CentOS - Jan 2019 - upg. CentOS 7.5 to 7.6: unable to mount smb shares - samba NT domain member using ldap

Dne 2.1.2019 v 21:54 Gordon Messmer napsal(a):
> On 1/2/19 12:09 PM, Miroslav Geisselreiter wrote:
>> some parameters from smb.conf:
>> [global]
>> ??? workgroup = NT4DOMAIN
>> ??? netbios name = nt4member
>> ??????? security = domain
>> ??????? passdb backend = ldapsam:"ldap://ldap1server.intranet.xx 
>> ldap://ldap2server.intranet.xx" 
>
>
> I'm not sure it makes sense to use "security = domain" with
an ldap
> passdb backend.? If you're using a real NT4 domain, then you
shouldn't
> need a passdb backend at all.? If you're not in an NT4 domain, then 
> you should set "security = USER".
>
> The man page for smb.conf notes "This mode will only work correctly if
> net(8) has been used to add this machine into a Windows NT Domain."? 
> Did you add this host to a Windows NT domain, using "net join
..."?
>
Yes, I add this host with command:
net rpc join MEMBER -S NT4LIKEDOMAINSERVER -U root

I tried to change "security = USER" but it did not help.

I have to say that before upgrade samba from 4.7.1-9 to 4.8.3-4 I did 
not use and did not run winbind daemon. But now it is necessary to run 
winbind according to samba documentation:
https://www.samba.org/samba/history/samba-4.8.0.html

Domain member setups require winbindd
-------------------------------------
Setups with "security = domain" or "security = ads" require
a
running 'winbindd' now. The fallback that smbd directly contacts
domain controllers is gone.

Without windbind running samba 4.8 do not allow mount smb shares so I 
have to run winbind.

On 1/3/19 6:09 AM, Miroslav Geisselreiter wrote:
> Yes, I add this host with command:
> net rpc join MEMBER -S NT4LIKEDOMAINSERVER -U root

I don't have any NT4-style domains handy to test with, so I can't be 
very specific.? Your logs seem to indicate that Samba believes itself to 
be the best DC for the domain.? See what you get from:

net rpc info
net rpc testjoin

If nothing seems relevant, try leaving the domain and re-joining.

Dne 4.1.2019 v 1:32 Gordon Messmer napsal(a):
> On 1/3/19 6:09 AM, Miroslav Geisselreiter wrote:
>> Yes, I add this host with command:
>> net rpc join MEMBER -S NT4LIKEDOMAINSERVER -U root
>
>
> I don't have any NT4-style domains handy to test with, so I can't
be
> very specific.? Your logs seem to indicate that Samba believes itself 
> to be the best DC for the domain.? See what you get from:
>
> net rpc info
> net rpc testjoin
>
> If nothing seems relevant, try leaving the domain and re-joining.
I had to change in smb.conf
client ipc signing = no

Than:
# net rpc info
Enter root's password:
Domain Name: NT4DOMAIN
Domain SID: S-1-5-21-somesid
Sequence number: somenubmer
Num users: xxx
Num domain groups: xxx
Num local groups: xxx

# net rpc testjoin
Join to 'NT4DOMAIN' is OK

Previously I deleted all files from /var/lib/samba, than set ldap admin 
password:
smbpasswd -W
Than I re-join DC, it did not help.

FYI: I have NT4-style domain configured on CentOS 6 linux server and 
here is part of smb.conf of this DC - NT4LIKEDOMAINSERVER:
[global]
 ??????? time server = yes
 ??????? workgroup = NT4DOMAIN
 ??????? server string = Samba Server Version %v
 ??????? netbios name = NT4LIKEDOMAINSERVER
 ???????? passdb backend = ldapsam:"ldap://ldap1server.intranet.xx 
ldap://ldap2server.intranet.xx"
 ???????? ldap ssl = start tls
 ???????? realm = INTRANET.XX
 ???????? kerberos method = system keytab
 ???????? ldap suffix = dc=intranet,dc=xx
 ???????? ldap admin dn = uid=ldapadmin,dc=intranet,dc=xx
 ???????? ldap group suffix = ou=Groups
 ???????? ldap user suffix = ou=Users
 ???????? ldap machine suffix = ou=Computers
 ??????? socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
 ??????? domain master = yes
 ??????? domain logons = yes
 ??????? logon script = %U.bat
 ??????? logon path = ""
 ??????? wins support = yes
[netlogon]
 ??????? comment = Network Logon Service
 ??????? path = /var/lib/samba/netlogon
 ??????? guest ok = no
 ??????? writable = no
 ??????? browseable = no
 ??????? printable = no

Installed samba on DC:
# rpm -q samba
samba-3.6.23-51.el6.x86_64
and running smbd and nmbd