[Samba] upgrade from samba 4.13 to 4.16 broke CIFS Server Authentication

Rowland Penny rpenny at samba.org
Wed Aug 31 11:26:57 UTC 2022


On Wed, 2022-08-31 at 13:13 +0200, L. van Belle via samba wrote:
> I suggest 1 change to start with. 
> 
> look If can change this from within univention somewhere.. 
> 
> ntlm_auth  = yes 
> to 
> ntlm auth = mschapv2-and-ntlmv2-only  
> 
> Small steps in these changes since univention has here own way of
> setting up things. 
> 
> Few small things that might help a bit. 
> netbios name    = wayland
> to 
> netbios name    = WAYLAND
> 
> And start using \\FQ.DN\share  everywhere. 
> >          logon home = \\wayland\%U
> >          logon drive = I:
> >          logon path = \\wayland\%U\windows-profiles\%a
> 
> to 
> 
> >          logon home = \\wayland.your.dnsdomain.tld\%U
> >          logon drive = I:
> >          logon path = \\wayland your.dnsdomain.tld \%U\windows-
> > profiles\%a
> >          max protocol = smb2
> >          client max protocol = smb2
> To 
> >          max protocol = smb3	# or remove this one. 
> >          client max protocol = smb3  # or remove this one. 
> add if possible 
>           client min protocol = smb2
> 
> Start with that, maybe Rowland has more but as said.. 
> The setup is way out of the "normal" scope of settings.  
> Not your doing but how its setup. 

I could advise what could be removed, but I get the feeling that they
would just get put back. In my opinion, Univention really needs to get
its act together and sort out its smb.conf, starting with removing the
use of nmbd on a DC.

Rowland





More information about the samba mailing list