samba - Feb 2022 - Samba 4.14.5 NTLMv1

Hi Eric, did you ever get your authentication working again? I?m curious what
you did if you did.

-Perttu
> On 20. Jan 2022, at 8.46, Eric Lehmann via samba <samba at
lists.samba.org> wrote:
> 
> Rowland, here it is:
> 
> testparm
> Load smb config files from /etc/samba/smb.conf
> lpcfg_do_global_parameter: WARNING: The "lanman auth" option is
deprecated
> lpcfg_do_global_parameter: WARNING: The "client NTLMv2 auth"
option is
> deprecated
> Loaded services file OK.
> Weak crypto is allowed
> 
> Server role: ROLE_DOMAIN_MEMBER
> 
> Press enter to see a dump of your service definitions
> 
> # Global parameters
> [global]
>        client min protocol = NT1
>         server min protocol = NT1
>        client NTLMv2 auth = No
>        kerberos method = secrets and keytab
>        lanman auth = Yes
>        ntlm auth = ntlmv1-permitted
>        security = ADS
>        workgroup = DOMAIN
>        realm =  DOMAIN.INTERN
>        template homedir = /home/%U
>        log file = /var/log/samba/%m.log
>        template shell = /bin/bash
>        winbind nss info = rfc2307
>        winbind offline logon = Yes
>        winbind refresh tickets = Yes
>        winbind use default domain = Yes
>        idmap config * : range = 10000-999999
>        idmap config  DOMAIN  : unix_primary_group = yes
>        idmap config  DOMAIN  : unix_nss_info = yes
>        idmap config  DOMAIN  : schema_mode = rfc2307
>        idmap config  DOMAIN  : backend = rid
>        idmap config  DOMAIN  : range = 2000000-2999999
>        idmap config * : backend = tdb
> 
> 
> [Share]
>        case sensitive = Yes
>        comment =  Share
>        create mask = 0644
>        directory mask = 0775
>        path = /srv/samba/Share
>        read only = No
> 
> Am Mi., 19. Jan. 2022 um 17:52 Uhr schrieb Rowland Penny via samba <
> samba at lists.samba.org <mailto:samba at lists.samba.org>>:
> 
>> 
>> Would you mind running the 'testparm' command again, but this
time
>> without the '-v' ?
>> 
>> Rowland
>> 
>> 
>> 
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
<https://lists.samba.org/mailman/options/samba>

Hi

Not yet like expected. I added a local system/samba user for this specific
micro-devices. The device does not send the user with a workgroup/domain
but something like \user. With an empty or blank value before the \ and i
am not able to change it because it is proprietary.

Anyway, now I can access the share by smbclient -U \\local-user. If i try
smbclient -U local-user, winbind or samba try to search / map the user with
[domain] \ [local-user], which fails because local-user is not within the
AD. Confusing but \\local-user seems to be ok for me. Thanks for asking.

Am Mo., 14. Feb. 2022 um 15:51 Uhr schrieb Perttu Aaltonen <
perttu.aaltonen at mac.com>:
> Hi Eric, did you ever get your authentication working again? I?m curious
> what you did if you did.
>
> -Perttu
>
> On 20. Jan 2022, at 8.46, Eric Lehmann via samba <samba at
lists.samba.org>
> wrote:
>
> Rowland, here it is:
>
> testparm
> Load smb config files from /etc/samba/smb.conf
> lpcfg_do_global_parameter: WARNING: The "lanman auth" option is
deprecated
> lpcfg_do_global_parameter: WARNING: The "client NTLMv2 auth"
option is
> deprecated
> Loaded services file OK.
> Weak crypto is allowed
>
> Server role: ROLE_DOMAIN_MEMBER
>
> Press enter to see a dump of your service definitions
>
> # Global parameters
> [global]
>        client min protocol = NT1
>         server min protocol = NT1
>        client NTLMv2 auth = No
>        kerberos method = secrets and keytab
>        lanman auth = Yes
>        ntlm auth = ntlmv1-permitted
>        security = ADS
>        workgroup = DOMAIN
>        realm =  DOMAIN.INTERN
>        template homedir = /home/%U
>        log file = /var/log/samba/%m.log
>        template shell = /bin/bash
>        winbind nss info = rfc2307
>        winbind offline logon = Yes
>        winbind refresh tickets = Yes
>        winbind use default domain = Yes
>        idmap config * : range = 10000-999999
>        idmap config  DOMAIN  : unix_primary_group = yes
>        idmap config  DOMAIN  : unix_nss_info = yes
>        idmap config  DOMAIN  : schema_mode = rfc2307
>        idmap config  DOMAIN  : backend = rid
>        idmap config  DOMAIN  : range = 2000000-2999999
>        idmap config * : backend = tdb
>
>
> [Share]
>        case sensitive = Yes
>        comment =  Share
>        create mask = 0644
>        directory mask = 0775
>        path = /srv/samba/Share
>        read only = No
>
> Am Mi., 19. Jan. 2022 um 17:52 Uhr schrieb Rowland Penny via samba <
> samba at lists.samba.org>:
>
>
> Would you mind running the 'testparm' command again, but this time
> without the '-v' ?
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
>
>