Hi, My Domain Controllers are using Samba 4.2.1 on Debian 7 I have upgraded my Secondary DC of the 4.2.1 to 4.5.5 version, as the follow: 1) cd /root 2) wget -c https://download.samba.org/pub/samba/samba-4.5.5.tar.gz 3) tar -xzvf samba-4.5.5.tar.gz 4) cd samba-4.5.5 5) ./configure --prefix=/opt/samba --enable-debug --enable-selftest 6) make 7) /etc/init.d/samba stop 8) /etc/init.d/ntp stop 9) make install At the end, the *samba-tool dbcheck --cross-ncs* command showed many errors. So, I have executed following commands: samba-tool dbcheck --cross-ncs --fix --yes samba-tool dbcheck --reindex samba-tool dbcheck --reset-well-known-acls --fix --yes samba-tool dbcheck --force-modules samba-tool ntacl sysvolreset When I type *samba-tool drs showrepl *command the result is OK. Now the users authentication is not working proprely, as message below: root at dc2:~# *wbinfo -a mane* Enter mane's password: plaintext password authentication succeeded Enter mane's password: challenge/response password authentication failed wbcAuthenticateUserEx(EMPRESA\mane): error code was NT_STATUS_WRONG_PASSWORD (0xc000006a) error message was: Wrong Password Could not authenticate user mane with challenge/response I have not yet upgraded my DC primary that is 4.2.1 version. How can I solve this problem? Is there any bug with Samba 4.5.5 version? Regards, Márcio Bacci
On Wed, 8 Feb 2017 22:51:28 -0200 Marcio Demetrio Bacci via samba <samba at lists.samba.org> wrote:> Now the users authentication is not working proprely, as message > below: > > root at dc2:~# *wbinfo -a mane* > Enter mane's password: > plaintext password authentication succeeded > Enter mane's password: > challenge/response password authentication failed > wbcAuthenticateUserEx(EMPRESA\mane): error code was > NT_STATUS_WRONG_PASSWORD (0xc000006a) > error message was: Wrong Password > Could not authenticate user mane with challenge/response >I know that fails, it fails for me, but can your users not login ? Rowland
On Thu, 9 Feb 2017 13:40:31 -0200 Marcio Demetrio Bacci <marciobacci at gmail.com> wrote:> Hi Rowland > > On the *wbinfo -a <user>* command line, it doesn't work. It also > doesn't authenticate users of the Squid3 Proxy.You can ignore the wbinfo error, but perhaps Louis can help here with squid, I think he uses it.> > Logging into the network has to try more than once and the message > "There isn't domain controllers this network", but after reboot the > authentication works.This seems to be dns problem, can you explain your set up and post the usual conf files.> > I have noticed that the *wbinfo -u* command brings users with Domain > prefix, but Samba 4.2.1 only carries the user name. >Winbind was changed, this is nothing to worry about. Rowland
On Thu, 9 Feb 2017 14:51:57 -0200 Marcio Demetrio Bacci <marciobacci at gmail.com> wrote:> Hi Rowland, > > I have two DNS Servers. The First is installed in dedicated server > Debian 7 and Bind9. Another is the Primary Domain Controller > (SAMBA_INTERNAL) . >This is not a supported way of running Samba, you should be running the dns server for the AD domain on the Samba AD DC and it should forward anything outside the AD domain to your other dns server. I know others might disagree with this and say 'it works that way for me', but it isn't supported by Samba and can and does lead to errors. Rowland