Web lists-archives.com

Re: [Samba] smbclient v3 against samba server v4




On Wed, 19 Dec 2018 11:20:30 +0000
Andrea Zagli <azagli@xxxxxxxxx> wrote:

> Il giorno mer 19 dic 2018 11:46:56 CET, Rowland Penny via samba ha
> scritto:
> 
> > On Wed, 19 Dec 2018 09:31:38 +0000
> > Andrea Zagli via samba <samba@xxxxxxxxxxxxxxx> wrote:
> >
> >> hi all
> >>
> >> i'm trying to use smbclient v3 with a samba server v4 configured
> >> as ad
> >>
> >> with anonymous login it works; but it doesn't using a user
> >>
> >> i get NT_STATUS_LOGON_FAILURE
> >>
> >> the pc isn't in the domain; but i tried from a non domain pc with
> >> smbclient v4 and it works
> >
> > I think you have answered yourself, it doesn't work with smbclient
> > v3 (by which, I take it you mean from a Samba 3.x.x version), but
> > it does with smbclient v4. There have been a great many changes
> > between Samba 3.x.x and now and it is probably at least one of
> > these changes that is stopping it working.
> 
> so the next questions are:
> - winbind v3 could authenticate against samba v4 ad?

Samba 3.6.x should be able to authenticate from an AD domain, I
believe the same goes for 3.5.x
 
> or i could
> simply use nsswitch with ldap (as with a samba v3 server)?

Probably, never tried it, nslcd works against AD

> - samba v3 can join a samba v4 ad?

Samba 3.6.x has been known to join an AD domain, not sure about 3.5.x

> 
> > The only versions that Samba supports are 4.7.x, 4.8.x and 4.9.x,
> > all others are supported by the OS's
> >
> > Having said all that, we may be able to help you, if you give us
> > more info ;-)
> >
> > What OS is smbclient v3 running on and what is in its smb.conf (not
> > that the latter should affect smbclient)
> > What OS is the Samba AD DC running on and what is in its smb.conf.
> >
> 
> smbclient V3
>   - debian 6.0.10
>   - smbclient 3.5.6

Both Squeeze & Samba 3.5.x are EOL, can I suggest you upgrade to the
latest Debian version. You can also find the latest Samba version here:

http://apt.van-belle.nl/

> 
> smb.conf v3
> 
> [global]
>     workgroup = WORKGROUP (i tried to change it to the domain name
> as i found is suggested in some site)
>     server string = %h server
>     dns proxy = no
>     log file = /var/log/samba/log.%m
>     max log size = 1000
>     syslog = 0
>     panic action = /usr/share/samba/panic-action %d
>     encrypt passwords = true
>     passdb backend = tdbsam
>     obey pam restrictions = yes
>     unix password sync = yes
>     passwd program = /usr/bin/passwd %u
>     passwd chat = *Enter\snew\s*\spassword:* %n\n  
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>     pam password change = yes
> [homes]
>     comment = Home Directories
>     browseable = no
>     read only = yes
>     create mask = 0700
>     directory mask = 0700
>     valid users = %S
> [printers]
>     comment = All Printers
>     browseable = no
>     path = /var/spool/samba
>     printable = yes
>     guest ok = no
>     read only = yes
>     create mask = 0700
> [print$]
>     comment = Printer Drivers
>     path = /var/lib/samba/printers
>     browseable = yes
>     read only = yes
>     guest ok = no

If you are going to try and join this to the AD domain, you will need
to change the smb.conf, see here:

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba