[Samba] authentication issue moving from Samba 4.11.x to 4.13.14
Gaiseric Vandal
gaiseric.vandal at gmail.com
Mon Mar 21 15:04:50 UTC 2022
I have several Solaris 11.4 servers in an AD domain. File sharing is
provide to Windows clients via Samba, and to Linux clients via nfs.
We also support some git repos over ssh.
To ensure user ID mapping consistency between all services and servers,
I was configuring systems as followed:
In smb.conf
winbind use default domain = no
In /etc/nsswitch.conf
passwd: files ldap winbind
group: files ldap winbind
Unfortunately a Solaris update created a conflict between ldap caching
and winbind , so I changed the configuration as follows
In smb.conf
winbind use default domain = yes
In /etc/nsswitch.conf
passwd: files ldap
group: files ldap
This works fine with Samba 4.11.x.
As part of a recent OS patching, Samba was upgrade to 4.13.14. I am
unable to connect to shares from Windows. I get a pop-up asking for
user name and password, but I can not authenticate. The logs show
[2022/03/20 11:18:05.707722, 3]
../../source3/auth/auth_util.c:1901(check_account)
Failed to find authenticated user MYDOMAIN\myname
via getpwnam(), denying access.
[2022/03/20 11:18:05.707800, 3]
../../source3/smbd/smb2_server.c:3861(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex:
smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] || at
../../source3/smbd/smb2_sesssetup.c:146
[2022/03/20 11:18:05.729871, 3]
../../source3/smbd/server_exit.c:220(exit_server_common)
Server exit (NT_STATUS_CONNECTION_RESET)
Since my uidNumber is < 1000, I updated smb.conf as follows (but it
doesn't help.)
min domain uid = 100
I was update to temporarily workaround the problem by update
/etc/nsswitch.conf as follows
passwd: files ldap winbind
group: files ldap
Appreciate any advice.
Thanks
More information about the samba
mailing list