[Samba] mixed problems with samba 4.2.10

Martin, Bruce W bruce.w.martin at vanderbilt.edu
Mon Apr 25 15:54:02 UTC 2016 

I am the IT administrator for a group of researchers at a university. I have two SAMBA servers. One running CentOS 6 and one running CentOS 7. Both are running Samba 4.2.10 (4.2.10-6.el6_7 and 4.2.10-6.el7_2 respectively).
When they were running the previous version of Samba everything worked fine and and both domain bound machines and non-domain bound machines could log in and mount/map both individual owned home directories and group directories that used the “valid users =@group” parameter. User Account Configuration is NIS and Authentication is Kerberos password. I manage my NIS servers but the Kerberos and Active Directory Domain controllers are managed by the University IT organization.

Since the “Update" to samba 4.2.10 the Non-domain bound Macs and Linux (Ubuntu) machines can no longer log in. Windows machines, both Domain bound and non-Domain bound  can use the servers normally.
I am not running winbindd on these servers. I have tried running it and samba just quits working for everyone. Probably a configuration issue but not one I have looked into yet and would like to try and avoid. I have a CentOS6 machine running  winbindd and samba 3.6.23-30.el6_7 but the problems there are on a different thread.

I have used the same smb.conf file for years across several versions of RHEL and CentOS and it has worked fine until now.

Any suggestions on where to go from here?

Here is a sample from the smb.conf file with some info redacted.

[global]
workgroup = DOMAIN
realm = RELM
netbios name = HOSTNAME
server string = Samba Server version %v
interfaces = eno16777736
security = ADS
unix extensions = No
wins server = 10.109.18.219
ldap ssl = no
template shell = /bin/bash
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind separator = +
idmap config * : range = 100-60000
idmap config * : backend = tdb
hosts allow = 127.0.0.1, 10.
cups options = raw
restrict anonymous = 2
server signing = auto

[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
print ok = Yes
browseable = No

[homes]
comment = Home Directories
valid users = %S
read only = No
create mask = 0644
case sensitive = Yes
browseable = No

[AFTP]
comment = Anonymous FTP Server Directory
path = /home/aftp
valid users = @group
write list = @group
force group = group
read only = No
create mask = 0644
inherit permissions = Yes
case sensitive = Yes
browseable = No

More information about the samba mailing list