[Samba] Joining 4.2.2 Samba client to Samba3 PDC

joseph-andre Guaragna jaguaragna at rdmo.com
Fri Jun 12 02:43:59 MDT 2015 

HI David,

We encountered this kind of issue with to server running with
different samba version and solve the problem by ass you said update
the oldest one to a "closer version".


Hope it helped;
Meilleures salutations / Best regards,

Joseph-André GUARAGNA
ingénieur Système et Réseau / Network and System engineer



RD MACHINES-OUTILS

77, allée de l'Industrie  F-74130 CONTAMINE SUR ARVE
Tel : +33 (0) 4 50 03 90 77    -   Fax :+33 (0) 4 50 03 66 79
www.rdmo.com / www.rdmo-spare-parts.com


2015-06-11 23:37 GMT+02:00 David Morgan <dmorgan at westquad.med.harvard.edu>:
>
> Hi,
>
> Not sure of the etiquette of this, so apologies if this is frowned upon, but
> a couple of months ago, this[1] question was asked.
>
> I'm trying to join a Samba 4.2.2 server to a Samba 3.4.7 PDC (e.g. Think
> NT4, not AD), which is also our OpenLDAP principal server.  I'm failing
> because, although my "net rpc join" command seems to succeed, and the host
> entry is added to the directory, I keep getting messages such as this in
> /var/log/samba/log.CLIENT_IP on my PDC/LDAP host:
>
>   _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting
> auth request from client CLIENT machine account CLIENT$
> [2015/06/11 16:46:18,  0]
> rpc_server/srv_netlog_nt.c:603(_netr_ServerAuthenticate3)
>   _netr_ServerAuthenticate3: netlogon_creds_server_check failed. Rejecting
> auth request from client CLIENT machine account CLIENT$
>
> and the user that I've added, fails to log in, with basically a "permissions
> denied" error (I'm trying to log in from OS X 10.10.3). This login attempt
> correlates with the two error lines above.
>
> The PDC is running Ubuntu 10.04 (* * *looks away in embarrassment* * *) and
> the client CLIENT[2] is Ubuntu Server 14.04.  The sensible advice might
> likely be: UPGRADE YOUR PDC HOST, DUMMY!, and I do intend to do that, but if
> we could get this working it would be really neat-o keen, and would buy us a
> bit of time.  The motivation for this is to give our OS X users the
> significant performance advantages that vfs_fruit has to offer them (Thanks
> again, Ralph![3]).  If the only solution is to upgrade the PDC, that's
> ultimately fine, but that will of course take more time.
>
> If you've read this far, Thanks![4]
>
> -DM
>
>
> [1]
>> Francesco Malvezzi francesco.malvezzi at unimore.it
>> Tue Apr 14 00:41:15 MDT 2015
>>
>> hi all,
>>
>> my working samba-4.1.7 member of a samba3 domain (samba-3.5.3) failed
>> while updating to samba-4.2.0. Users were no longer able to access
>> shares because the trust account was broken.
>>
>> According to release notes (Winbindd/Netlogon improvements):
>>
>> For the client side we have the following new options:
>> "require strong key" (yes by default), "reject md5 servers" (no by > >
>> default).
>> E.g. for Samba 3.0.37 you need "require strong key = no" and
>> for NT4 DCs you need "require strong key = no" and "client NTLMv2 > > >
>> auth = no",
>>
>> so in samba-4.2.0 member's smb.conf I put:
>>
>>  require strong key = no
>>  client NTLMv2 auth = no
>>
>> but yet trust account wasn't able to authenticate on domain PDC.
>>
>> Which are the correct switches to allow a samba-4.2.0 member to join a
>> samba3 PDC?
>>
>> thank you,
>>
>> Francesco
>
> [2] Not his real name.
>
> [3] Legally required statement.
>
> [4] ...but you might need to get outside more. :-O
>
> --
> David S Morgan, Ph.D.                    david_morgan at hms.harvard.edu
> Director                                 http://wqcg.med.harvard.edu
> West Quad Computing Group                Office: 617-651-0259
> Harvard Medical School
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list