[Samba] Authentication failure after upgrade from 4.5.8 to 4.13.13

Rowland Penny rpenny at samba.org
Fri Aug 5 07:23:47 UTC 2022


On Thu, 2022-08-04 at 15:52 -0700, Curtis Spencer via samba wrote:
> I had a Debian 9 server running Samba v4.5.16 with the following
> global
> config in `/etc/samba/smb/conf`:
> 
> ```
> [global]
> netbios name = TEST
> workgroup = EXAMPLE
> server string = Member Server
> os level = 40
> domain master = no
> security = domain
> map untrusted to domain = yes
> preserve case = yes
> case sensitive = yes
> wins support = no
> wins server = dc.ccb
> mangling method = hash2
> unix extensions = no
> interfaces = bond0 lo
> bind interfaces only = yes
> printcap name   = /dev/null
> load printers   = no
> log level = 3
> ```
> We are using OpenLDAP as a backend for authentication.
> 
> I recently upgraded that server to Debian 11 and Samba v4.13.13.
> Following
> the upgrade, I am still able to SSH into the server using my OpenLDAP
> credentials and I have confirmed that running `getent passwd` returns
> a
> list of both local users and LDAP users.

You didn't upgrade far enough, you need to (in my opinion) upgrade to
AD, Samba is working hard on removing SMBv1 and your setup requires it.
It was turned off by default at 4.11.0, so you could try adding these
lines to your smb.conf:

client min protocol = NT1
server min protocol = NT1

You may also have to add:
ntlm auth = yes

Also ensure that winbind is running.

Rowland





More information about the samba mailing list