[Samba] Simple question about netbios name and workgroup, in smb.conf

Rowland Penny rpenny at samba.org
Fri Oct 6 18:02:31 UTC 2023 

On Fri, 6 Oct 2023 14:03:55 -0300
Ricardo Campos via samba <samba at lists.samba.org> wrote:

> Hi, all. I need some help.
> 
> I've installed samba 4.4 in a SuSE 42.2,  years ago and it was still
> running smoothly till weeks ago. It is still running but new windows
> machines and old ones that were updated with some Microsoft software
> could not enter the domain because of a sort of loss of confidence
> error.
> 
> Well, I was called to solve the problem. It seemed to me that the
> better way to do it was to install the new version of samba (4.19.0)
> which was said to correct the issue. I'm exactly at this point.
> 
> I installed it, and openldap, in a Ubuntu 22.04 LTS box, from source
> and started some tests, but I couldn't go far enough because smbd
> finds errors:
> 
> [2023/09/25 13:56:40.683717,  0]
> ../../source3/passdb/pdb_ldap_util.c:313(smbldap_search_domain_info)
>   smbldap_search_domain_info: Adding domain info for *NEWATENA*
> failed with NT_STATUS_UNSUCCESSFUL
> [2023/09/25 13:56:40.683755,  0]
> ../../source3/passdb/pdb_ldap.c:6716(pdb_ldapsam_init_common)
>   pdb_init_ldapsam: WARNING: Could not get domain info, nor add one
> to the domain. We cannot work reliably without it.
> [2023/09/25 13:56:40.683769,  0]
> ../../source3/passdb/pdb_interface.c:182(make_pdb_method_name)
>   pdb backend ldapsam:ldap://127.0.0.1 did not correctly init (error
> was NT_STATUS_CANT_ACCESS_DOMAIN_INFO)
> 
> A piece of the smb.conf file follows:

Please do not post part of a smb.conf , it doesn't really help, it
would be better to post the output of 'testparm -s'
 
> 
>     server max protocol = NT1
>     #
>     preserve case = no
>     time server = yes
>     inherit acls = yes
>     nt acl support = yes
>     netbios name = *newatena*
>     netbios aliases = newatena
>     inherit permissions = yes
>     printing = cups
>     logon script = logon.bat
>     dos charset = iso-8859-1
>     local master = yes
>     workgroup = *FUTURO*
>     os level = 33
> 
> Both newatena and FUTURO are temporary names, since I still have the
> samba 4.4 running.

Samba 4.4 is extremely old
 
> 
> With slapcat we can see this (partial) entry:
> 
> dn: sambaDomainName=*FUTURO*,dc=xxxx,dc=xxx,dc=xx
> sambaDomainName: *FUTURO*
> sambaAlgorithmicRidBase: 1000
> sambaNextUserRid: 1000
> sambaMinPwdLength: 5
> structuralObjectClass: sambaDomain
> 
> My simple question is this: why would samba asks for a domain using
> the *netbios
> name* instead of the *workgroup*?

Because, there are two workgroups on a Samba server, one, the 'local'
one, uses the NetBIOS name and the 'domain' that uses the NetBIOS domain
name.

> 
> If you need more information, please ask.

Yes, why are you trying to keep an old obsolete system working ?
The old 'PDC' type domains rely on SMBv1 and that protocol is very,
very insecure. You would be better off either upgrading your existing
domain to AD, or setting up a new domain, the latter is probably better
because it gets rid of all the really old ways of doing things.

Rowland

More information about the samba mailing list