Web lists-archives.com

Re: [Samba] Authentication issues with Samba 4.3.8




Hi Rowland/All,

I have tried upgrading our Samba from 3.0.28 to 4.3.8.  I didn't wanted to remove my old working version, so I just stopped my samba service and installed new version.

I have overwritten the new smb.conf with our existing smb.conf and tried restarting with the new startup scripts.

4.3.8 is having three startup scripts smbd, nmbd, winbindd and I tried restarting all of them.

Here comes the issue, when tried to connect it was giving me the login prompt but it's not accepting the valid credentials.  Below are the logs for the steps I followed.

  check_ntlm_password:  Authentication for user [ChunduruK] -> [ChunduruK] FAILED with error NT_STATUS_LOGON_FAILURE
[2017/05/20 05:20:49, 2] smbd/sesssetup.c:setup_new_vc_session(1200)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2017/05/20 05:20:49, 2] auth/auth.c:check_ntlm_password(319)

[2017/06/06 09:12:16, 0] auth/auth_util.c:create_builtin_administrators(792)
  create_builtin_administrators: Failed to create Administrators
[2017/06/06 09:12:16, 2] auth/auth_util.c:create_local_nt_token(914)
  create_local_nt_token: Failed to create BUILTIN\Administrators group!
[2017/06/06 09:12:16, 0] auth/auth_util.c:create_builtin_users(758)
  create_builtin_users: Failed to create Users
[2017/06/06 09:12:16, 2] auth/auth_util.c:create_local_nt_token(941)
  create_local_nt_token: Failed to create BUILTIN\Users group!
[2017/06/06 09:12:16, 2] lib/access.c:check_access(323)

Then I stopped the 4.3.8 samba and then uninstalled it and started samba with the old startup's scripts and same config file. This time it works like a champ.

[2017/06/23 06:12:22, 2] lib/access.c:check_access(323)
  Allowed connection from  (X.X.X.X)
[2017/06/23 06:12:22, 2] lib/access.c:check_access(323)
  Allowed connection from  (X.X.X.X)
[2017/06/23 06:12:22, 1] smbd/service.c:make_connection_snum(1033)
  X.X.X.X (X.X.X.X) connect to service tmp initially as user chundurk (uid=222, gid=1) (pid 22544550)

I'm not sure if I need to install or change any of the settings.

Regards,
Krishna


-----Original Message-----
From: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] On Behalf Of Rowland Penny via samba
Sent: Wednesday, June 07, 2017 9:14 PM
To: samba@xxxxxxxxxxxxxxx
Subject: Re: [Samba] CVE-2017-7494 patches

On Wed, 7 Jun 2017 20:58:18 +0530
"Chunduru, Krishnachaithanya"
<Krishnachaithanya.Chunduru@xxxxxxxxxxxxxx<mailto:Krishnachaithanya.Chunduru@xxxxxxxxxxxxxx>> wrote:

> Thanks Rowland.
>
> I got one of the latest version from IBM 4.3.8, but they don't have
> the patches for CVE 2017-7494. ☺
>
> IBM told be to contact samba for getting the patches, do you or anyone
> have the patches link so that I can test all together.

As far as I am aware, there isn't a patch for the 4.3.x versions.
The only supported versions of Samba are 4.4.x, 4.5.x and 4.6.x and there are patches available for these, see here:

https://www.samba.org/samba/history/

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba