Il giorno mer 19 dic 2018 11:46:56 CET, Rowland Penny via samba ha scritto:> On Wed, 19 Dec 2018 09:31:38 +0000 > Andrea Zagli via samba <samba at lists.samba.org> wrote: > >> hi all >> >> i'm trying to use smbclient v3 with a samba server v4 configured as ad >> >> with anonymous login it works; but it doesn't using a user >> >> i get NT_STATUS_LOGON_FAILURE >> >> the pc isn't in the domain; but i tried from a non domain pc with >> smbclient v4 and it works > > I think you have answered yourself, it doesn't work with smbclient v3 > (by which, I take it you mean from a Samba 3.x.x version), but it does > with smbclient v4. There have been a great many changes between Samba > 3.x.x and now and it is probably at least one of these changes that is > stopping it working.so the next questions are: - winbind v3 could authenticate against samba v4 ad? or i could simply use nsswitch with ldap (as with a samba v3 server)? - samba v3 can join a samba v4 ad?> The only versions that Samba supports are 4.7.x, 4.8.x and 4.9.x, all > others are supported by the OS's > > Having said all that, we may be able to help you, if you give us more > info ;-) > > What OS is smbclient v3 running on and what is in its smb.conf (not that > the latter should affect smbclient) > What OS is the Samba AD DC running on and what is in its smb.conf. >smbclient V3 - debian 6.0.10 - smbclient 3.5.6 smb.conf v3 [global] workgroup = WORKGROUP (i tried to change it to the domain name as i found is suggested in some site) server string = %h server dns proxy = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes [homes] comment = Home Directories browseable = no read only = yes create mask = 0700 directory mask = 0700 valid users = %S [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes guest ok = no read only = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no samba server v4 - debian 9.6 - samba 4.5.12 smb.conf v4 [global] netbios name = SAMBA4 realm = COMSCAND.NONATSAMBA4.IT workgroup = COMSCAND dns forwarder = 192.168.150.161 server role = active directory domain controller idmap_ldb:use rfc2307 = yes [netlogon] path = /var/lib/samba/sysvol/comscand.nonatsamba4.it/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No [samba1] path = /mnt/samba1 read only = No thanks
On Wed, 19 Dec 2018 11:20:30 +0000 Andrea Zagli <azagli at libero.it> wrote:> Il giorno mer 19 dic 2018 11:46:56 CET, Rowland Penny via samba ha > scritto: > > > On Wed, 19 Dec 2018 09:31:38 +0000 > > Andrea Zagli via samba <samba at lists.samba.org> wrote: > > > >> hi all > >> > >> i'm trying to use smbclient v3 with a samba server v4 configured > >> as ad > >> > >> with anonymous login it works; but it doesn't using a user > >> > >> i get NT_STATUS_LOGON_FAILURE > >> > >> the pc isn't in the domain; but i tried from a non domain pc with > >> smbclient v4 and it works > > > > I think you have answered yourself, it doesn't work with smbclient > > v3 (by which, I take it you mean from a Samba 3.x.x version), but > > it does with smbclient v4. There have been a great many changes > > between Samba 3.x.x and now and it is probably at least one of > > these changes that is stopping it working. > > so the next questions are: > - winbind v3 could authenticate against samba v4 ad?Samba 3.6.x should be able to authenticate from an AD domain, I believe the same goes for 3.5.x> or i could > simply use nsswitch with ldap (as with a samba v3 server)?Probably, never tried it, nslcd works against AD> - samba v3 can join a samba v4 ad?Samba 3.6.x has been known to join an AD domain, not sure about 3.5.x> > > The only versions that Samba supports are 4.7.x, 4.8.x and 4.9.x, > > all others are supported by the OS's > > > > Having said all that, we may be able to help you, if you give us > > more info ;-) > > > > What OS is smbclient v3 running on and what is in its smb.conf (not > > that the latter should affect smbclient) > > What OS is the Samba AD DC running on and what is in its smb.conf. > > > > smbclient V3 > - debian 6.0.10 > - smbclient 3.5.6Both Squeeze & Samba 3.5.x are EOL, can I suggest you upgrade to the latest Debian version. You can also find the latest Samba version here: http://apt.van-belle.nl/> > smb.conf v3 > > [global] > workgroup = WORKGROUP (i tried to change it to the domain name > as i found is suggested in some site) > server string = %h server > dns proxy = no > log file = /var/log/samba/log.%m > max log size = 1000 > syslog = 0 > panic action = /usr/share/samba/panic-action %d > encrypt passwords = true > passdb backend = tdbsam > obey pam restrictions = yes > unix password sync = yes > passwd program = /usr/bin/passwd %u > passwd chat = *Enter\snew\s*\spassword:* %n\n > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . > pam password change = yes > [homes] > comment = Home Directories > browseable = no > read only = yes > create mask = 0700 > directory mask = 0700 > valid users = %S > [printers] > comment = All Printers > browseable = no > path = /var/spool/samba > printable = yes > guest ok = no > read only = yes > create mask = 0700 > [print$] > comment = Printer Drivers > path = /var/lib/samba/printers > browseable = yes > read only = yes > guest ok = noIf you are going to try and join this to the AD domain, you will need to change the smb.conf, see here: https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member Rowland
Il giorno mer 19 dic 2018 13:11:50 CET, Rowland Penny via samba ha scritto:> On Wed, 19 Dec 2018 11:20:30 +0000 > Andrea Zagli <azagli at libero.it> wrote: > >> Il giorno mer 19 dic 2018 11:46:56 CET, Rowland Penny via samba ha >> scritto: >> >> > On Wed, 19 Dec 2018 09:31:38 +0000 >> > Andrea Zagli via samba <samba at lists.samba.org> wrote: >> > >> >> hi all >> >> >> >> i'm trying to use smbclient v3 with a samba server v4 configured >> >> as ad >> >> >> >> with anonymous login it works; but it doesn't using a user >> >> >> >> i get NT_STATUS_LOGON_FAILURE >> >> >> >> the pc isn't in the domain; but i tried from a non domain pc with >> >> smbclient v4 and it works >> > >> > I think you have answered yourself, it doesn't work with smbclient >> > v3 (by which, I take it you mean from a Samba 3.x.x version), but >> > it does with smbclient v4. There have been a great many changes >> > between Samba 3.x.x and now and it is probably at least one of >> > these changes that is stopping it working. >> >> so the next questions are: >> - winbind v3 could authenticate against samba v4 ad? > > Samba 3.6.x should be able to authenticate from an AD domain, I > believe the same goes for 3.5.x > >> or i could >> simply use nsswitch with ldap (as with a samba v3 server)? > > Probably, never tried it, nslcd works against AD > >> - samba v3 can join a samba v4 ad? > > Samba 3.6.x has been known to join an AD domain, not sure about 3.5.x > >> >> > The only versions that Samba supports are 4.7.x, 4.8.x and 4.9.x, >> > all others are supported by the OS's >> > >> > Having said all that, we may be able to help you, if you give us >> > more info ;-) >> > >> > What OS is smbclient v3 running on and what is in its smb.conf (not >> > that the latter should affect smbclient) >> > What OS is the Samba AD DC running on and what is in its smb.conf. >> > >> >> smbclient V3 >> - debian 6.0.10 >> - smbclient 3.5.6 > > Both Squeeze & Samba 3.5.x are EOL, can I suggest you upgrade to the > latest Debian version. You can also find the latest Samba version here: >unfortunately i cannot upgrade to samba 4 on these client pc but i upgraded to samba 3.6.6 and now it seems to work (at least smbclient; asap i'll try other aspects) thanks a lot