[Samba] Upgrade from 4.13 to 4.20 failed

Anders Östling anders.ostling at gmail.com
Tue Aug 6 18:41:51 UTC 2024


Hello
I have an older Debian 11 with Samba 4.13 as domain member serving som
industrial systems with files.
Today I decided to upgrade both Debian (to 12) and Samba (to 4.17 and
then 4.20). The upgrade using the backport repo worked after some
extra steps. Som dependencies had to be installed separately (winbind
and samba-common-bin) before the main samba package was installed. So
far so good. The services started up correctly after a reboot.

When I tested the first client, I was unable to connect to any of the
shares on the server. The error message on the client side was Access
Denied and in the server's client machine and winbind logs I found
repeated "Failed to find a local account DOMAIN\username. The domain
was of course correct as was the username, same as before the upgrade
process.

The server is a virtual machine so I made a copy of the Deb 12/Samba
4.20 and restored the saved VM files. After a restart of Deb 11/Samba
4.13, the clients was able to connect to the shares again. I did not
change anything in the smb.conf file, so this may or may not be the
reason for the failure.

Here is my samba config (masked domain)

[global]
security = ADS
workgroup = HPXX
realm = HO-PLAT.SE
server role = member server
log file = /var/log/samba/%m.log
log level = 2 winbind:5
bind interfaces only = yes
interfaces = lo enp1s0

# Needed due to the ancient industrial system with Linux/Samba 3.x

client min protocol = NT1
server min protocol = NT1

winbind use default domain = yes

winbind enum users = yes
winbind enum groups = yes

username map = /etc/samba/user.map
min domain uid = 0

winbind refresh tickets = Yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab

vfs objects = acl_xattr
map acl inherit = yes
acl_xattr:ignore system acls = yes

idmap config * : backend = tdb
idmap config * : range = 3000-7999

idmap config HPXX: backend = rid
idmap config HPXX : range = 10000-999999

[bock]
path = /data/BOCK2
read only = no
hide unreadable = yes

[laser]
path = /data/LASER
read only = no
hide unreadable = yes



More information about the samba mailing list