[Samba] Samba update cause windows incorrect password

L.P.H. van Belle belle at bazuin.nl
Tue Apr 28 10:31:09 UTC 2020


Hai Rowland,

Well, its based on that i have here.
I run still a mixed setup here. ( 2 different domains ) 

2 servers 4.1.x as PDC/member on wheezy. (DOMAINA ) 
4.11.7 as AD-DC's (buster) DOMAINB  

All my windows clients login through AD-DC. (DOMAINB\username) 
I use the "Passthrough" auth for the shares on the PDC. (DOMAINA\username) 
I use GPO's to set the correct domain to pass.. And %username% for the usersnames 

0 problems here with windows 10 and my "PDC" is set with security = domain. 

Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland penny via samba
> Verzonden: dinsdag 28 april 2020 12:10
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Samba update cause windows incorrect password
> 
> On 28/04/2020 10:39, L.P.H. van Belle via samba wrote:
> > Sure, i have a suggestion.
> >
> > security = user ? In samba 4.9.x ?  And using domain logings??
> >
> > Run man smb.conf
> > Search : security =
> >
> > Read : NOTE ABOUT USERNAME/PASSWORD VALIDATION where you see it.
> >
> > Then goto : map to guest (G)
> > Read that.
> >
> > Then goto : security (G)
> > And read that also.
> >
> > I think you didnt read the complete changelog between 4.5.x 
> and 4.9.x also ;-)
> >
> >>> To be able to loing, I've to select Other User, enter username and
> >>> password and all works fine. But if I logout and enter the same
> >>> password, Windows tells me "Incorrect password".
> > If you do that, your typing DOM\username ? Or only "username"
> >
> > Because, all windows logings now using COMPUTERNAME\username localy.
> > So if you enter "username" for the PDC login it passes " 
> COMPUTERNAME\username" to samba most probely.
> >
> > I hope above helps you a bit, but as far i can see above is 
> only a configuration issue.
> > You need to review the config and setup for security=domain.
> 
> The OP is running Samba as a PDC, so 'security = user' is 
> probably okay, 
> but I would remove it entirely and let Samba decide what it 
> should be ;-)
> 
> What is missing is 'unix password sync = yes'
> 
> If this was a Unix client, then you would need 'security = 
> domain' and 
> run winbind, but it is a PDC using tdbsam, so you probably 
> don't. I say 
> this because I haven't run a PDC for sometime and would urge 
> the OP to 
> upgrade to AD.
> 
> Rowland
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 




More information about the samba mailing list