[Samba] Samba update cause windows incorrect password
L.P.H. van Belle
belle at bazuin.nl
Tue Apr 28 10:31:09 UTC 2020
Hai Rowland,
Well, its based on that i have here.
I run still a mixed setup here. ( 2 different domains )
2 servers 4.1.x as PDC/member on wheezy. (DOMAINA )
4.11.7 as AD-DC's (buster) DOMAINB
All my windows clients login through AD-DC. (DOMAINB\username)
I use the "Passthrough" auth for the shares on the PDC. (DOMAINA\username)
I use GPO's to set the correct domain to pass.. And %username% for the usersnames
0 problems here with windows 10 and my "PDC" is set with security = domain.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Rowland penny via samba
> Verzonden: dinsdag 28 april 2020 12:10
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Samba update cause windows incorrect password
>
> On 28/04/2020 10:39, L.P.H. van Belle via samba wrote:
> > Sure, i have a suggestion.
> >
> > security = user ? In samba 4.9.x ? And using domain logings??
> >
> > Run man smb.conf
> > Search : security =
> >
> > Read : NOTE ABOUT USERNAME/PASSWORD VALIDATION where you see it.
> >
> > Then goto : map to guest (G)
> > Read that.
> >
> > Then goto : security (G)
> > And read that also.
> >
> > I think you didnt read the complete changelog between 4.5.x
> and 4.9.x also ;-)
> >
> >>> To be able to loing, I've to select Other User, enter username and
> >>> password and all works fine. But if I logout and enter the same
> >>> password, Windows tells me "Incorrect password".
> > If you do that, your typing DOM\username ? Or only "username"
> >
> > Because, all windows logings now using COMPUTERNAME\username localy.
> > So if you enter "username" for the PDC login it passes "
> COMPUTERNAME\username" to samba most probely.
> >
> > I hope above helps you a bit, but as far i can see above is
> only a configuration issue.
> > You need to review the config and setup for security=domain.
>
> The OP is running Samba as a PDC, so 'security = user' is
> probably okay,
> but I would remove it entirely and let Samba decide what it
> should be ;-)
>
> What is missing is 'unix password sync = yes'
>
> If this was a Unix client, then you would need 'security =
> domain' and
> run winbind, but it is a PDC using tdbsam, so you probably
> don't. I say
> this because I haven't run a PDC for sometime and would urge
> the OP to
> upgrade to AD.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list