[Samba] Samba 4.14.5 NTLMv1
Perttu Aaltonen
perttu.aaltonen at mac.com
Wed Feb 16 12:21:30 UTC 2022
That was the same problem I had. I was able to use user at domain form to log in to avoid the issue, but I never found out why the user mapping stopped working.
-Perttu
> On 15. Feb 2022, at 17.51, Eric Lehmann via samba <samba at lists.samba.org> wrote:
>
> Hi
>
> Not yet like expected. I added a local system/samba user for this specific
> micro-devices. The device does not send the user with a workgroup/domain
> but something like \user. With an empty or blank value before the \ and i
> am not able to change it because it is proprietary.
>
> Anyway, now I can access the share by smbclient -U \\local-user. If i try
> smbclient -U local-user, winbind or samba try to search / map the user with
> [domain] \ [local-user], which fails because local-user is not within the
> AD. Confusing but \\local-user seems to be ok for me. Thanks for asking.
>
> Am Mo., 14. Feb. 2022 um 15:51 Uhr schrieb Perttu Aaltonen <
> perttu.aaltonen at mac.com <mailto:perttu.aaltonen at mac.com>>:
>
>> Hi Eric, did you ever get your authentication working again? I’m curious
>> what you did if you did.
>>
>> -Perttu
>>
>> On 20. Jan 2022, at 8.46, Eric Lehmann via samba <samba at lists.samba.org>
>> wrote:
>>
>> Rowland, here it is:
>>
>> testparm
>> Load smb config files from /etc/samba/smb.conf
>> lpcfg_do_global_parameter: WARNING: The "lanman auth" option is deprecated
>> lpcfg_do_global_parameter: WARNING: The "client NTLMv2 auth" option is
>> deprecated
>> Loaded services file OK.
>> Weak crypto is allowed
>>
>> Server role: ROLE_DOMAIN_MEMBER
>>
>> Press enter to see a dump of your service definitions
>>
>> # Global parameters
>> [global]
>> client min protocol = NT1
>> server min protocol = NT1
>> client NTLMv2 auth = No
>> kerberos method = secrets and keytab
>> lanman auth = Yes
>> ntlm auth = ntlmv1-permitted
>> security = ADS
>> workgroup = DOMAIN
>> realm = DOMAIN.INTERN
>> template homedir = /home/%U
>> log file = /var/log/samba/%m.log
>> template shell = /bin/bash
>> winbind nss info = rfc2307
>> winbind offline logon = Yes
>> winbind refresh tickets = Yes
>> winbind use default domain = Yes
>> idmap config * : range = 10000-999999
>> idmap config DOMAIN : unix_primary_group = yes
>> idmap config DOMAIN : unix_nss_info = yes
>> idmap config DOMAIN : schema_mode = rfc2307
>> idmap config DOMAIN : backend = rid
>> idmap config DOMAIN : range = 2000000-2999999
>> idmap config * : backend = tdb
>>
>>
>> [Share]
>> case sensitive = Yes
>> comment = Share
>> create mask = 0644
>> directory mask = 0775
>> path = /srv/samba/Share
>> read only = No
>>
>> Am Mi., 19. Jan. 2022 um 17:52 Uhr schrieb Rowland Penny via samba <
>> samba at lists.samba.org>:
>>
>>
>> Would you mind running the 'testparm' command again, but this time
>> without the '-v' ?
>>
>> Rowland
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>
>>
>>
>>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>
More information about the samba
mailing list