[Samba] authentication issue moving from Samba 4.11.x to 4.13.14

Gaiseric Vandal gaiseric.vandal at gmail.com
Mon Mar 21 15:04:50 UTC 2022

I have several Solaris 11.4 servers in an AD domain.    File sharing is 
provide to Windows clients via Samba, and to Linux clients via nfs.      
We also support some git repos over ssh.

To ensure user ID mapping consistency between all services and servers,  
I was configuring  systems as followed:

        In smb.conf

                     winbind use default domain = no

        In /etc/nsswitch.conf

                     passwd: files ldap winbind
                     group:  files ldap  winbind

Unfortunately a Solaris update created a conflict between ldap caching 
and winbind , so I changed the configuration as follows

        In smb.conf

                     winbind use default domain = yes

        In /etc/nsswitch.conf

                     passwd: files ldap
                     group:  files ldap

This works fine with Samba  4.11.x.

As part of a recent OS patching, Samba was upgrade to 4.13.14. I am 
unable to connect to shares from Windows.  I get a pop-up asking for 
user name and password, but I can not authenticate. The logs show

                     [2022/03/20 11:18:05.707722,  3] 
                       Failed to find authenticated user MYDOMAIN\myname 
via getpwnam(), denying access.
                     [2022/03/20 11:18:05.707800,  3] 
smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] || at 
                     [2022/03/20 11:18:05.729871,  3] 
                       Server exit (NT_STATUS_CONNECTION_RESET)

Since my uidNumber is < 1000, I updated smb.conf as follows (but it 
doesn't help.)

                         min domain uid = 100

I was update to temporarily workaround the problem by update 
/etc/nsswitch.conf as follows

             passwd: files ldap winbind
             group:  files ldap

Appreciate any advice.


More information about the samba mailing list