[Samba] Upgrade from 4.13 to 4.20 failed

Luis Peromarta lperoma at icloud.com
Tue Aug 6 19:00:25 UTC 2024


What’s the content of krb conf file and resolv.conf?

Your smb.conf file looks good and tidy to me.
On 6 Aug 2024 at 20:42 +0200, Anders Östling via samba <samba at lists.samba.org>, wrote:
> Hello
> I have an older Debian 11 with Samba 4.13 as domain member serving som
> industrial systems with files.
> Today I decided to upgrade both Debian (to 12) and Samba (to 4.17 and
> then 4.20). The upgrade using the backport repo worked after some
> extra steps. Som dependencies had to be installed separately (winbind
> and samba-common-bin) before the main samba package was installed. So
> far so good. The services started up correctly after a reboot.
>
> When I tested the first client, I was unable to connect to any of the
> shares on the server. The error message on the client side was Access
> Denied and in the server's client machine and winbind logs I found
> repeated "Failed to find a local account DOMAIN\username. The domain
> was of course correct as was the username, same as before the upgrade
> process.
>
> The server is a virtual machine so I made a copy of the Deb 12/Samba
> 4.20 and restored the saved VM files. After a restart of Deb 11/Samba
> 4.13, the clients was able to connect to the shares again. I did not
> change anything in the smb.conf file, so this may or may not be the
> reason for the failure.
>
> Here is my samba config (masked domain)
>
> [global]
> security = ADS
> workgroup = HPXX
> realm = HO-PLAT.SE
> server role = member server
> log file = /var/log/samba/%m.log
> log level = 2 winbind:5
> bind interfaces only = yes
> interfaces = lo enp1s0
>
> # Needed due to the ancient industrial system with Linux/Samba 3.x
>
> client min protocol = NT1
> server min protocol = NT1
>
> winbind use default domain = yes
>
> winbind enum users = yes
> winbind enum groups = yes
>
> username map = /etc/samba/user.map
> min domain uid = 0
>
> winbind refresh tickets = Yes
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
>
> vfs objects = acl_xattr
> map acl inherit = yes
> acl_xattr:ignore system acls = yes
>
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
>
> idmap config HPXX: backend = rid
> idmap config HPXX : range = 10000-999999
>
> [bock]
> path = /data/BOCK2
> read only = no
> hide unreadable = yes
>
> [laser]
> path = /data/LASER
> read only = no
> hide unreadable = yes
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba


More information about the samba mailing list