[Samba] Samba update cause windows incorrect password

Enrico Morelli morelli at cerm.unifi.it
Tue Apr 28 10:51:00 UTC 2020 

On Tue, 28 Apr 2020 12:31:09 +0200
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:

> Hai Rowland,
> 
> Well, its based on that i have here.
> I run still a mixed setup here. ( 2 different domains ) 
> 
> 2 servers 4.1.x as PDC/member on wheezy. (DOMAINA ) 
> 4.11.7 as AD-DC's (buster) DOMAINB  
> 
> All my windows clients login through AD-DC. (DOMAINB\username) 
> I use the "Passthrough" auth for the shares on the PDC.
> (DOMAINA\username) I use GPO's to set the correct domain to pass..
> And %username% for the usersnames 
> 
> 0 problems here with windows 10 and my "PDC" is set with security =
> domain. 
> 
> Greetz, 
> 
> Louis
> 
> 
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> > Rowland penny via samba
> > Verzonden: dinsdag 28 april 2020 12:10
> > Aan: samba at lists.samba.org
> > Onderwerp: Re: [Samba] Samba update cause windows incorrect password
> > 
> > On 28/04/2020 10:39, L.P.H. van Belle via samba wrote:  
> > > Sure, i have a suggestion.
> > >
> > > security = user ? In samba 4.9.x ?  And using domain logings??
> > >
> > > Run man smb.conf
> > > Search : security =
> > >
> > > Read : NOTE ABOUT USERNAME/PASSWORD VALIDATION where you see it.
> > >
> > > Then goto : map to guest (G)
> > > Read that.
> > >
> > > Then goto : security (G)
> > > And read that also.
> > >
> > > I think you didnt read the complete changelog between 4.5.x   
> > and 4.9.x also ;-)  
> > >  
> > >>> To be able to loing, I've to select Other User, enter username
> > >>> and password and all works fine. But if I logout and enter the
> > >>> same password, Windows tells me "Incorrect password".  
> > > If you do that, your typing DOM\username ? Or only "username"
> > >
> > > Because, all windows logings now using COMPUTERNAME\username
> > > localy. So if you enter "username" for the PDC login it passes
> > > "   
> > COMPUTERNAME\username" to samba most probely.  
> > >
> > > I hope above helps you a bit, but as far i can see above is   
> > only a configuration issue.  
> > > You need to review the config and setup for security=domain.  
> > 
> > The OP is running Samba as a PDC, so 'security = user' is 
> > probably okay, 
> > but I would remove it entirely and let Samba decide what it 
> > should be ;-)
> > 
> > What is missing is 'unix password sync = yes'
> > 
> > If this was a Unix client, then you would need 'security = 
> > domain' and 
> > run winbind, but it is a PDC using tdbsam, so you probably 
> > don't. I say 
> > this because I haven't run a PDC for sometime and would urge 
> > the OP to 
> > upgrade to AD.
> > 
> > Rowland
> > 

Thanks to both, but at the end which is the best way to reconfigure my
server without loose all my Windows machines?
If I put security = domain I'm unable to login.
security = ADS require kerberos and a lot of work, and at the end I'm
not sure that all my windows machines will works fine.

In my laboratory there are many windows 10 machines, the server shares
a lot of folders and I can't afford not to let a lot of people work to
do my tests.

I'm a bit confusing

> > 
> > 
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> > 
> >   
> 
> 



-- 
-----------------------------------------------------------
  Enrico Morelli
  System Administrator | Programmer | Web Developer

  CERM - Polo Scientifico
  via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY
------------------------------------------------------------

More information about the samba mailing list