadable = yes
What?s the content of krb conf file and resolv.conf? Your smb.conf file looks good and tidy to me. On 6 Aug 2024 at 20:42 +0200, Anders ?stling via samba <samba at lists.samba.org>, wrote:> Hello > I have an older Debian 11 with Samba 4.13 as domain member serving som > industrial systems with files. > Today I decided to upgrade both Debian (to 12) and Samba (to 4.17 and > then 4.20). The upgrade using the backport repo worked after some > extra steps. Som dependencies had to be installed separately (winbind > and samba-common-bin) before the main samba package was installed. So > far so good. The services started up correctly after a reboot. > > When I tested the first client, I was unable to connect to any of the > shares on the server. The error message on the client side was Access > Denied and in the server's client machine and winbind logs I found > repeated "Failed to find a local account DOMAIN\username. The domain > was of course correct as was the username, same as before the upgrade > process. > > The server is a virtual machine so I made a copy of the Deb 12/Samba > 4.20 and restored the saved VM files. After a restart of Deb 11/Samba > 4.13, the clients was able to connect to the shares again. I did not > change anything in the smb.conf file, so this may or may not be the > reason for the failure. > > Here is my samba config (masked domain) > > [global] > security = ADS > workgroup = HPXX > realm = HO-PLAT.SE > server role = member server > log file = /var/log/samba/%m.log > log level = 2 winbind:5 > bind interfaces only = yes > interfaces = lo enp1s0 > > # Needed due to the ancient industrial system with Linux/Samba 3.x > > client min protocol = NT1 > server min protocol = NT1 > > winbind use default domain = yes > > winbind enum users = yes > winbind enum groups = yes > > username map = /etc/samba/user.map > min domain uid = 0 > > winbind refresh tickets = Yes > dedicated keytab file = /etc/krb5.keytab > kerberos method = secrets and keytab > > vfs objects = acl_xattr > map acl inherit = yes > acl_xattr:ignore system acls = yes > > idmap config * : backend = tdb > idmap config * : range = 3000-7999 > > idmap config HPXX: backend = rid > idmap config HPXX : range = 10000-999999 > > [bock] > path = /data/BOCK2 > read only = no > hide unreadable = yes > > [laser] > path = /data/LASER > read only = no > hide unreadable = yes > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On Tue, 6 Aug 2024 20:41:51 +0200 Anders ?stling via samba <samba at lists.samba.org> wrote:> Hello > I have an older Debian 11 with Samba 4.13 as domain member serving som > industrial systems with files. > Today I decided to upgrade both Debian (to 12) and Samba (to 4.17 and > then 4.20). The upgrade using the backport repo worked after some > extra steps. Som dependencies had to be installed separately (winbind > and samba-common-bin) before the main samba package was installed. So > far so good. The services started up correctly after a reboot. >I notice you had to install winbind, do you also have libpam-winbind and libnss-winbind installed ? Rowland