[Samba] smbclient v3 against samba server v4

Andrea Zagli azagli at libero.it
Wed Dec 19 11:20:30 UTC 2018 

Il giorno mer 19 dic 2018 11:46:56 CET, Rowland Penny via samba ha scritto:

> On Wed, 19 Dec 2018 09:31:38 +0000
> Andrea Zagli via samba <samba at lists.samba.org> wrote:
>
>> hi all
>>
>> i'm trying to use smbclient v3 with a samba server v4 configured as ad
>>
>> with anonymous login it works; but it doesn't using a user
>>
>> i get NT_STATUS_LOGON_FAILURE
>>
>> the pc isn't in the domain; but i tried from a non domain pc with
>> smbclient v4 and it works
>
> I think you have answered yourself, it doesn't work with smbclient v3
> (by which, I take it you mean from a Samba 3.x.x version), but it does
> with smbclient v4. There have been a great many changes between Samba
> 3.x.x and now and it is probably at least one of these changes that is
> stopping it working.

so the next questions are:
- winbind v3 could authenticate against samba v4 ad? or i could simply  
use nsswitch with ldap (as with a samba v3 server)?
- samba v3 can join a samba v4 ad?

> The only versions that Samba supports are 4.7.x, 4.8.x and 4.9.x, all
> others are supported by the OS's
>
> Having said all that, we may be able to help you, if you give us more
> info ;-)
>
> What OS is smbclient v3 running on and what is in its smb.conf (not that
> the latter should affect smbclient)
> What OS is the Samba AD DC running on and what is in its smb.conf.
>

smbclient V3
  - debian 6.0.10
  - smbclient 3.5.6

smb.conf v3

[global]
    workgroup = WORKGROUP (i tried to change it to the domain name as  
i found is suggested in some site)
    server string = %h server
    dns proxy = no
    log file = /var/log/samba/log.%m
    max log size = 1000
    syslog = 0
    panic action = /usr/share/samba/panic-action %d
    encrypt passwords = true
    passdb backend = tdbsam
    obey pam restrictions = yes
    unix password sync = yes
    passwd program = /usr/bin/passwd %u
    passwd chat = *Enter\snew\s*\spassword:* %n\n  
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
    pam password change = yes
[homes]
    comment = Home Directories
    browseable = no
    read only = yes
    create mask = 0700
    directory mask = 0700
    valid users = %S
[printers]
    comment = All Printers
    browseable = no
    path = /var/spool/samba
    printable = yes
    guest ok = no
    read only = yes
    create mask = 0700
[print$]
    comment = Printer Drivers
    path = /var/lib/samba/printers
    browseable = yes
    read only = yes
    guest ok = no


samba server v4
  - debian 9.6
  - samba 4.5.12

smb.conf v4

[global]
         netbios name = SAMBA4
         realm = COMSCAND.NONATSAMBA4.IT
         workgroup = COMSCAND
         dns forwarder = 192.168.150.161
         server role = active directory domain controller
         idmap_ldb:use rfc2307 = yes
[netlogon]
         path = /var/lib/samba/sysvol/comscand.nonatsamba4.it/scripts
         read only = No
[sysvol]
         path = /var/lib/samba/sysvol
         read only = No
[samba1]
         path = /mnt/samba1
         read only = No


thanks

More information about the samba mailing list