[Samba] Error with samba update in debian.
L.P.H. van Belle
belle at bazuin.nl
Wed Dec 28 14:40:34 UTC 2016
About the :
> ERROR: Negotiate Authentication validating user. Result: {result=BH,
> notes={message: NT_STATUS_UNSUCCESSFUL * NT_STATUS_UNSUCCESSFUL; }}
I suspect the pc you trying with is not domain joined?
Or you using user at REALM
Can you add ?-d? to the auth line of squid and try again and post that log.
( -d = enable debugging )
Now what i dont know.
A samba DC reported with wbinfo ?u : DOMAIN\user
I have in my samba member ( and this is a member only setting ) winbind enum users = yes
So when i wbinfo ?u i see only the usernames.
In the second link, a snap from some text.
/snap
You may need to use a Basic auth helper that allows stripping the
@DOMAIN part off the credentials received. I think some systems send the
user at DOMAIN in Basic with the machine name as DOMAIN. That wont work
against any real DC server.
/snap-off
This can be a problem, but im not sure about that, thats more a squid list question.
And remove : map to guest = bad user in smb.conf
If needed you can add it later on, first detect whats going wrong.
Now, i had the same problem. My question to the squid list. Starts here :
http://lists.squid-cache.org/pipermail/squid-users/2015-August/005025.html
And my last question.
http://lists.squid-cache.org/pipermail/squid-users/2015-August/005033.html
Read throug it, i can help you... Amos explains better then me.
Beware, debian testing can break easy, especialy before the freeze so know what your doing.
And do remember debian testing does NOT get security updates quick.
Debian Testing is last to get them.
I hope this helps you bit more.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny via
> samba
> Verzonden: woensdag 28 december 2016 15:17
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Error with samba update in debian.
>
> On Wed, 28 Dec 2016 08:45:17 -0500 (CST)
> Luis Felipe Dominguez Vega <luis.dominguez at mtz.desoft.cu> wrote:
>
> > I comment the idmap line and "systemctl restart samba-ad-dc" but the
> > squid not authenticate, same error...
> >
> > ---------------------------------------
> > Al tanto
> > Ing. Luis Felipe Domínguez Vega
> > Administrador de la Red de Desoft Matanzas
> > GNU/Linux Kernel Developer - rtlwifi kernel module
> >
> > "No es grande aquel que nunca falla, es grande el que nunca se da por
> > vencido? "
> >
> > ----- Original Message -----
> > From: "Rowland Penny via samba" <samba at lists.samba.org>
> > To: samba at lists.samba.org
> > Sent: Wednesday, December 28, 2016 8:12:30 AM
> > Subject: Re: [Samba] Error with samba update in debian.
> >
> > On Wed, 28 Dec 2016 13:57:58 +0100
> > "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> >
> > > Hai,
> > > Can you post your smb.conf that helps.
> > >
> > > But you probly forgot to set:
> > > ntlm auth = yes
> > >
> > > and maybe more, a summup:
> > >
> > > This is the full list:
> > >
> https://wiki.samba.org/index.php/Samba_Features_added/changed_(by_release)
> > >
> > >
> > > The complete history, have a look at the X.x.0 release notes.
> > > https://www.samba.org/samba/history/
> > >
> > > For the major differences (new features, etc.)
> > >
> > > Upgrade samba from a : 4.4.x => 4.5.x
> > > ! remove all idmap config lines from your smb.conf of the DC's.
> > > ! run: net cache flush
> > > ! Restart samba or reboot the DC
> > >
> >
> > Nearly correct ;-)
> >
> > It should be:
> >
> > If you have 'idmap config' lines in a smb.conf on a DC, remove them.
> > They had absolutely no affect and did nothing before Samba version
> > 4.5.0, from Samba 4.5.0 they lead to errors.
> >
> > Rowland
> >
>
> If you mean:
>
> idmap_ldb:use rfc2307 = yes
>
> Then uncomment it, you need this line on a Samba AD DC.
>
> I referred to the 'idmap config' lines you find on a Samba domain
> member, i.e. 'idmap config SAMDOM : range = 10000-999999'
>
> These lines do not have and never have had a place on a Samba AD DC.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list