[Samba] Samba 4 GA upgrade - auth failing

Kristofer kristofer at cybernetik.net
Mon Dec 17 14:40:01 MST 2012


Andrew, 

I posted a note to another thread when I saw your post re: "acl:search = false". I did a step-by-step upgrade through all of the RC's, and RC6 is what broke me. Once I saw that post the other day, I threw that config option in and everything was back to normal. 

I guess I will just have to wait for a script to update my ACL's before that feature will be good for me. 

Just some background about our environment (in case development cares for any reason): 

14 AD servers 
~ 800 users 
50 Linux machines authenticating with winbindd (from RHEL and CentOS 6.3 and 5.8 repo). 
Currently about 10 Windows 7 machines, and 5 Windows 2008 servers joined to the directory. In the coming months, we will have > 400 Windows 7 machines joined. 


----- Original Message -----

From: "Andrew Bartlett" <abartlet at samba.org> 
To: "Kristofer" <kristofer at cybernetik.net> 
Cc: "samba list" <samba at lists.samba.org> 
Sent: Monday, December 17, 2012 3:33:21 PM 
Subject: Re: [Samba] Samba 4 GA upgrade - auth failing 

On Thu, 2012-12-13 at 01:06 -0600, Kristofer wrote: 
> --Apple-Mail=_5451A272-9820-42BF-A54B-E864FA9CD7AB 
> Content-Transfer-Encoding: quoted-printable 
> Content-Type: text/plain; 
> charset=us-ascii 
> 
> Update: 
> 
> I downgraded back to RC4, and the servers are able to authenticate once = 
> again. Something definitely broke things in one of the recent updates = 
> for me. I just need to figure out what and why. 

This is very odd - the changes made since RC4 really should not have hit 
this area. 

Do you have the energy to try and to a git bisect between the two 
versions? 

Otherwise and additionally, can you try setting 'acl:search=false' and 
see if that helps (this disables ACL enforcement for reads, which was 
the major change we made between these versions). 

Thanks, 

Andrew Bartlett 

-- 
Andrew Bartlett http://samba.org/~abartlet/ 
Authentication Developer, Samba Team http://samba.org 





More information about the samba mailing list