Peter Fodrek,ml.
2017-Nov-10 08:51 UTC
[Samba] Windows server 2003 domain authentication with Samba version 4.7.0-git.23.4e3f0fb9d15SUSE-oS13.3-x86_64
Dear Mr. Cardon! Na štvrtok, 9. novembra 2017 18:29:03 CET Denis Cardon via samba napísali:> > > IO would like to ask for help with diagnose why my Samba version > > 4.7.0-git. > > 23.4e3f0fb9d15SUSE-oS13.3-x86_64 in openSUSE Tumbleweed can not > > authentificate me on Windows server 2003 domain > > > > in /etc/fstab I have working combination - smb version only vorks if set > > to 1.0 > windows 2003 support only smb1 protocol, smb2 was introduced with > winvista/win2k8. On version 4.7 Samba has modified the "client max > protocol" to SMB3_11, but "client min protocol" was not modified [1]. > > However, since you are on a rolling release, you are probably on a very > recent kernel > 4.13. Your cifs module probably comes from that kernel > distrib, and there has been a change on the min protocol version by > default, see the thread on [2]. >Thank you for your answer Maybe I write my question in not understandable form. CIFS mount works, but I can not login via Domain login and password to the system on openSUSE. I just use fstab to demostrate part of SAMBA settings on my client I look forward hering from you and anybody else Yours faithfully Peter Fodrek> [1] https://wiki.samba.org/index.php/Samba_4.7_Features_added/changed > [2] https://bugzilla.redhat.com/show_bug.cgi?id=1474539 > > > //192.168.1.131/shares /home/fodrek/shares cifs > > credentials=/home/fodrek/ > > cifs.creds,iocharset=utf8,sec=ntlm,cifsacl,user,nosuid,uid=fodrek,gid=use > > rs,vers=1.0 0 0 > > > > > > On tyhe server I am detected as operating system > > Name:openSUSE Tumbleweed > > version: 20171104 > > Service pack: 4.7.0-git.23.4e3f0fb9d15SUSE-oS13.3-x86_64 > > > > Is it possible to help me with allowing to authentificate me into > > domain,please? > > > > > > I look forward hearing from you > > > > Yours faithfully > > > > > > Peter Fodrek-----------------------------------------
Rowland Penny
2017-Nov-10 09:03 UTC
[Samba] Windows server 2003 domain authentication with Samba version 4.7.0-git.23.4e3f0fb9d15SUSE-oS13.3-x86_64
On Fri, 10 Nov 2017 09:51:14 +0100 "Peter Fodrek,ml. via samba" <samba at lists.samba.org> wrote:> Dear Mr. Cardon! > Na štvrtok, 9. novembra 2017 18:29:03 CET Denis Cardon via samba > napísali: > > > > > > IO would like to ask for help with diagnose why my Samba version > > > 4.7.0-git. > > > 23.4e3f0fb9d15SUSE-oS13.3-x86_64 in openSUSE Tumbleweed can not > > > authentificate me on Windows server 2003 domain > > > > > > in /etc/fstab I have working combination - smb version only > > > vorks if set to 1.0 > > windows 2003 support only smb1 protocol, smb2 was introduced with > > winvista/win2k8. On version 4.7 Samba has modified the "client max > > protocol" to SMB3_11, but "client min protocol" was not modified > > [1]. > > > > However, since you are on a rolling release, you are probably on a > > very recent kernel > 4.13. Your cifs module probably comes from > > that kernel distrib, and there has been a change on the min > > protocol version by default, see the thread on [2]. > > > > Thank you for your answer > Maybe I write my question in not understandable form. > > CIFS mount works, but I can not login via Domain login and password > to the system on openSUSE. > I just use fstab to demostrate part of SAMBA settings on my client > > I look forward hering from you and anybody else > > Yours faithfully > > Peter Fodrek > >You should have said that in the first place, I thought it was a CIFS problem ;-) Can you please post your smb.conf Rowland
L.P.H. van Belle
2017-Nov-10 09:07 UTC
[Samba] Windows server 2003 domain authentication with Samba version 4.7.0-git.23.4e3f0fb9d15SUSE-oS13.3-x86_64
Hai, You could try to add AES256 support for win2003, but honistly, why is windows 2003 even still in your network if you have samba running? Aes addon. https://support.microsoft.com/en-us/help/948963/an-update-is-available-to-add-support-for-the-tls-rsa-with-aes-128-cbc Ps. That AES addon wont fix the SMB2+ problem with win2003. But may help with authenticating problems. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Peter Fodrek,ml. via samba > Verzonden: vrijdag 10 november 2017 9:51 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Windows server 2003 domain > authentication with Samba version > 4.7.0-git.23.4e3f0fb9d15SUSE-oS13.3-x86_64 > > Dear Mr. Cardon! > Na štvrtok, 9. novembra 2017 18:29:03 CET Denis Cardon via > samba napísali: > > > > > > IO would like to ask for help with diagnose why my Samba version > > > 4.7.0-git. > > > 23.4e3f0fb9d15SUSE-oS13.3-x86_64 in openSUSE Tumbleweed can not > > > authentificate me on Windows server 2003 domain > > > > > > in /etc/fstab I have working combination - smb version > only vorks if set > > > to 1.0 > > windows 2003 support only smb1 protocol, smb2 was introduced with > > winvista/win2k8. On version 4.7 Samba has modified the "client max > > protocol" to SMB3_11, but "client min protocol" was not > modified [1]. > > > > However, since you are on a rolling release, you are > probably on a very > > recent kernel > 4.13. Your cifs module probably comes from > that kernel > > distrib, and there has been a change on the min protocol version by > > default, see the thread on [2]. > > > > Thank you for your answer > Maybe I write my question in not understandable form. > > CIFS mount works, but I can not login via Domain login and > password to the > system on openSUSE. > I just use fstab to demostrate part of SAMBA settings on my client > > I look forward hering from you and anybody else > > Yours faithfully > > Peter Fodrek > > > > [1] > https://wiki.samba.org/index.php/Samba_4.7_Features_added/changed > > [2] https://bugzilla.redhat.com/show_bug.cgi?id=1474539 > > > > > //192.168.1.131/shares /home/fodrek/shares cifs > > > credentials=/home/fodrek/ > > > > cifs.creds,iocharset=utf8,sec=ntlm,cifsacl,user,nosuid,uid=fod > rek,gid=use > > > rs,vers=1.0 0 0 > > > > > > > > > On tyhe server I am detected as operating system > > > Name:openSUSE Tumbleweed > > > version: 20171104 > > > Service pack: 4.7.0-git.23.4e3f0fb9d15SUSE-oS13.3-x86_64 > > > > > > Is it possible to help me with allowing to authentificate me into > > > domain,please? > > > > > > > > > I look forward hearing from you > > > > > > Yours faithfully > > > > > > > > > Peter Fodrek > > ----------------------------------------- > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Rowland Penny
2017-Nov-10 10:07 UTC
[Samba] Windows server 2003 domain authentication with Samba version 4.7.0-git.23.4e3f0fb9d15SUSE-oS13.3-x86_64
On Fri, 10 Nov 2017 10:39:10 +0100 wrote:> > You should have said that in the first place, I thought it was a > > CIFS problem ;-) > > > > Can you please post your smb.conf > > > it is set by yast and its only content is as follows. It may be > problem in kerberos method as I think > > > [global]Is that it ? Just '[global]' ???? I think you should try reading this: https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member I would also suggest you upgrade your 2003 server, it is EOL. Also, please don't send replies just to me, send them to the list. Rowland
Rowland Penny
2017-Nov-10 10:52 UTC
[Samba] Windows server 2003 domain authentication with Samba version 4.7.0-git.23.4e3f0fb9d15SUSE-oS13.3-x86_64
On Fri, 10 Nov 2017 11:38:00 +0100 wrote:> Na piatok, 10. novembra 2017 11:07:13 CET Rowland Penny via samba > napísali: > > On Fri, 10 Nov 2017 10:39:10 +0100 > > > > wrote: > > > > You should have said that in the first place, I thought it was a > > > > CIFS problem ;-) > > > > > > > > Can you please post your smb.conf > > > > > > it is set by yast and its only content is as follows. It may be > > > problem in kerberos method as I think > > > > > > > > > [global] > > > > Is that it ? > > Just '[global]' ???? > > Not realy, something cahnged text twice, It is included in text as > weel as in attachement > > [global] > > security = ADS workgroup = 1ZVARACSKA log file > = /var/log/samba/%m.log kerberos method = system keytab client > signing = yes client use spnego = yes idmap gid > 10000-20000 idmap uid = 10000-20000 usershare allow > guests = No realm = 1ZVARACSKA.SK > template > homedir = /home/%D/%U > winbind > refresh tickets = yes > template > shell = /bin/bash > winbind > offline logon = yes > > > > > > I think you should try reading this: > > > > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member > > > > I would also suggest you upgrade your 2003 server, it is EOL. > > > > Also, please don't send replies just to me, send them to the list. > > > > Rowland > >Firstly, do you think you could find another email client ? Yast appears to be borked, it is producing an extremely old style smb.conf, can I suggest you read this: https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member You said in another post that the windows server is maintained by a third party, I beg to differ, it is being mis-maintained by a third party. If it was being maintained, it would have been upgraded by now, it went EOL 2 years ago. Rowland
fodrek.p at pzvar.sk
2017-Nov-10 13:43 UTC
[Samba] Windows server 2003 domain authentication with Samba version 4.7.0-git.23.4e3f0fb9d15SUSE-oS13.3-x86_64
Na piatok, 10. novembra 2017 11:52:26 CET Rowland Penny via samba napísali:> On Fri, 10 Nov 2017 11:38:00 +0100 > > wrote: > > Na piatok, 10. novembra 2017 11:07:13 CET Rowland Penny via samba > > > > napísali: > > > On Fri, 10 Nov 2017 10:39:10 +0100 > > > > > > wrote: > > > > > You should have said that in the first place, I thought it was a > > > > > CIFS problem > > > > > > > > > > Can you please post your smb.conf > > > > > > > > it is set by yast and its only content is as follows. It may be > > > > problem in kerberos method as I think > > > > > > > > > > > > [global] > > > > > > Is that it ? > > > Just '[global]' ???? > > > > Not realy, something cahnged text twice, It is included in text as > > weel as in attachement > > > > [global] > > > > security = ADS workgroup = 1ZVARACSKA log file > > > > = /var/log/samba/%m.log kerberos method = system keytab client > > signing = yes client use spnego = yes idmap gid > > 10000-20000 idmap uid = 10000-20000 usershare allow> > > > > I think you should try reading this: > > > > > > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member > > > > > > I would also suggest you upgrade your 2003 server, it is EOL. > > > > > > Also, please don't send replies just to me, send them to the list. > > > > > > Rowland > > Firstly, do you think you could find another email client ? >Maybe it was misconfigurtation of kmail/kontact of myselfg. It may now work ok.> Yast appears to be borked, it is producing an extremely old style > smb.conf, can I suggest you read this:I was newer> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_MemberThank you. It looks like very similar to way that I have used for stnadrad ldap authentification for login, ssh and subversion server in the past. Kind regards Peter> > You said in another post that the windows server is maintained by a > third party, I beg to differ, it is being mis-maintained by a third > party. If it was being maintained, it would have been upgraded by now, > it went EOL 2 years ago. > > Rowland