[Samba] Authentication failure after upgrade from 4.5.8 to 4.13.13

Curtis Spencer curtis.spencer at emsibg.com
Fri Aug 5 19:52:14 UTC 2022

> I didn't mention 'map untrusted to domain' because it doesn't matter
> whether it has anything to do with the problem or not (I do not think
> it has), it was removed and it is very unlikely to come back.

Ok, thanks. I just noticed that when running `testparm` I wanted to check.
I'm not entirely sure what that is doing or if it matters in this case.

> It has been quite sometime since I had anything to with an NT4-style
> domain (which yours is for all intents and purposes), but I think you
> need to add 'idmap config' lines, something like these:
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> idmap config EXAMPLE : backend = rid
> idmap config EXAMPLE : range = 10000-999999
> Though you may need to use a different backend for the 'EXAMPLE' domain
> ('ad' for instance if you have uidNumber & gidNumber attributes). You
> may also have to 'play' with the 'range' numbers.

Thanks. I tried adding these and tried different backends (replaced `rid`
with `ad`) and changed the range numbers to `3000-5999` and `6000-999999`,
respectively to work with the UIDs of users in OpenLDAP (the UID of
`test_user` is 6139) but was still unable able to authenticate and am still
getting the same error as before.

> I would highly recommend upgrading to AD, it is much simpler and is the
> way forward, NT4-style domains are the past and will go away.

Yes, we are planning to replace our OpenLDAP domain in the not too distant
future. I was hoping to get Samba working in the interim.

Any other things I can try or thoughts on how to find the underlying
authentication issue?



More information about the samba mailing list