mathias dufresne
2016-Apr-22 08:31 UTC
[Samba] Fileserver upgraded from 4.1.17 to 4.2 dosen't authenticate users
Hi, I thought Samba4 was able to do everything what was doing Samba3. According to that isn't it possible for you to add a new DC into your NT4 domain which runs Samba4? As it is a DC in addition to others DC (those running Samba3) your domain should continue to work as it did for years. You would just get another DC running more recent Samba. I expect that Samba4 as filesrv is able to communicate correctly with Samba4 as NT4 DC. If my suppositions are not wrong, this would solve your strange RPC issue and also give a way to update your NT4 DC which seems an important thing according to that link which seems to show that samba3 is not supported any more. https://wiki.samba.org/index.php/Samba_Release_Planning#General_information 2016-04-22 8:23 GMT+02:00 Mgr. Peter Tuharsky <tuharsky at misbb.sk>:> Thank You, Dale > > The parameters I understood from documentation did nothing for me too. > > I see I must upgrade Samba on DC. I'm reluctant since this is always > quite delicate thing though, don't want break the whole network... > > Dňa 20.04.2016 o 20:12 Dale Schroeder napísal(a): > > On 04/20/2016 5:22 AM, Mgr. Peter Tuharsky wrote: > >> Hallo > >> > >> The Debian team was unable to keep 4.1.17 patched, so they switched to > >> 4.2 branch. However, fileserver at this version (4.2.10) is no more able > >> to communicate with DC at samba 3.5 (unable to authenticate users - got > >> weird rpc version error in log) > >> > >> Please, are there any parameters that could make this work for a > >> while now? > >> > >> Sincerely > >> > >> Peter > > > > Peter, > > > > I've been asking the same basic question periodically for the last two > > weeks and have not gotten any replies that make things work. No one > > has volunteered that their Samba NT4 domain works with the new versions. > > > > You could start by looking at the "Winbindd/Netlogon improvements" > > section here: https://www.samba.org/samba/history/samba-4.2.0.html > > > > None of these parameters made any difference for me, but your luck may > > be better than mine. Additionally, you will face the challenges > > brought on by the security fixes. It's not looking good for Samba NT4 > > domains. > > > > Dale > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Dale Schroeder
2016-Apr-22 17:58 UTC
[Samba] Fileserver upgraded from 4.1.17 to 4.2 dosen't authenticate users
Mathias, What you say is true in theory, but after Debian went from 4.1 to 4.3, my NT4 domain no longer works. The initial error was no logon server available. I've asked if anyone has a working NT4 domain on 4.3, and no one has replied that they do; therefore, I assume that there are none. Additionally, there were specific changes indicated for NT4 domains in the 4.2 release notes, but when Marc released the NT4 domain wiki page, there is no mention of these parameters or how they should be applied. Using them did not improve the domain situation for me. That is why I said that things don't look good for NT4 domains. With the advent of Samba4 AD capabilities, NT4 domains are passé. I wish I was wrong. With the spate of messages on this list since the security updates were released, I see no reason to rush in the AD direction either. A workgroup looks better every day........... Dale On 04/22/2016 3:31 AM, mathias dufresne wrote:> Hi, > > I thought Samba4 was able to do everything what was doing Samba3. > > According to that isn't it possible for you to add a new DC into your > NT4 domain which runs Samba4? As it is a DC in addition to others DC > (those running Samba3) your domain should continue to work as it did > for years. You would just get another DC running more recent Samba. > > I expect that Samba4 as filesrv is able to communicate correctly with > Samba4 as NT4 DC. > > If my suppositions are not wrong, this would solve your strange RPC > issue and also give a way to update your NT4 DC which seems an > important thing according to that link which seems to show that samba3 > is not supported any more. > https://wiki.samba.org/index.php/Samba_Release_Planning#General_information > > 2016-04-22 8:23 GMT+02:00 Mgr. Peter Tuharsky <tuharsky at misbb.sk > <mailto:tuharsky at misbb.sk>>: > > Thank You, Dale > > The parameters I understood from documentation did nothing for me too. > > I see I must upgrade Samba on DC. I'm reluctant since this is always > quite delicate thing though, don't want break the whole network... > > Dňa 20.04.2016 o 20:12 Dale Schroeder napísal(a): > > On 04/20/2016 5:22 AM, Mgr. Peter Tuharsky wrote: > >> Hallo > >> > >> The Debian team was unable to keep 4.1.17 patched, so they > switched to > >> 4.2 branch. However, fileserver at this version (4.2.10) is no > more able > >> to communicate with DC at samba 3.5 (unable to authenticate > users - got > >> weird rpc version error in log) > >> > >> Please, are there any parameters that could make this work for a > >> while now? > >> > >> Sincerely > >> > >> Peter > > > > Peter, > > > > I've been asking the same basic question periodically for the > last two > > weeks and have not gotten any replies that make things work. No one > > has volunteered that their Samba NT4 domain works with the new > versions. > > > > You could start by looking at the "Winbindd/Netlogon improvements" > > section here: https://www.samba.org/samba/history/samba-4.2.0.html > > > > None of these parameters made any difference for me, but your > luck may > > be better than mine. Additionally, you will face the challenges > > brought on by the security fixes. It's not looking good for > Samba NT4 > > domains. > > > > Dale > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Mgr. Peter Tuharsky
2016-Jul-07 08:52 UTC
[Samba] Fileserver upgraded from 4.1.17 to 4.2 dosen't authenticate users
For the record, upgrade of DC from Samba 3.6 to (patched) 4.2.10 (debian 6 Squeeze to Debian 8 Jessie) seems to have resolved the problem. I have then upgraded a single FS from (unpatched) Samba 4.1.17 to (patched) 4.2.10 and it seems working. I'll give it few days of testing and upgrade the rest of FSs. Interestingly, the (unpatched) 4.1.17 FSs still work under patched 4.2.10 DC, while patched 4.2.10 FS did not work with unpatched DC. Looks like the compatibility problem between servers is single-sided, or is simply related to too old Samba on the side of previous DC that could not cope with e.q. some protocol negotiations with patched FS. Dňa 22.04.2016 o 19:58 Dale Schroeder napísal(a):> Mathias, > > What you say is true in theory, but after Debian went from 4.1 to 4.3, > my NT4 domain no longer works. The initial error was no logon server > available. I've asked if anyone has a working NT4 domain on 4.3, and > no one has replied that they do; therefore, I assume that there are > none. Additionally, there were specific changes indicated for NT4 > domains in the 4.2 release notes, but when Marc released the NT4 > domain wiki page, there is no mention of these parameters or how they > should be applied. Using them did not improve the domain situation > for me. That is why I said that things don't look good for NT4 > domains. With the advent of Samba4 AD capabilities, NT4 domains are > passé. I wish I was wrong. > > With the spate of messages on this list since the security updates > were released, I see no reason to rush in the AD direction either. A > workgroup looks better every day........... > > Dale > > > On 04/22/2016 3:31 AM, mathias dufresne wrote: >> Hi, >> >> I thought Samba4 was able to do everything what was doing Samba3. >> >> According to that isn't it possible for you to add a new DC into your >> NT4 domain which runs Samba4? As it is a DC in addition to others DC >> (those running Samba3) your domain should continue to work as it did >> for years. You would just get another DC running more recent Samba. >> >> I expect that Samba4 as filesrv is able to communicate correctly with >> Samba4 as NT4 DC. >> >> If my suppositions are not wrong, this would solve your strange RPC >> issue and also give a way to update your NT4 DC which seems an >> important thing according to that link which seems to show that >> samba3 is not supported any more. >> https://wiki.samba.org/index.php/Samba_Release_Planning#General_information >> >> >> 2016-04-22 8:23 GMT+02:00 Mgr. Peter Tuharsky <tuharsky at misbb.sk >> <mailto:tuharsky at misbb.sk>>: >> >> Thank You, Dale >> >> The parameters I understood from documentation did nothing for me >> too. >> >> I see I must upgrade Samba on DC. I'm reluctant since this is always >> quite delicate thing though, don't want break the whole network... >> >> Dňa 20.04.2016 o 20:12 Dale Schroeder napísal(a): >> > On 04/20/2016 5:22 AM, Mgr. Peter Tuharsky wrote: >> >> Hallo >> >> >> >> The Debian team was unable to keep 4.1.17 patched, so they >> switched to >> >> 4.2 branch. However, fileserver at this version (4.2.10) is no >> more able >> >> to communicate with DC at samba 3.5 (unable to authenticate >> users - got >> >> weird rpc version error in log) >> >> >> >> Please, are there any parameters that could make this work for a >> >> while now? >> >> >> >> Sincerely >> >> >> >> Peter >> > >> > Peter, >> > >> > I've been asking the same basic question periodically for the >> last two >> > weeks and have not gotten any replies that make things work. >> No one >> > has volunteered that their Samba NT4 domain works with the new >> versions. >> > >> > You could start by looking at the "Winbindd/Netlogon improvements" >> > section here: https://www.samba.org/samba/history/samba-4.2.0.html >> > >> > None of these parameters made any difference for me, but your >> luck may >> > be better than mine. Additionally, you will face the challenges >> > brought on by the security fixes. It's not looking good for >> Samba NT4 >> > domains. >> > >> > Dale >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >> > >
Reasonably Related Threads
- Fileserver upgraded from 4.1.17 to 4.2 dosen't authenticate users
- Fileserver upgraded from 4.1.17 to 4.2 dosen't authenticate users
- Fileserver upgraded from 4.1.17 to 4.2 dosen't authenticate users
- Tripplite Smart Int 1000 - wrong numbers
- [PATCH] Re: Samba 4.1.17 classic update w/LDAP - parsing error