[Samba] Upgrade from 4.13 to 4.20 failed

Luis Peromarta lperoma at icloud.com
Tue Aug 6 19:20:09 UTC 2024


Looks good to me. Maybe you’re missing a package ?
On 6 Aug 2024 at 21:14 +0200, Anders Östling <anders.ostling at gmail.com>, wrote:
> /etc/resolv.conf (Both DC's (windows) listed)
>
> domain ho-pla.se
> search ho-pla.se
> nameserver 10.0.2.10
> nameserver 10.0.2.64
>
> /etc/krb5.conf
>
> [libdefaults]
> dns_lookup_realm = false
> dns_lookup_kdc = true
> default_realm = HO-PLA.SE
>
> On Tue, Aug 6, 2024 at 9:01 PM Luis Peromarta via samba
> <samba at lists.samba.org> wrote:
> >
> > What’s the content of krb conf file and resolv.conf?
> >
> > Your smb.conf file looks good and tidy to me.
> > On 6 Aug 2024 at 20:42 +0200, Anders Östling via samba <samba at lists.samba.org>, wrote:
> > > Hello
> > > I have an older Debian 11 with Samba 4.13 as domain member serving som
> > > industrial systems with files.
> > > Today I decided to upgrade both Debian (to 12) and Samba (to 4.17 and
> > > then 4.20). The upgrade using the backport repo worked after some
> > > extra steps. Som dependencies had to be installed separately (winbind
> > > and samba-common-bin) before the main samba package was installed. So
> > > far so good. The services started up correctly after a reboot.
> > >
> > > When I tested the first client, I was unable to connect to any of the
> > > shares on the server. The error message on the client side was Access
> > > Denied and in the server's client machine and winbind logs I found
> > > repeated "Failed to find a local account DOMAIN\username. The domain
> > > was of course correct as was the username, same as before the upgrade
> > > process.
> > >
> > > The server is a virtual machine so I made a copy of the Deb 12/Samba
> > > 4.20 and restored the saved VM files. After a restart of Deb 11/Samba
> > > 4.13, the clients was able to connect to the shares again. I did not
> > > change anything in the smb.conf file, so this may or may not be the
> > > reason for the failure.
> > >
> > > Here is my samba config (masked domain)
> > >
> > > [global]
> > > security = ADS
> > > workgroup = HPXX
> > > realm = HO-PLAT.SE
> > > server role = member server
> > > log file = /var/log/samba/%m.log
> > > log level = 2 winbind:5
> > > bind interfaces only = yes
> > > interfaces = lo enp1s0
> > >
> > > # Needed due to the ancient industrial system with Linux/Samba 3.x
> > >
> > > client min protocol = NT1
> > > server min protocol = NT1
> > >
> > > winbind use default domain = yes
> > >
> > > winbind enum users = yes
> > > winbind enum groups = yes
> > >
> > > username map = /etc/samba/user.map
> > > min domain uid = 0
> > >
> > > winbind refresh tickets = Yes
> > > dedicated keytab file = /etc/krb5.keytab
> > > kerberos method = secrets and keytab
> > >
> > > vfs objects = acl_xattr
> > > map acl inherit = yes
> > > acl_xattr:ignore system acls = yes
> > >
> > > idmap config * : backend = tdb
> > > idmap config * : range = 3000-7999
> > >
> > > idmap config HPXX: backend = rid
> > > idmap config HPXX : range = 10000-999999
> > >
> > > [bock]
> > > path = /data/BOCK2
> > > read only = no
> > > hide unreadable = yes
> > >
> > > [laser]
> > > path = /data/LASER
> > > read only = no
> > > hide unreadable = yes
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: https://lists.samba.org/mailman/options/samba
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
>
>
>
> --
> ------ -------------------- 8 ------------------ ------
> "A wise man once told me - Any idiot can do backups, but it takes a
> genius to successfully restore"
>
> Anders Östling
> +46 768 716 165 (Mobil)


More information about the samba mailing list