Gaiseric Vandal
2022-Mar-21 15:04 UTC
[Samba] authentication issue moving from Samba 4.11.x to 4.13.14
I have several Solaris 11.4 servers in an AD domain.??? File sharing is provide to Windows clients via Samba, and to Linux clients via nfs. ? ?? We also support some git repos over ssh. To ensure user ID mapping consistency between all services and servers,? I was configuring? systems as followed: In smb.conf ??? ??? ??? winbind use default domain = no In /etc/nsswitch.conf ?? ??? ? ?? passwd: files ldap winbind ??? ??? ??? group:? files ldap? winbind Unfortunately a Solaris update created a conflict between ldap caching and winbind , so I changed the configuration as follows In smb.conf ??? ??? ??? winbind use default domain = yes In /etc/nsswitch.conf ?? ??? ? ?? passwd: files ldap ??? ??? ??? group:? files ldap This works fine with Samba? 4.11.x. As part of a recent OS patching, Samba was upgrade to 4.13.14. I am unable to connect to shares from Windows.? I get a pop-up asking for user name and password, but I can not authenticate. The logs show ??? ??? ??? ??? ??? [2022/03/20 11:18:05.707722,? 3] ../../source3/auth/auth_util.c:1901(check_account) ? ??? ??? ??? ??? ??? Failed to find authenticated user MYDOMAIN\myname via getpwnam(), denying access. ??? ??? ??? ??? ??? [2022/03/20 11:18:05.707800,? 3] ../../source3/smbd/smb2_server.c:3861(smbd_smb2_request_error_ex) ?? ???? ??? ??? ??? ? smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] || at ../../source3/smbd/smb2_sesssetup.c:146 ??? ??? ??? ??? ??? [2022/03/20 11:18:05.729871,? 3] ../../source3/smbd/server_exit.c:220(exit_server_common) ? ??? ??? ??? ??? ??? Server exit (NT_STATUS_CONNECTION_RESET) Since my uidNumber is < 1000, I updated smb.conf as follows (but it doesn't help.) ??? ??? ??? ??? ??? ??? min domain uid = 100 I was update to temporarily workaround the problem by update /etc/nsswitch.conf as follows ?? ??? ? ?? passwd: files ldap winbind ??? ??? ??? group:? files ldap Appreciate any advice. Thanks
Rowland Penny
2022-Mar-21 16:05 UTC
[Samba] authentication issue moving from Samba 4.11.x to 4.13.14
On Mon, 2022-03-21 at 11:04 -0400, Gaiseric Vandal via samba wrote:> I have several Solaris 11.4 servers in an AD domain. File sharing > is > provide to Windows clients via Samba, and to Linux clients via nfs. > > We also support some git repos over ssh.Please post the entire 'global' portion of your smb.conf, also, do you use the 'ldap' for anything else ? Rowland
Franz Sirl
2022-Apr-20 16:43 UTC
[Samba] authentication issue moving from Samba 4.11.x to 4.13.14
Am 2022-03-21 um 16:04 schrieb Gaiseric Vandal via samba:> I have several Solaris 11.4 servers in an AD domain.??? File sharing is > provide to Windows clients via Samba, and to Linux clients via nfs. We > also support some git repos over ssh. > > > To ensure user ID mapping consistency between all services and servers, > I was configuring? systems as followed: > > ?????? In smb.conf > > ??????? ??? ??? ??? winbind use default domain = no > > ?????? In /etc/nsswitch.conf > > ??????? ?? ??? ? ?? passwd: files ldap winbind > ??????? ??? ??? ??? group:? files ldap? winbind > > > Unfortunately a Solaris update created a conflict between ldap caching > and winbind , so I changed the configuration as follows > > > ?????? In smb.conf > > ??????? ??? ??? ??? winbind use default domain = yes > > ?????? In /etc/nsswitch.conf > > ??????? ?? ??? ? ?? passwd: files ldap > ??????? ??? ??? ??? group:? files ldap > > > This works fine with Samba? 4.11.x. > > > As part of a recent OS patching, Samba was upgrade to 4.13.14. I am > unable to connect to shares from Windows.? I get a pop-up asking for > user name and password, but I can not authenticate. The logs showHello Gaiseric, you could try to update to the latest SRU44 from Oracle which has samba-4.13.17, this solved similar problems for me. Franz