[Samba] Fileserver upgraded from 4.1.17 to 4.2 dosen't authenticate users

Dale Schroeder dale at BriannasSaladDressing.com
Fri Apr 22 17:58:31 UTC 2016 

Mathias,

What you say is true in theory, but after Debian went from 4.1 to 4.3, 
my NT4 domain no longer works.  The initial error was no logon server 
available.  I've asked if anyone has a working NT4 domain on 4.3, and no 
one has replied that they do; therefore, I assume that there are none.  
Additionally, there were specific changes indicated for NT4 domains in 
the 4.2 release notes, but when Marc released the NT4 domain wiki page, 
there is no mention of these parameters or how they should be applied.  
Using them did not improve the domain situation for me.  That is why I 
said that things don't look good for NT4 domains.  With the advent of 
Samba4 AD capabilities, NT4 domains are passé.  I wish I was wrong.

With the spate of messages on this list since the security updates were 
released, I see no reason to rush in the AD direction either. A 
workgroup looks better every day...........

Dale


On 04/22/2016 3:31 AM, mathias dufresne wrote:
> Hi,
>
> I thought Samba4 was able to do everything what was doing Samba3.
>
> According to that isn't it possible for you to add a new DC into your 
> NT4 domain which runs Samba4? As it is a DC in addition to others DC 
> (those running Samba3) your domain should continue to work as it did 
> for years. You would just get another DC running more recent Samba.
>
> I expect that Samba4 as filesrv is able to communicate correctly with 
> Samba4 as NT4 DC.
>
> If my suppositions are not wrong, this would solve your strange RPC 
> issue and also give a way to update your NT4 DC which seems an 
> important thing according to that link which seems to show that samba3 
> is not supported any more.
> https://wiki.samba.org/index.php/Samba_Release_Planning#General_information
>
> 2016-04-22 8:23 GMT+02:00 Mgr. Peter Tuharsky <tuharsky at misbb.sk 
> <mailto:tuharsky at misbb.sk>>:
>
>     Thank You, Dale
>
>     The parameters I understood from documentation did nothing for me too.
>
>     I see I must upgrade Samba on DC. I'm reluctant since this is always
>     quite delicate thing though, don't want break the whole network...
>
>     Dňa 20.04.2016 o 20:12 Dale Schroeder napísal(a):
>     > On 04/20/2016 5:22 AM, Mgr. Peter Tuharsky wrote:
>     >> Hallo
>     >>
>     >> The Debian team was unable to keep 4.1.17 patched, so they
>     switched to
>     >> 4.2 branch. However, fileserver at this version (4.2.10) is no
>     more able
>     >> to communicate with DC at samba 3.5 (unable to authenticate
>     users - got
>     >> weird rpc version error in log)
>     >>
>     >> Please, are there any parameters that could make this work for a
>     >> while now?
>     >>
>     >> Sincerely
>     >>
>     >> Peter
>     >
>     > Peter,
>     >
>     > I've been asking the same basic question periodically for the
>     last two
>     > weeks and have not gotten any replies that make things work.  No one
>     > has volunteered that their Samba NT4 domain works with the new
>     versions.
>     >
>     > You could start by looking at the "Winbindd/Netlogon improvements"
>     > section here: https://www.samba.org/samba/history/samba-4.2.0.html
>     >
>     > None of these parameters made any difference for me, but your
>     luck may
>     > be better than mine.  Additionally, you will face the challenges
>     > brought on by the security fixes.  It's not looking good for
>     Samba NT4
>     > domains.
>     >
>     > Dale
>
>
>     --
>     To unsubscribe from this list go to the following URL and read the
>     instructions: https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list