Web lists-archives.com

Re: [Samba] samba 4.4.14 breaks classic domain




Good catch. I had set server max protocol to NT1 after upgrading from samba 3.x to 4.x . Some windows clients had problems with SMB2 and file shares (tho this should not really be an issue with the domain controllers.)




I have now set the dc's to

        server max protocol = SMB2
        server min protocol = NT1


and the client machine to be

        client max protocol = SMB2
        client min protocol = NT1


But it doesn't fix the problem.      I don't thin kthe


The machine in question is not used heavily so it is possible there was some issue prior to the latest patch.

Setting a 4.4.13 version machine to use NT1 and SMB2 as the min and max protocols for client and server does not seem to cause a problems with validating the domain membership.



I had compiled samba 4.5.1 some months ago in an alternate directory, and it also fails with "net join" (although it may be picking up library files that were updated with the system update.)

I may try rolling back the OS patches.




On 06/21/17 12:18, Rowland Penny via samba wrote:
On Wed, 21 Jun 2017 11:55:47 -0400
Gaiseric Vandal via samba <samba@xxxxxxxxxxxxxxx> wrote:

I increased the logging to 10 on the problem member server.  Didn't
see anything of interest.

I did a packet capture on the PDC while typing " net rpc testjoin"
from both the problem member server (4.4.14) and a working member
server (4.4.13)

e.g

         SMB:  ----- SMB Header -----
         SMB:
         SMB:  CLIENT REQUEST
         SMB:  Command code = 0x72
         SMB:  Command name =  SMBnegprot
         SMB:
         SMB:  SMB Status:
         SMB:     - Error class = No error
         SMB:     - Error code = No error
         SMB:
         SMB:  Header:
         SMB:     - Tree ID      (TID) = 0x0000
         SMB:     - Process ID   (PID) = 0xfffe
         SMB:     - User ID      (UID) = 0x0000
         SMB:     - Multiplex ID (MID) = 0x0000
         SMB:     - Flags summary = 0x18
         SMB:     - Flags2 summary = 0xc843
         SMB:
         SMB:  ByteCount = 49
         SMB:  Dialect String = NT LANMAN 1.0
         SMB:  Dialect String = NT LM 0.12
         SMB:  Dialect String = SMB 2.002
         SMB:  Dialect String = SMB 2.???
         SMB:



On the working member server, the packet capture included a lot of
"SMB" traffic.  With the problem server,  all the "SMB" packets were
empty.

e.g.

         SMB:  ----- SMB:   -----
         SMB:
         SMB:  ""
         SMB:




Both machines are configured for a max protocol of SMB2.  The problem
machine is also configured for a  min protocol of SMB2.


testparm -v

          client ipc max protocol = default
          client max protocol = SMB2
          server max protocol = SMB2

         client ipc min protocol = SMB2
          client min protocol = SMB2
          server min protocol = SMB2

On the PDC, the log file for IP_ADDRESS_OF_PROBLEM_SERVER shows


          Non-SMB packet of length 182. Terminating server


I wonder if this has anything to do with the same reason that you have
to set 'server max protocol = NT1' in smb.conf on the PDC if using
Win10 clients, see here for more info:

https://wiki.samba.org/index.php/Required_Settings_for_Samba_NT4_Domains#Windows_10:_There_Are_Currently_No_Logon_Servers_Available_to_Service_the_Logon_Request

Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba