[Samba] Upgrade from 4.11.6 to 4.12.2 created authentication issues
Rowland penny
rpenny at samba.org
Sat May 16 13:55:18 UTC 2020
On 16/05/2020 14:40, James Atwell wrote:
>
> On 5/16/2020 5:00 AM, Rowland penny via samba wrote:
>> On 15/05/2020 19:52, James Atwell via samba wrote:
>>> Hello,
>>>
>>> I upgraded two DC's to 4.12.2 from 4.11.6 before I noticed
>>> authentication issues with a couple Netgear ReadyNAS we have. For
>>> reference I have a total of 6 DC's with 4 running 4.11.6 and two now
>>> running 4.12.2. I ran the usual ./configure,make,make install from
>>> tar without issues. However running samba-tool drs showrepl I
>>> noticed a couple errors. Looking through the list I found someone
>>> else with the same initial problems. See thread here
>>> https://lists.samba.org/archive/samba/2020-April/229230.html From
>>> this thread I did what was suggested by Alex and that resolved those
>>> initial errors. This brings me back to the Netgear file servers. I
>>> am no longer able to authenticate the ReadyNAS with my domain. I
>>> receive a join error within the Netgear dashboard with no additional
>>> info. No error code, nothing. I turned up the logging on the Samba
>>> server I pointed the ReadyNAS at and could see the log for the
>>> administrator user I'm using to try and join and authenticate. Samba
>>> shows a successful authentication but then it appears to end there.
>>> Additional details below about my setup.
>>
>> You need to see the logs for the readynas to try and find out what is
>> going on.
>>
>> This is what I would do:
>>
>> Seize the FSMO roles to one of the 4.11.6 DC's
>>
>> Demote the two 4.12.2 DC's
>>
>> Remove everything in /usr/local/samba
>>
>> Test if your readynas now connects to the domain again, try a re-join
>> if not
>>
>> If you have connection, then good, if not, you need to find out why
>> not and this will require seeing the readynas logs, you may have to
>> ask netgear about that.
>>
>> Once you have connection from the readynas, run 'make install' again
>> (No, you shouldn't have to totally build Samba again)
>>
>> Once Samba is installed again, try joining as a DC, hopefully it
>> should now work.
>>
>> The only major change between 4.11.x and 4.12.x is that you now need
>> Python 3.5, perhaps you do not have this ?
>>
>> Rowland
>>
>>
>>
> Thanks for the input. Before I do I want to add additional
> troubleshooting details. Replication works among all DC's with no
> obvious samba errors or windows authentication errors. I unjoined a
> Windows 10 machine and rejoined to the domain without issue.
You didn't say that before ;-)
If everything is working except for your readynas, then it sounds like
this could be a problem with your readynas.
You do not say how old the readynas is, but are there any updates
available for it ?
Before you do anything, I would ask netgear if they are aware of this
problem, might be worth mentioning the word 'SMBv1'.
> Everything else is working as it should (i.e, user creation, dns
> admin, gpo's). The one other thing I did do different this time and I
> should have noted previously was use the Verified Package Dependencies
> from the Wiki to ensure I wasn't missing any. Other than that the
> build was the same.
>
> I haven't had to do a seize in a long time of the FSMO roles. If the
> DC's I upgraded appear to be working should I just transfer or seize?
> Thanks.
>
Simple answer, if you can transfer, then transfer, if not, then seize,
but use '--force' (this stops a useless transfer attempt).
Rowland
>
> -James
>
More information about the samba
mailing list