[Samba] Samba update cause windows incorrect password
Enrico Morelli
morelli at cerm.unifi.it
Tue Apr 28 10:51:00 UTC 2020
On Tue, 28 Apr 2020 12:31:09 +0200
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> Hai Rowland,
>
> Well, its based on that i have here.
> I run still a mixed setup here. ( 2 different domains )
>
> 2 servers 4.1.x as PDC/member on wheezy. (DOMAINA )
> 4.11.7 as AD-DC's (buster) DOMAINB
>
> All my windows clients login through AD-DC. (DOMAINB\username)
> I use the "Passthrough" auth for the shares on the PDC.
> (DOMAINA\username) I use GPO's to set the correct domain to pass..
> And %username% for the usersnames
>
> 0 problems here with windows 10 and my "PDC" is set with security =
> domain.
>
> Greetz,
>
> Louis
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > Rowland penny via samba
> > Verzonden: dinsdag 28 april 2020 12:10
> > Aan: samba at lists.samba.org
> > Onderwerp: Re: [Samba] Samba update cause windows incorrect password
> >
> > On 28/04/2020 10:39, L.P.H. van Belle via samba wrote:
> > > Sure, i have a suggestion.
> > >
> > > security = user ? In samba 4.9.x ? And using domain logings??
> > >
> > > Run man smb.conf
> > > Search : security =
> > >
> > > Read : NOTE ABOUT USERNAME/PASSWORD VALIDATION where you see it.
> > >
> > > Then goto : map to guest (G)
> > > Read that.
> > >
> > > Then goto : security (G)
> > > And read that also.
> > >
> > > I think you didnt read the complete changelog between 4.5.x
> > and 4.9.x also ;-)
> > >
> > >>> To be able to loing, I've to select Other User, enter username
> > >>> and password and all works fine. But if I logout and enter the
> > >>> same password, Windows tells me "Incorrect password".
> > > If you do that, your typing DOM\username ? Or only "username"
> > >
> > > Because, all windows logings now using COMPUTERNAME\username
> > > localy. So if you enter "username" for the PDC login it passes
> > > "
> > COMPUTERNAME\username" to samba most probely.
> > >
> > > I hope above helps you a bit, but as far i can see above is
> > only a configuration issue.
> > > You need to review the config and setup for security=domain.
> >
> > The OP is running Samba as a PDC, so 'security = user' is
> > probably okay,
> > but I would remove it entirely and let Samba decide what it
> > should be ;-)
> >
> > What is missing is 'unix password sync = yes'
> >
> > If this was a Unix client, then you would need 'security =
> > domain' and
> > run winbind, but it is a PDC using tdbsam, so you probably
> > don't. I say
> > this because I haven't run a PDC for sometime and would urge
> > the OP to
> > upgrade to AD.
> >
> > Rowland
> >
Thanks to both, but at the end which is the best way to reconfigure my
server without loose all my Windows machines?
If I put security = domain I'm unable to login.
security = ADS require kerberos and a lot of work, and at the end I'm
not sure that all my windows machines will works fine.
In my laboratory there are many windows 10 machines, the server shares
a lot of folders and I can't afford not to let a lot of people work to
do my tests.
I'm a bit confusing
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> >
>
>
--
-----------------------------------------------------------
Enrico Morelli
System Administrator | Programmer | Web Developer
CERM - Polo Scientifico
via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY
------------------------------------------------------------
More information about the samba
mailing list