[Samba] Samba v3 works with LDAP, but not Samba v4

[Rowland Penny]

On Tue, 16 Oct 2018 12:13:16 -0700
Emil Henry via samba <samba at lists.samba.org> wrote:

> Hello!
> 
> We have Samba v3 (3.5.10) working against an LDAP server, and need to
> upgrade to Samba v4 (4.7.1), RHEL 7 supports only v4. Tried multiple
> configs of the smb.conf (including the old config) without success.
> Cleaned up smb.conf is below. Also, included is the output of a
> smbclient command on the SMBServer with debug option 10. Hoping that
> someone can point me in the right direction.
> 
> Thanks
> 
> [global]
>         security = user
>         ldap user suffix = ou=people
>         ldap group suffix = ou=groups
>         ldap ssl = off
>         ldap passwd sync = yes
>         ldap delete dn = no
>         workgroup = WORKGROUP
>         server string = "Samba Drives"
>         netbios name = SMBServer
>         log file = /var/log/samba/log.%m
> 
> # For debugging enable the log level of 5
>         log level = 5
>         max log size = 50
> 
> # LDAP Settings
>         ldap suffix = "o=EXAMPLE"
>         ldap admin dn = "cn=PUSer,ou=Proxies,ou=Auth,o=EXAMPLE"
>         passdb backend = ldapsam:ldap://ldapserver.example.com
> 
> [homes]
>         valid users = %S
>         read only = No
>         writeable = yes
>         browseable = no
>         create mask = 0600
>         public = No
>         comment = %u's Z-Drive
>         nt acl support = no
>         inherit permissions = no
>         hide dot files = yes
>         directory mask = 0700
>         force create mode = 0700
>         valid users = MYDOMAIN\%S
> 

Hmm, I don't this is going to work:

negotiated dialect[SMB3_11] against server[localhost]

Try adding:

server max protocol = NT1
client max protocol = NT1

To smb.conf

Check that Samba can contact the ldap server.

Rowland