[Samba] Trouble resolving some group membership after upgrade from 4.8 to 4.10

Matt Magoffin samba at msqr.us
Tue Mar 10 04:59:21 UTC 2020


> On 9/03/2020, at 9:46 PM, Rowland penny via samba <samba at lists.samba.org> wrote:
> 
>> server min protocol = SMB2
> Try setting the above to 'NT1'
>> ntlm auth = no
> You could also try setting 'ntlm auth' to yes
>> I’m at a loss now on what might be wrong, or what else to try to troubleshoot the issue. Any ideas/help would be much appreciated.
> 
> You are still using old ways of doing things, things that rely on SMBv1 and this is going away. You have two ways of dealing with this, either stick with an old version of Samba (along with any security problems entailed in doing so), or upgrade to Samba AD.

Yes, I have been running this service for many years, upgrading Samba along the way but not trying to change to a full AD deployment. Do you think tweaking the authentication settings like you suggest would make a difference? I ask because I can connect, from the same workstation, using one account but not another, which means the same client is being used for both. The account that doesn't work won't work from any workstation that I’ve tried, while the account that does work also works on all other workstations that I’ve tried. From the logs it seems that the authentication is succeeding, but the group membership authorisation part is failing, but only for specific accounts.

I had hoped someone might recall something that changed between 4.8 and 4.10 that might be relevant here, because I didn’t make changes to the Samba configuration over that upgrade.

— m@



More information about the samba mailing list