Hi guys, It appears that Samba 4.8 breaks the Windows' ability to log in without specifying a matching domain name. Since the upgrade, logging in with just the username or .\username has become impossible, and only SAMBAHOSTNAME\username still works. I'm running an Apple OpenDirectory + nslcd setup. The username (e_user) still resolves properly via NSS. Is there anything I could have missed when upgrading? Auth attempt log: check_ntlm_password: Checking password for unmapped user [WIN-9F1GSF1XXXX]\[e_user]@[WIN-9F1GSF1XXXX] with the new password interface check_ntlm_password: mapped user is: [WIN-9F1GSF1XXXX]\[e_user]@[WIN-9F1GSF1XXXX] Check auth for: [e_user] auth_check_ntlm_password: anonymous had nothing to say Check auth for: [e_user] is_myname("WIN-9F1GSF1XXXX") returns 0 check_samstrict_security: WIN-9F1GSF1XXXX is not one of my local names or domain name (DC) auth_check_ntlm_password: sam had nothing to say Globals: disable netbios = Yes dns proxy = No domain logons = Yes ldap admin dn = uid=diradmin,cn=users,dc=directory,dc=xxx,dc=com ldap ssl = no ldap suffix = dc=directory,dc=xxx,dc=com map to guest = Bad User ntlm auth = ntlmv1-permitted nt pipe support = No passdb backend = ldapsam:ldap://directory.xxx.com security = USER server min protocol = NT1 server string = XXX SMB workgroup = XXX idmap config * : backend = tdb map archive = No map readonly = no nt acl support = No Cheers, Eugene
On Mon, 11 Mar 2019 11:49:10 +0100 Eugene Pankov via samba <samba at lists.samba.org> wrote:> Hi guys, > > It appears that Samba 4.8 breaks the Windows' ability to log in > without specifying a matching domain name.Hmm, I thought this was actually fixed in 4.8.0, see this bug report: https://bugzilla.samba.org/show_bug.cgi?id=13206 Rowland
I've gone through the changelog, but I think that specific fix might be unrelated, as there's actually a "domain" part being passed by the client (the client's hostname). I tried upgrading to the latest 4.9 as well, and it's still broken. My gut feeling is that it's specific to ldapsam, as similar environments with local users only work as expected. On Mon, Mar 11, 2019 at 12:57 PM Rowland Penny via samba < samba at lists.samba.org> wrote:> On Mon, 11 Mar 2019 11:49:10 +0100 > Eugene Pankov via samba <samba at lists.samba.org> wrote: > > > Hi guys, > > > > It appears that Samba 4.8 breaks the Windows' ability to log in > > without specifying a matching domain name. > > Hmm, I thought this was actually fixed in 4.8.0, see this bug report: > > https://bugzilla.samba.org/show_bug.cgi?id=13206 > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Reasonably Related Threads
- No write access on new shares until smbd is restarted
- [EXTERNAL] Re: Unable to authenticate to share using UPN
- No write access on new shares until smbd is restarted
- [LLVMdev] DW_TAG_base_type missing DW_AT_name for subrange types
- [LLVMdev] DW_TAG_base_type missing DW_AT_name for subrange types