[Samba] Problem after upgrading to Debian 10

Mon Jul 15 19:25:20 UTC 2019

On 15/07/2019 20:14, Alberto José García Fumero via samba wrote:
> El sáb, 13-07-2019 a las 09:24 +0100, Rowland penny via samba escribió:
>> On 12/07/2019 22:01, Rowland penny via samba wrote:
>>> On 12/07/2019 21:29, Alberto José García Fumero wrote:
>>>> El vie, 12-07-2019 a las 21:05 +0100, Rowland penny via samba
>>>> escribió:
>>>>> On 12/07/2019 20:23, Alberto José García Fumero via samba
>>>>> wrote:
>>>>>> Excuse me if I bother you, but I badly need help.
>>>>>>
>>>>>> Let me describe the situation. In my network there is a group
>>>>>> of
>>>>>> Windows boxes in a Windows domain (THE_DOMAIN),
>>>>> What is the Windows DC ?
>>>>>>     three computers with
>>>>>> Debian 9.x not linked to the domain (in a workgroup named
>>>>>> TECHNOLOGY,
>>>>>> and the parameter security=user) one of which I use, and
>>>>>> other
>>>>>> three
>>>>>> computers with Debian 7.x in another workgroup (and
>>>>>> security=share,
>>>>>> so
>>>>>> no problem accessing these).
>>>>> You will have a problem when you upgrade the EOL Debian Wheezy,
>>>>> 'security = share' no longer exists.
>>>>>> When using Debian 9.x I was able to access (by way of
>>>>>> Nautilus) the
>>>>>> shared resources in all boxes in the domain THE_DOMAIN
>>>>>> identifying
>>>>>> me
>>>>>> as the user administrator of the Samba 4 domain in the dialog
>>>>>> window.
>>>>>> After upgrading to Debian 10, this is no longer possible.
>>>>>>
>>>>>> What I am doing wrong? Is it necessary to join the domain,
>>>>>> after
>>>>>> this
>>>>>> upgrade?
>>>>> This is probably down to the value for 'ntlm auth' being
>>>>> changed
>>>>> from
>>>>> 'yes' to 'ntlmv2-only' at 4.7.0
>>>>>
>>>>> Rowland
>>>>>
>>>>>
>>>> The domain controller is a Samba 4.
>>>>
>>>> So what could I do? Is it possible to modify that parameter?
>>> What version of Samba is running on the DC ?
>>>
>>> What is the OS the DC is running on ?
>>>
>>> How is Samba running on the DC, as an NT4-style PDC or an AD DC ?
>>>
>>> Rowland
>>>
>>>
>>>
>> Whilst waiting for my questions to be answered, I took another look
>> at
>> the smb.conf.
>>
>> After removing all the default lines, it becomes this:
>>
>> [global]
>>       workgroup = TECHNOLOGY
>>       server string = Desarrollo
>>       security = user
>>       hosts allow = 192.168.0. 127.
>>       cups options = raw
>>       username map = /etc/samba/smbusers
>>       log file = /var/log/samba/%m.log
>>       max log size = 50
>>       local master = no
>>
>> [homes]
>>       comment = Home Directories
>>       browseable = no
>>       read only = no
>>
>> [printers]
>>       comment = All Printers
>>       path = /usr/spool/samba
>>       guest ok = yes
>>       printable = yes
>>
>> [compartido]
>>       comment = Lo que comparte Desarrollo
>>       path = /Compartido
>>       guest ok = yes
>>
>> I have to ask, did this ever work ?
>>
>> You have 'guest ok = yes' set in two of the shares, but the default
>> for
>> 'map to guest' is 'never', so you cannot have guest access, for this
>> you
>> need 'map to guest = bad user' set in [global]. Not that this really
>> matters because you do not have 'unix passwd sync = yes' set in
>> [global]. This means that nobody can connect to any of your shares.
>>
>> With a properly set up Samba standalone server on Devuan Ascii (aka
>> Debian Stretch without systemd), I can connect to shares on a Domain
>> computer as a Domain user. I can also connect to a Domain share as a
>> guest user.
>>
>> Rowland
>>
>>
> Thanks!
>
> Certainly it worked, up to Debian 9.x. I used it every day.
>
> The Samba 4 version is 4.6.5. It works as an Active Domain Controller
> on a Debian 7.9.
>
  I have got ask, why are you bothering with the Samba AD DC, the 
standalone server has nothing to do with a domain.

You really should upgrade from wheezy, I don't know if you noticed, but 
Debian 10 has just been released.

Rowland