[Samba] Samba 4 GA upgrade - auth failing
Kristofer
kristofer at cybernetik.net
Mon Dec 17 14:40:01 MST 2012
Andrew,
I posted a note to another thread when I saw your post re: "acl:search = false". I did a step-by-step upgrade through all of the RC's, and RC6 is what broke me. Once I saw that post the other day, I threw that config option in and everything was back to normal.
I guess I will just have to wait for a script to update my ACL's before that feature will be good for me.
Just some background about our environment (in case development cares for any reason):
14 AD servers
~ 800 users
50 Linux machines authenticating with winbindd (from RHEL and CentOS 6.3 and 5.8 repo).
Currently about 10 Windows 7 machines, and 5 Windows 2008 servers joined to the directory. In the coming months, we will have > 400 Windows 7 machines joined.
----- Original Message -----
From: "Andrew Bartlett" <abartlet at samba.org>
To: "Kristofer" <kristofer at cybernetik.net>
Cc: "samba list" <samba at lists.samba.org>
Sent: Monday, December 17, 2012 3:33:21 PM
Subject: Re: [Samba] Samba 4 GA upgrade - auth failing
On Thu, 2012-12-13 at 01:06 -0600, Kristofer wrote:
> --Apple-Mail=_5451A272-9820-42BF-A54B-E864FA9CD7AB
> Content-Transfer-Encoding: quoted-printable
> Content-Type: text/plain;
> charset=us-ascii
>
> Update:
>
> I downgraded back to RC4, and the servers are able to authenticate once =
> again. Something definitely broke things in one of the recent updates =
> for me. I just need to figure out what and why.
This is very odd - the changes made since RC4 really should not have hit
this area.
Do you have the energy to try and to a git bisect between the two
versions?
Otherwise and additionally, can you try setting 'acl:search=false' and
see if that helps (this disables ACL enforcement for reads, which was
the major change we made between these versions).
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba
mailing list