Rowland Penny
2022-Dec-05 18:47 UTC
[Samba] SAMBA 4.14.4 now prompts for userid and password after AIX 7.1 to 7.2 Upgrade
On 05/12/2022 18:26, Vaughan, Robert J via samba wrote:> > I knew you were going to say that, but I am running a Solaris 11 domain member from OS package Samba that reports version 4.13.8 without winbind with several hundred users right now > > And same experience on Red Hat 7 and 8 (reported versions a bit different but newer than 4.8) > > It complains about no winbind in the logs but yet it works > > Thanks, > > Robert VaughanIf you read here (under the heading 'Samba 4.8.0'): https://wiki.samba.org/index.php/Samba_4.8_Features_added/changed It states: Domain member setups require winbindd Setups with "security = domain" or "security = ads" require a running 'winbindd' now. The fallback that smbd directly contacts domain controllers is gone. So, unless I have understood it wrong, if you are running Samba as a Unix domain member, from version 4.8.0 you must run winbind. The only way around this that I can think of, is that Samba has been patched to allow smbd to work in the old way, where it could contact the domain controller directly. The other possibility is that you are not actually running a Unix domain member, you are running a standalone server. Rowland
Vaughan, Robert J
2022-Dec-05 18:55 UTC
[Samba] SAMBA 4.14.4 now prompts for userid and password after AIX 7.1 to 7.2 Upgrade
> I knew you were going to say that, but I am running a Solaris 11 domain member from OS package Samba that reports version 4.13.8 without winbind with several hundred users right now > > And same experience on Red Hat 7 and 8 (reported versions a bit different but newer than 4.8) > > It complains about no winbind in the logs but yet it works >>> If you read here (under the heading 'Samba 4.8.0'):>> https://urldefense.com/v3/__https://wiki.samba.org/index.php/Samba_4.8_Features_added/changed__;!!BlOwZnr7TA!mkqAC6zlQT_E3OrhCnUwT30X3XjIAN3rbBFCSsu2pq0rzs5I28WxWMn8wL1xrYqwekJfQHCMPRzNgDCb$>> It states:>> Domain member setups require winbindd>> Setups with "security = domain" or "security = ads" require a running >> 'winbindd' now. The fallback that smbd directly contacts domain >> controllers is gone.>> So, unless I have understood it wrong, if you are running Samba as a >> Unix domain member, from version 4.8.0 you must run winbind.>> The only way around this that I can think of, is that Samba has been >> patched to allow smbd to work in the old way, where it could contact the >> domain controller directly.>> The other possibility is that you are not actually running a Unix domain >> member, you are running a standalone server.I can only imagine that the OS vendors did the patch you suggest. In fact when I had a ticket open with Oracle about it they did seem to suggest they had done something to keep the fallback working for a while, but could no longer do that Thanks, Robert Vaughan ---------------------------------------------------------------------- This is an e-mail from General Dynamics Land Systems. It is for the intended recipient only and may contain confidential and privileged information. No one else may read, print, store, copy, forward or act in reliance on it or its attachments. If you are not the intended recipient, please return this message to the sender and delete the message and any attachments from your computer. Your cooperation is appreciated.