[Samba] samba 4.4.14 breaks classic domain
Gaiseric Vandal
gaiseric.vandal at gmail.com
Wed Jun 21 18:57:26 UTC 2017
Good catch. I had set server max protocol to NT1 after upgrading from
samba 3.x to 4.x . Some windows clients had problems with SMB2 and
file shares (tho this should not really be an issue with the domain
controllers.)
I have now set the dc's to
server max protocol = SMB2
server min protocol = NT1
and the client machine to be
client max protocol = SMB2
client min protocol = NT1
But it doesn't fix the problem. I don't thin kthe
The machine in question is not used heavily so it is possible there was
some issue prior to the latest patch.
Setting a 4.4.13 version machine to use NT1 and SMB2 as the min and max
protocols for client and server does not seem to cause a problems with
validating the domain membership.
I had compiled samba 4.5.1 some months ago in an alternate directory,
and it also fails with "net join" (although it may be picking up library
files that were updated with the system update.)
I may try rolling back the OS patches.
On 06/21/17 12:18, Rowland Penny via samba wrote:
> On Wed, 21 Jun 2017 11:55:47 -0400
> Gaiseric Vandal via samba <samba at lists.samba.org> wrote:
>
>> I increased the logging to 10 on the problem member server. Didn't
>> see anything of interest.
>>
>> I did a packet capture on the PDC while typing " net rpc testjoin"
>> from both the problem member server (4.4.14) and a working member
>> server (4.4.13)
>>
>> e.g
>>
>> SMB: ----- SMB Header -----
>> SMB:
>> SMB: CLIENT REQUEST
>> SMB: Command code = 0x72
>> SMB: Command name = SMBnegprot
>> SMB:
>> SMB: SMB Status:
>> SMB: - Error class = No error
>> SMB: - Error code = No error
>> SMB:
>> SMB: Header:
>> SMB: - Tree ID (TID) = 0x0000
>> SMB: - Process ID (PID) = 0xfffe
>> SMB: - User ID (UID) = 0x0000
>> SMB: - Multiplex ID (MID) = 0x0000
>> SMB: - Flags summary = 0x18
>> SMB: - Flags2 summary = 0xc843
>> SMB:
>> SMB: ByteCount = 49
>> SMB: Dialect String = NT LANMAN 1.0
>> SMB: Dialect String = NT LM 0.12
>> SMB: Dialect String = SMB 2.002
>> SMB: Dialect String = SMB 2.???
>> SMB:
>>
>>
>>
>> On the working member server, the packet capture included a lot of
>> "SMB" traffic. With the problem server, all the "SMB" packets were
>> empty.
>>
>> e.g.
>>
>> SMB: ----- SMB: -----
>> SMB:
>> SMB: ""
>> SMB:
>>
>>
>>
>>
>> Both machines are configured for a max protocol of SMB2. The problem
>> machine is also configured for a min protocol of SMB2.
>>
>>
>> testparm -v
>>
>> client ipc max protocol = default
>> client max protocol = SMB2
>> server max protocol = SMB2
>>
>> client ipc min protocol = SMB2
>> client min protocol = SMB2
>> server min protocol = SMB2
>>
>> On the PDC, the log file for IP_ADDRESS_OF_PROBLEM_SERVER shows
>>
>>
>> Non-SMB packet of length 182. Terminating server
>>
>>
> I wonder if this has anything to do with the same reason that you have
> to set 'server max protocol = NT1' in smb.conf on the PDC if using
> Win10 clients, see here for more info:
>
> https://wiki.samba.org/index.php/Required_Settings_for_Samba_NT4_Domains#Windows_10:_There_Are_Currently_No_Logon_Servers_Available_to_Service_the_Logon_Request
>
> Rowland
>
More information about the samba
mailing list