[Samba] Upgrade from 4.11.6 to 4.12.2 created authentication issues
James Atwell
james.atwell365 at gmail.com
Sat May 16 17:41:32 UTC 2020
On 5/16/2020 9:55 AM, Rowland penny via samba wrote:
> On 16/05/2020 14:40, James Atwell wrote:
>>
>> On 5/16/2020 5:00 AM, Rowland penny via samba wrote:
>>> On 15/05/2020 19:52, James Atwell via samba wrote:
>>>> Hello,
>>>>
>>>> I upgraded two DC's to 4.12.2 from 4.11.6 before I noticed
>>>> authentication issues with a couple Netgear ReadyNAS we have. For
>>>> reference I have a total of 6 DC's with 4 running 4.11.6 and two
>>>> now running 4.12.2. I ran the usual ./configure,make,make install
>>>> from tar without issues. However running samba-tool drs showrepl I
>>>> noticed a couple errors. Looking through the list I found someone
>>>> else with the same initial problems. See thread here
>>>> https://lists.samba.org/archive/samba/2020-April/229230.html From
>>>> this thread I did what was suggested by Alex and that resolved
>>>> those initial errors. This brings me back to the Netgear file
>>>> servers. I am no longer able to authenticate the ReadyNAS with my
>>>> domain. I receive a join error within the Netgear dashboard with
>>>> no additional info. No error code, nothing. I turned up the logging
>>>> on the Samba server I pointed the ReadyNAS at and could see the log
>>>> for the administrator user I'm using to try and join and
>>>> authenticate. Samba shows a successful authentication but then it
>>>> appears to end there. Additional details below about my setup.
>>>
>>> You need to see the logs for the readynas to try and find out what
>>> is going on.
>>>
>>> This is what I would do:
>>>
>>> Seize the FSMO roles to one of the 4.11.6 DC's
>>>
>>> Demote the two 4.12.2 DC's
>>>
>>> Remove everything in /usr/local/samba
>>>
>>> Test if your readynas now connects to the domain again, try a
>>> re-join if not
>>>
>>> If you have connection, then good, if not, you need to find out why
>>> not and this will require seeing the readynas logs, you may have to
>>> ask netgear about that.
>>>
>>> Once you have connection from the readynas, run 'make install' again
>>> (No, you shouldn't have to totally build Samba again)
>>>
>>> Once Samba is installed again, try joining as a DC, hopefully it
>>> should now work.
>>>
>>> The only major change between 4.11.x and 4.12.x is that you now need
>>> Python 3.5, perhaps you do not have this ?
>>>
>>> Rowland
>>>
>>>
>>>
>> Thanks for the input. Before I do I want to add additional
>> troubleshooting details. Replication works among all DC's with no
>> obvious samba errors or windows authentication errors. I unjoined a
>> Windows 10 machine and rejoined to the domain without issue.
>
> You didn't say that before ;-)
>
> If everything is working except for your readynas, then it sounds like
> this could be a problem with your readynas.
>
> You do not say how old the readynas is, but are there any updates
> available for it ?
>
> Before you do anything, I would ask netgear if they are aware of this
> problem, might be worth mentioning the word 'SMBv1'.
>
>> Everything else is working as it should (i.e, user creation, dns
>> admin, gpo's). The one other thing I did do different this time and
>> I should have noted previously was use the Verified Package
>> Dependencies from the Wiki to ensure I wasn't missing any. Other than
>> that the build was the same.
>>
>> I haven't had to do a seize in a long time of the FSMO roles. If the
>> DC's I upgraded appear to be working should I just transfer or seize?
>> Thanks.
>>
> Simple answer, if you can transfer, then transfer, if not, then seize,
> but use '--force' (this stops a useless transfer attempt).
>
> Rowland
>
>
>>
>> -James
>>
>
>
So I suppose I still have trouble with my domain.
root at pfdc1:/# net ads user info administrator -U administrator
Enter administrator's password:
kerberos_kinit_password SAMBA at SAMBA.LOCAL failed: Client not found in
Kerberos database
kerberos_kinit_password SAMBA at SAMBA.LOCAL failed: Client not found in
Kerberos database
More information about the samba
mailing list