[Samba] Upgrade from 4.11.6 to 4.12.2 created authentication issues

James Atwell james.atwell365 at gmail.com
Fri May 15 18:52:47 UTC 2020 

Hello,

         I upgraded two DC's to 4.12.2 from 4.11.6 before I noticed 
authentication issues with a couple Netgear ReadyNAS we have. For 
reference I have a total of 6 DC's with 4 running 4.11.6 and two now 
running 4.12.2.  I ran the usual ./configure,make,make install from tar 
without issues. However running samba-tool drs showrepl I noticed a 
couple errors.  Looking through the list I found someone else with the 
same initial problems.  See thread here 
https://lists.samba.org/archive/samba/2020-April/229230.html From this 
thread I did what was suggested by Alex and that resolved those initial 
errors.  This brings me back to the Netgear file servers. I am no longer 
able to authenticate the ReadyNAS with my domain.  I receive a join 
error within the Netgear dashboard with no additional info. No error 
code, nothing. I turned up the logging on the Samba server I pointed the 
ReadyNAS at and could see the log for the administrator user I'm using 
to try and join and authenticate. Samba shows a successful 
authentication but then it appears to end there.  Additional details 
below about my setup.

OS Ubuntu 16.04.6

smb.conf

# Global parameters
[global]
         workgroup = SAMBA
         realm = SAMBA.LOCAL  (I know about the local usage)
         netbios name = PFDC1
         server role = active directory domain controller
         dns forwarder = 75.75.75.75 208.67.222.222
         idmap_ldb:use rfc2307 = Yes

         log file = /usr/local/samba/var/log.samba

         log level = 2 auth_audit:3 auth_json_audit:3

         debug timestamp = Yes
         debug uid = Yes
         debug pid = Yes

         load printers = No
         printcap name = /dev/null
         disable spoolss = Yes

         ldap server require strong auth = no

I tried pointing the ReadyNAS to the other DC's that have yet to be 
upgraded but that doesn't resolve the issue. Still can't authenticate.  
I should point out one of the DC's I upgraded from 4.11.6 to 4.12.2 
holds all the FSMO roles. Thanks for any suggestions.


-James

More information about the samba mailing list