samba - Dec 2018 - smbclient v3 against samba server v4

hi all

i'm trying to use smbclient v3 with a samba server v4 configured as ad

with anonymous login it works; but it doesn't using a user

i get NT_STATUS_LOGON_FAILURE

the pc isn't in the domain; but i tried from a non domain pc with  
smbclient v4 and it works

i tried some commands

smbclient -L <ip> -U <user> -W <domain>
smbclient -L <ip> -U <domain>/<user>
smbclient -L <ip> -U <user> -W <domain> -m SMB3 -e

maybe that it isn't compatible? or it needs some libraries that i  
didn't install? or what else

for example using -d3 i see that in smbclient v4 it says that it  
registers krb5 and gssapi backends, but these messages missed with  
smbclient v3 (both pc have same gssapi and kerberos libraries  
installated)

thanks in advance

On Wed, 19 Dec 2018 09:31:38 +0000
Andrea Zagli via samba <samba at lists.samba.org> wrote:
> hi all
> 
> i'm trying to use smbclient v3 with a samba server v4 configured as ad
> 
> with anonymous login it works; but it doesn't using a user
> 
> i get NT_STATUS_LOGON_FAILURE
> 
> the pc isn't in the domain; but i tried from a non domain pc with  
> smbclient v4 and it works
I think you have answered yourself, it doesn't work with smbclient v3
(by which, I take it you mean from a Samba 3.x.x version), but it does
with smbclient v4. There have been a great many changes between Samba
3.x.x and now and it is probably at least one of these changes that is
stopping it working.
The only versions that Samba supports are 4.7.x, 4.8.x and 4.9.x, all
others are supported by the OS's

Having said all that, we may be able to help you, if you give us more
info ;-)

What OS is smbclient v3 running on and what is in its smb.conf (not that
the latter should affect smbclient)
What OS is the Samba AD DC running on and what is in its smb.conf.

Rowland

Il giorno mer 19 dic 2018 11:46:56 CET, Rowland Penny via samba ha scritto:
> On Wed, 19 Dec 2018 09:31:38 +0000
> Andrea Zagli via samba <samba at lists.samba.org> wrote:
>
>> hi all
>>
>> i'm trying to use smbclient v3 with a samba server v4 configured as
ad
>>
>> with anonymous login it works; but it doesn't using a user
>>
>> i get NT_STATUS_LOGON_FAILURE
>>
>> the pc isn't in the domain; but i tried from a non domain pc with
>> smbclient v4 and it works
>
> I think you have answered yourself, it doesn't work with smbclient v3
> (by which, I take it you mean from a Samba 3.x.x version), but it does
> with smbclient v4. There have been a great many changes between Samba
> 3.x.x and now and it is probably at least one of these changes that is
> stopping it working.
so the next questions are:
- winbind v3 could authenticate against samba v4 ad? or i could simply  
use nsswitch with ldap (as with a samba v3 server)?
- samba v3 can join a samba v4 ad?
> The only versions that Samba supports are 4.7.x, 4.8.x and 4.9.x, all
> others are supported by the OS's
>
> Having said all that, we may be able to help you, if you give us more
> info ;-)
>
> What OS is smbclient v3 running on and what is in its smb.conf (not that
> the latter should affect smbclient)
> What OS is the Samba AD DC running on and what is in its smb.conf.
>
smbclient V3
  - debian 6.0.10
  - smbclient 3.5.6

smb.conf v3

[global]
    workgroup = WORKGROUP (i tried to change it to the domain name as  
i found is suggested in some site)
    server string = %h server
    dns proxy = no
    log file = /var/log/samba/log.%m
    max log size = 1000
    syslog = 0
    panic action = /usr/share/samba/panic-action %d
    encrypt passwords = true
    passdb backend = tdbsam
    obey pam restrictions = yes
    unix password sync = yes
    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\s*\spassword:* %n\n  
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
    pam password change = yes
[homes]
    comment = Home Directories
    browseable = no
    read only = yes
    create mask = 0700
    directory mask = 0700
    valid users = %S
[printers]
    comment = All Printers
    browseable = no
    path = /var/spool/samba
    printable = yes
    guest ok = no
    read only = yes
    create mask = 0700
[print$]
    comment = Printer Drivers
    path = /var/lib/samba/printers
    browseable = yes
    read only = yes
    guest ok = no


samba server v4
  - debian 9.6
  - samba 4.5.12

smb.conf v4

[global]
         netbios name = SAMBA4
         realm = COMSCAND.NONATSAMBA4.IT
         workgroup = COMSCAND
         dns forwarder = 192.168.150.161
         server role = active directory domain controller
         idmap_ldb:use rfc2307 = yes
[netlogon]
         path = /var/lib/samba/sysvol/comscand.nonatsamba4.it/scripts
         read only = No
[sysvol]
         path = /var/lib/samba/sysvol
         read only = No
[samba1]
         path = /mnt/samba1
         read only = No


thanks