samba - Nov 2022 - auth problems

On 24/11/2022 11:28, Piviul via samba wrote:
> Hi all, I have a problem, I have upgraded my samba DC to samba 4.10.16 
> and now an old samba (4.1.17 on an old debian wheezy) member can't 
> authenticate users any more. There is a way to have the old samba member 
> authenticate the users without upgrading it? I need to have this server 
> working as soon as possible
> 
> Thank you very much
> 
> Piviul
> 
> 
Whilst Samba 4.10.x and 4.1.x are both EOL as far as Samba is concerned 
and Wheezy is EOL as far as Debian is concerned, it should still work.

Can we start by seeing the smb.conf from the wheezy machine ?

Rowland

On 11/24/22 13:07, Rowland Penny via samba wrote:
> On 24/11/2022 11:28, Piviul via samba wrote:
>> Hi all, I have a problem, I have upgraded my samba DC to samba 
>> 4.10.16 and now an old samba (4.1.17 on an old debian wheezy) member 
>> can't authenticate users any more. There is a way to have the old 
>> samba member authenticate the users without upgrading it? I need to 
>> have this server working as soon as possible
>>
>> Thank you very much
>>
>> Piviul
>>
>>
> Whilst Samba 4.10.x and 4.1.x are both EOL as far as Samba is 
> concerned and Wheezy is EOL as far as Debian is concerned, it should 
> still work.
>
> Can we start by seeing the smb.conf from the wheezy machine ?
this is testparm:

root at serverdati:~# du -sh /home/shares/DAE/
^G^C
root at serverdati:~# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
[...]
Loaded services file OK.
WARNING: You have some share names that are longer than 12 characters.
These may not be accessible to some older clients.
(Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

[global]
 ?? ?workgroup = DOMINIOCSA
 ?? ?realm = AD.CSARICERCHE.COM
 ?? ?server string = %h server (Samba, Debian)
 ?? ?security = ADS
 ?? ?map to guest = Bad User
 ?? ?obey pam restrictions = Yes
 ?? ?pam password change = Yes
 ?? ?log file = /var/log/samba/log.%m
 ?? ?max log size = 1000
 ?? ?usershare allow guests = Yes
 ?? ?panic action = /usr/share/samba/panic-action %d
 ?? ?template shell = /bin/bash
 ?? ?winbind enum users = Yes
 ?? ?winbind enum groups = Yes
 ?? ?winbind refresh tickets = Yes
 ?? ?idmap config DOMINIOCSA : range = 10000-99999
 ?? ?idmap config DOMINIOCSA : backend = rid
 ?? ?idmap config * : range = 3000-9999
 ?? ?idmap config * : backend = tdb
 ?? ?map acl inherit = Yes
 ?? ?store dos attributes = Yes
 ?? ?vfs objects = acl_xattr

[...]

...I forgot to say that the samba version of the PDC is 4.10.16

Have a nice day!

Piviul

On 11/24/22 14:11, Piviul wrote:
> On 11/24/22 13:07, Rowland Penny via samba wrote:
>> On 24/11/2022 11:28, Piviul via samba wrote:
>>> Hi all, I have a problem, I have upgraded my samba DC to samba 
>>> 4.10.16 and now an old samba (4.1.17 on an old debian wheezy)
member
>>> can't authenticate users any more. There is a way to have the
old
>>> samba member authenticate the users without upgrading it? I need to
>>> have this server working as soon as possible
>>>
>>> Thank you very much
>>>
>>> Piviul
>>>
>>>
>> Whilst Samba 4.10.x and 4.1.x are both EOL as far as Samba is 
>> concerned and Wheezy is EOL as far as Debian is concerned, it should 
>> still work.
>>
>> Can we start by seeing the smb.conf from the wheezy machine ?
>
> this is testparm:
>
> root at serverdati:~# du -sh /home/shares/DAE/
> ^G^C
> root at serverdati:~# testparm
> Load smb config files from /etc/samba/smb.conf
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> Processing section "[homes]"
> [...]
> Loaded services file OK.
> WARNING: You have some share names that are longer than 12 characters.
> These may not be accessible to some older clients.
> (Eg. Windows9x, WindowsMe, and smbclient prior to Samba 3.0.)
> Server role: ROLE_DOMAIN_MEMBER
> Press enter to see a dump of your service definitions
>
> [global]
> ?? ?workgroup = DOMINIOCSA
> ?? ?realm = AD.CSARICERCHE.COM
> ?? ?server string = %h server (Samba, Debian)
> ?? ?security = ADS
> ?? ?map to guest = Bad User
> ?? ?obey pam restrictions = Yes
> ?? ?pam password change = Yes
> ?? ?log file = /var/log/samba/log.%m
> ?? ?max log size = 1000
> ?? ?usershare allow guests = Yes
> ?? ?panic action = /usr/share/samba/panic-action %d
> ?? ?template shell = /bin/bash
> ?? ?winbind enum users = Yes
> ?? ?winbind enum groups = Yes
> ?? ?winbind refresh tickets = Yes
> ?? ?idmap config DOMINIOCSA : range = 10000-99999
> ?? ?idmap config DOMINIOCSA : backend = rid
> ?? ?idmap config * : range = 3000-9999
> ?? ?idmap config * : backend = tdb
> ?? ?map acl inherit = Yes
> ?? ?store dos attributes = Yes
> ?? ?vfs objects = acl_xattr
>
> [...]
>