[Samba] Error with samba update in debian.

Luis Felipe Dominguez Vega luis.dominguez at mtz.desoft.cu
Wed Dec 28 13:27:12 UTC 2016 

Thanks.... this is my smb.conf
################################################################################
# Global parameters
[global]
        netbios name = DC
        realm = MTZ.DESOFT.CU
        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
        workgroup = MTZ
        server role = active directory domain controller
        idmap_ldb:use rfc2307 = yes
        client ldap sasl wrapping = sign
        ldap server require strong auth = No
        map to guest = bad user

        # Audit settings
        full_audit:prefix = %u|%I|%S
        full_audit:failure = connect
        full_audit:success = connect disconnect opendir mkdir rmdir closedir open close read pread write pwrite sendfile rename unlink chmod fchmod chown fchown chdir ftruncate lock symlink readlink link mknod realpath
        full_audit:facility = local5
        full_audit:priority = notice

        tls enabled       = yes
        tls certfile      = /var/lib/samba/private/tls/dc-cert.pem
        tls keyfile       = /var/lib/samba/private/tls/secure/dc-privkey.pem
        tls cafile        = /var/lib/samba/private/tls/cacert.pem
        tls crlfile       = /var/lib/samba/private/tls/mtz.desoft.cu.crl
        tls dhparams file = /var/lib/samba/private/tls/dc-dhparams.pem

#       ntlm auth = yes
#       lanman auth = yes
#       lanman auth = yes

[netlogon]
        path = /var/lib/samba/sysvol/mtz.desoft.cu/scripts
        read only = No
        vfs objects = full_audit

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No
        vfs objects = full_audit
################################################################################

i tried with setting all the comments in yes, then systemctl restart samba-ad-dc, but the squid neither authenticated, same errors, Need to full reset the AD server?
When i use the negotiate in squid i see this in squid

ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: NT_STATUS_UNSUCCESSFUL * NT_STATUS_UNSUCCESSFUL; }}

--------------------------------------- 
Al tanto 
Ing. Luis Felipe Domínguez Vega 
Administrador de la Red de Desoft Matanzas 
GNU/Linux Kernel Developer - rtlwifi kernel module 

"No es grande aquel que nunca falla, es grande el que nunca se da por vencido… " 

----- Original Message -----
From: "L.P.H. van Belle via samba" <samba at lists.samba.org>
To: samba at lists.samba.org
Sent: Wednesday, December 28, 2016 8:01:07 AM
Subject: Re: [Samba] Error with samba update in debian.

And i forgot to mention. 

 

This is what i have for my squid. 

 

auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \

    --kerberos /usr/lib/squid/negotiate_kerberos_auth -s HTTP/proxy.internal.domain.tld at REALM \

    --ntlm /usr/bin/ntlm_auth --helper-protocol=gss-spnego --domain=NTDOMAIN

 

See the ntlm line. =>  --helper-protocol=gss-spnego 

 

 

Greetz, 

 

Louis

 

 

 

> -----Oorspronkelijk bericht-----

> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Luis Felipe

> Dominguez Vega via samba

> Verzonden: woensdag 28 december 2016 13:41

> Aan: samba at lists.samba.org

> Onderwerp: [Samba] Error with samba update in debian.

> 

> Hello, I am a network admin and I have Samba 4 (4.5.2+dfsg-2) running into

> Debian Testing, before i update to this version my proxy (squid)

> authenticate with NTLM with ntlm_auth correctly, same to my FreeRadius

> server authenticating with winbind. But now with this update i can get to

> work again the autentications, when i request the NT_KEY to ntlm_auth it

> not return that key.

> 

> this is the output of ntlm_auth

> 

> root at proxy:~# ntlm_auth --diagnostic --helper-protocol=squid-2.5-ntlmssp

> MTZ\luis.dominguez <my_pass>

> BH SPNEGO request invalid prefix

> 

> and the output of squid

> ERROR: NTLM Authentication validating user. Result: {result=BH,

> notes={message: NT_STATUS_UNSUCCESSFUL NT_STATUS_UNSUCCESSFUL; }}

> 

> Requesting the nt key used by freeradius (the nt key is not in the output)

> 

> root at proxy:~# /usr/bin/ntlm_auth --request-nt-key --

> username=luis.dominguez

> Password:

> NT_STATUS_OK: Success (0x0)

> 

> ---------------------------------------

> Al tanto

> Ing. Luis Felipe Domínguez Vega

> Administrador de la Red de Desoft Matanzas

> GNU/Linux Kernel Developer - rtlwifi kernel module

> 

> "No es grande aquel que nunca falla, es grande el que nunca se da por

> vencido? "

> 

> 

> --

> To unsubscribe from this list go to the following URL and read the

> instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list