[Samba] Problem after upgrading to Debian 10

Sat Jul 13 08:24:15 UTC 2019

On 12/07/2019 22:01, Rowland penny via samba wrote:
> On 12/07/2019 21:29, Alberto José García Fumero wrote:
>> El vie, 12-07-2019 a las 21:05 +0100, Rowland penny via samba escribió:
>>> On 12/07/2019 20:23, Alberto José García Fumero via samba wrote:
>>>> Excuse me if I bother you, but I badly need help.
>>>>
>>>> Let me describe the situation. In my network there is a group of
>>>> Windows boxes in a Windows domain (THE_DOMAIN),
>>> What is the Windows DC ?
>>>>    three computers with
>>>> Debian 9.x not linked to the domain (in a workgroup named
>>>> TECHNOLOGY,
>>>> and the parameter security=user) one of which I use, and other
>>>> three
>>>> computers with Debian 7.x in another workgroup (and security=share,
>>>> so
>>>> no problem accessing these).
>>> You will have a problem when you upgrade the EOL Debian Wheezy,
>>> 'security = share' no longer exists.
>>>> When using Debian 9.x I was able to access (by way of Nautilus) the
>>>> shared resources in all boxes in the domain THE_DOMAIN identifying
>>>> me
>>>> as the user administrator of the Samba 4 domain in the dialog
>>>> window.
>>>> After upgrading to Debian 10, this is no longer possible.
>>>>
>>>> What I am doing wrong? Is it necessary to join the domain, after
>>>> this
>>>> upgrade?
>>> This is probably down to the value for 'ntlm auth' being changed
>>> from
>>> 'yes' to 'ntlmv2-only' at 4.7.0
>>>
>>> Rowland
>>>
>>>
>> The domain controller is a Samba 4.
>>
>> So what could I do? Is it possible to modify that parameter?
>
> What version of Samba is running on the DC ?
>
> What is the OS the DC is running on ?
>
> How is Samba running on the DC, as an NT4-style PDC or an AD DC ?
>
> Rowland
>
>
>
Whilst waiting for my questions to be answered, I took another look at 
the smb.conf.

After removing all the default lines, it becomes this:

[global]
     workgroup = TECHNOLOGY
     server string = Desarrollo
     security = user
     hosts allow = 192.168.0. 127.
     cups options = raw
     username map = /etc/samba/smbusers
     log file = /var/log/samba/%m.log
     max log size = 50
     local master = no

[homes]
     comment = Home Directories
     browseable = no
     read only = no

[printers]
     comment = All Printers
     path = /usr/spool/samba
     guest ok = yes
     printable = yes

[compartido]
     comment = Lo que comparte Desarrollo
     path = /Compartido
     guest ok = yes

I have to ask, did this ever work ?

You have 'guest ok = yes' set in two of the shares, but the default for 
'map to guest' is 'never', so you cannot have guest access, for this you 
need 'map to guest = bad user' set in [global]. Not that this really 
matters because you do not have 'unix passwd sync = yes' set in 
[global]. This means that nobody can connect to any of your shares.

With a properly set up Samba standalone server on Devuan Ascii (aka 
Debian Stretch without systemd), I can connect to shares on a Domain 
computer as a Domain user. I can also connect to a Domain share as a 
guest user.

Rowland