[Samba] Error with samba update in debian.

L.P.H. van Belle belle at bazuin.nl
Wed Dec 28 12:57:58 UTC 2016

Can you post your smb.conf that helps. 

But you probly forgot to set: 
ntlm auth = yes

and maybe more, a summup: 

This is the full list: 

The complete history, have a look at the X.x.0 release notes.

For the major differences (new features, etc.)

Upgrade samba from a : 4.4.x => 4.5.x 
! remove all idmap config lines from your smb.conf of the DC's.
! run: net cache flush
! Restart samba or reboot the DC

4.4.1 =>  4.5.0 : smb.conf changes 
    Parameter Name                Description             Default
    --------------                -----------             -------
    kccsrv:samba_kcc              Changed default         yes
    ntlm auth                     Changed default         no
    only user                     Removed
    password hash gpg key ids     New
    shadow:snapprefix             New
    shadow:delimiter              New                     _GMT
    smb2 leases                   Changed default         yes
    username                      Removed

4.4.0 => 4.4.1  !! YOU MUST READ THIS ONE !! ( lots changed here ) 
smb.conf new settings
    Parameter Name + default setting.		
    allow dcerpc auth level connect = no
    client ipc signing = default
    client ipc max protocol = default
    client ipc min protocol = default
    ldap server require strong auth = yes
    raw NTLMv2 auth = no
    tls verify peer = as_strict_as_possible
    tls priority = NORMAL:-VERS-SSL3.0

4.3.0 =>  4.4.0 : smb.conf changes 
smb.conf changes
    Parameter Name		Description	Default
    --------------		-----------	------
    aio max threads       	New		100
    ldap page size		Changed default	1000
    server multi channel support	New	No
    interfaces			Extended syntax

4.2.0 =>  4.3.0 : smb.conf changes 
smb.conf changes
    Parameter Name		Description		Default
    --------------		-----------		-------
    logging			New			(empty)
    msdfs shuffle referrals	New			no
    smbd profiling level	New			off
    spotlight			New			no
    tls priority		New 			NORMAL:-VERS-SSL3.0
    use ntdb			Removed
    change notify		Changed to [global]
    kernel change notify	Changed to [global]
    client max protocol		Changed	default		SMB3_11
    server max protocol		Changed default		SMB3_11
4.1.0 =>  4.2.0 : smb.conf changes 
smb.conf changes
    Parameter Name			Description	Default
    --------------			-----------	-------
    allow nt4 crypto          New             no
    neutralize nt4 emulation  New             no
    reject md5 client         New             no
    reject md5 servers        New             no
    require strong key        New             yes
    smb2 max read             Changed default 8388608
    smb2 max write            Changed default 8388608
    smb2 max trans            Changed default 8388608
    winbind expand groups     Changed default 0



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Luis Felipe
> Dominguez Vega via samba
> Verzonden: woensdag 28 december 2016 13:41
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Error with samba update in debian.
> Hello, I am a network admin and I have Samba 4 (4.5.2+dfsg-2) running into
> Debian Testing, before i update to this version my proxy (squid)
> authenticate with NTLM with ntlm_auth correctly, same to my FreeRadius
> server authenticating with winbind. But now with this update i can get to
> work again the autentications, when i request the NT_KEY to ntlm_auth it
> not return that key.
> this is the output of ntlm_auth
> root at proxy:~# ntlm_auth --diagnostic --helper-protocol=squid-2.5-ntlmssp
> MTZ\luis.dominguez <my_pass>
> BH SPNEGO request invalid prefix
> and the output of squid
> ERROR: NTLM Authentication validating user. Result: {result=BH,
> Requesting the nt key used by freeradius (the nt key is not in the output)
> root at proxy:~# /usr/bin/ntlm_auth --request-nt-key --
> username=luis.dominguez
> Password:
> NT_STATUS_OK: Success (0x0)
> ---------------------------------------
> Al tanto
> Ing. Luis Felipe Domínguez Vega
> Administrador de la Red de Desoft Matanzas
> GNU/Linux Kernel Developer - rtlwifi kernel module
> "No es grande aquel que nunca falla, es grande el que nunca se da por
> vencido? "
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list