Windows server 2003 domain authentication with Samba version 4.7.0-git.23.4e3f0fb9d15SUSE-oS13.3-x86_64

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Windows server 2003 domain authentication with Samba version 4.7.0-git.23.4e3f0fb9d15SUSE-oS13.3-x86_64

Samba - General mailing list
Dear Samba experts,

IO would like to ask for help with diagnose why my Samba version 4.7.0-git.
23.4e3f0fb9d15SUSE-oS13.3-x86_64 in openSUSE Tumbleweed  can not authentificate me
on Windows server 2003 domain

in /etc/fstab  I have working combination - smb version only vorks if set to 1.0


//192.168.1.131/shares  /home/fodrek/shares     cifs    credentials=/home/fodrek/
cifs.creds,iocharset=utf8,sec=ntlm,cifsacl,user,nosuid,uid=fodrek,gid=users,vers=1.0 0 0  


On tyhe server I am detected as operating system
Name:openSUSE Tumbleweed
version: 20171104
Service pack: 4.7.0-git.23.4e3f0fb9d15SUSE-oS13.3-x86_64

Is it possible to help me with allowing to authentificate me into domain,please?


I look forward hearing from you

Yours faithfully


Peter Fodrek
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Windows server 2003 domain authentication with Samba version 4.7.0-git.23.4e3f0fb9d15SUSE-oS13.3-x86_64

Samba - General mailing list
Hi Peter,

> IO would like to ask for help with diagnose why my Samba version 4.7.0-git.
> 23.4e3f0fb9d15SUSE-oS13.3-x86_64 in openSUSE Tumbleweed  can not authentificate me
> on Windows server 2003 domain
>
> in /etc/fstab  I have working combination - smb version only vorks if set to 1.0

windows 2003 support only smb1 protocol, smb2 was introduced with
winvista/win2k8. On version 4.7 Samba has modified the "client max
protocol" to SMB3_11, but "client min protocol" was not modified [1].

However, since you are on a rolling release, you are probably on a very
recent kernel > 4.13. Your cifs module probably comes from that kernel
distrib, and there has been a change on the min protocol version by
default, see the thread on [2].

Cheers,

Denis

[1] https://wiki.samba.org/index.php/Samba_4.7_Features_added/changed
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1474539


>
>
> //192.168.1.131/shares  /home/fodrek/shares     cifs    credentials=/home/fodrek/
> cifs.creds,iocharset=utf8,sec=ntlm,cifsacl,user,nosuid,uid=fodrek,gid=users,vers=1.0 0 0
>
>
> On tyhe server I am detected as operating system
> Name:openSUSE Tumbleweed
> version: 20171104
> Service pack: 4.7.0-git.23.4e3f0fb9d15SUSE-oS13.3-x86_64
>
> Is it possible to help me with allowing to authentificate me into domain,please?
>
>
> I look forward hearing from you
>
> Yours faithfully
>
>
> Peter Fodrek
>

--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Windows server 2003 domain authentication with Samba version 4.7.0-git.23.4e3f0fb9d15SUSE-oS13.3-x86_64

Samba - General mailing list
In reply to this post by Samba - General mailing list
Dear Mr. Cardon!
Na štvrtok, 9. novembra 2017 18:29:03 CET Denis Cardon via samba napísali:

>
> > IO would like to ask for help with diagnose why my Samba version
> > 4.7.0-git.
> > 23.4e3f0fb9d15SUSE-oS13.3-x86_64 in openSUSE Tumbleweed  can not
> > authentificate me on Windows server 2003 domain
> >
> > in /etc/fstab  I have working combination - smb version only vorks if set
> > to 1.0
> windows 2003 support only smb1 protocol, smb2 was introduced with
> winvista/win2k8. On version 4.7 Samba has modified the "client max
> protocol" to SMB3_11, but "client min protocol" was not modified [1].
>
> However, since you are on a rolling release, you are probably on a very
> recent kernel > 4.13. Your cifs module probably comes from that kernel
> distrib, and there has been a change on the min protocol version by
> default, see the thread on [2].
>

Thank you for your answer
Maybe I write my question in not understandable form.

CIFS mount works, but I can not login via Domain login and password  to the
system on openSUSE.
I just use fstab to demostrate part of SAMBA settings on my client

I look forward hering from you and anybody else

Yours faithfully

Peter Fodrek


> [1] https://wiki.samba.org/index.php/Samba_4.7_Features_added/changed
> [2] https://bugzilla.redhat.com/show_bug.cgi?id=1474539
>
> > //192.168.1.131/shares  /home/fodrek/shares     cifs  
> > credentials=/home/fodrek/
> > cifs.creds,iocharset=utf8,sec=ntlm,cifsacl,user,nosuid,uid=fodrek,gid=use
> > rs,vers=1.0 0 0
> >
> >
> > On tyhe server I am detected as operating system
> > Name:openSUSE Tumbleweed
> > version: 20171104
> > Service pack: 4.7.0-git.23.4e3f0fb9d15SUSE-oS13.3-x86_64
> >
> > Is it possible to help me with allowing to authentificate me into
> > domain,please?
> >
> >
> > I look forward hearing from you
> >
> > Yours faithfully
> >
> >
> > Peter Fodrek

-----------------------------------------

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Windows server 2003 domain authentication with Samba version 4.7.0-git.23.4e3f0fb9d15SUSE-oS13.3-x86_64

Samba - General mailing list
On Fri, 10 Nov 2017 09:51:14 +0100
"Peter Fodrek,ml. via samba" <[hidden email]> wrote:

> Dear Mr. Cardon!
> Na štvrtok, 9. novembra 2017 18:29:03 CET Denis Cardon via samba
> napísali:
>
> >
> > > IO would like to ask for help with diagnose why my Samba version
> > > 4.7.0-git.
> > > 23.4e3f0fb9d15SUSE-oS13.3-x86_64 in openSUSE Tumbleweed  can not
> > > authentificate me on Windows server 2003 domain
> > >
> > > in /etc/fstab  I have working combination - smb version only
> > > vorks if set to 1.0
> > windows 2003 support only smb1 protocol, smb2 was introduced with
> > winvista/win2k8. On version 4.7 Samba has modified the "client max
> > protocol" to SMB3_11, but "client min protocol" was not modified
> > [1].
> >
> > However, since you are on a rolling release, you are probably on a
> > very recent kernel > 4.13. Your cifs module probably comes from
> > that kernel distrib, and there has been a change on the min
> > protocol version by default, see the thread on [2].
> >
>
> Thank you for your answer
> Maybe I write my question in not understandable form.
>
> CIFS mount works, but I can not login via Domain login and password
> to the system on openSUSE.
> I just use fstab to demostrate part of SAMBA settings on my client
>
> I look forward hering from you and anybody else
>
> Yours faithfully
>
> Peter Fodrek
>
>

You should have said that in the first place, I thought it was a CIFS
problem ;-)

Can you please post your smb.conf

Rowland
 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Windows server 2003 domain authentication with Samba version 4.7.0-git.23.4e3f0fb9d15SUSE-oS13.3-x86_64

Samba - General mailing list
In reply to this post by Samba - General mailing list
Hai,

You could try to add AES256 support for win2003, but honistly, why is windows 2003 even still in your network if you have samba running?
Aes addon.
https://support.microsoft.com/en-us/help/948963/an-update-is-available-to-add-support-for-the-tls-rsa-with-aes-128-cbc

Ps. That AES addon wont fix the SMB2+ problem with win2003.
But may help with authenticating problems.

Greetz,

Louis




> -----Oorspronkelijk bericht-----
> Van: samba [mailto:[hidden email]] Namens
> Peter Fodrek,ml. via samba
> Verzonden: vrijdag 10 november 2017 9:51
> Aan: [hidden email]
> Onderwerp: Re: [Samba] Windows server 2003 domain
> authentication with Samba version
> 4.7.0-git.23.4e3f0fb9d15SUSE-oS13.3-x86_64
>
> Dear Mr. Cardon!
> Na štvrtok, 9. novembra 2017 18:29:03 CET Denis Cardon via
> samba napísali:
>
> >
> > > IO would like to ask for help with diagnose why my Samba version
> > > 4.7.0-git.
> > > 23.4e3f0fb9d15SUSE-oS13.3-x86_64 in openSUSE Tumbleweed  can not
> > > authentificate me on Windows server 2003 domain
> > >
> > > in /etc/fstab  I have working combination - smb version
> only vorks if set
> > > to 1.0
> > windows 2003 support only smb1 protocol, smb2 was introduced with
> > winvista/win2k8. On version 4.7 Samba has modified the "client max
> > protocol" to SMB3_11, but "client min protocol" was not
> modified [1].
> >
> > However, since you are on a rolling release, you are
> probably on a very
> > recent kernel > 4.13. Your cifs module probably comes from
> that kernel
> > distrib, and there has been a change on the min protocol version by
> > default, see the thread on [2].
> >
>
> Thank you for your answer
> Maybe I write my question in not understandable form.
>
> CIFS mount works, but I can not login via Domain login and
> password  to the
> system on openSUSE.
> I just use fstab to demostrate part of SAMBA settings on my client
>
> I look forward hering from you and anybody else
>
> Yours faithfully
>
> Peter Fodrek
>
>
> > [1]
> https://wiki.samba.org/index.php/Samba_4.7_Features_added/changed
> > [2] https://bugzilla.redhat.com/show_bug.cgi?id=1474539
> >
> > > //192.168.1.131/shares  /home/fodrek/shares     cifs  
> > > credentials=/home/fodrek/
> > >
> cifs.creds,iocharset=utf8,sec=ntlm,cifsacl,user,nosuid,uid=fod
> rek,gid=use
> > > rs,vers=1.0 0 0
> > >
> > >
> > > On tyhe server I am detected as operating system
> > > Name:openSUSE Tumbleweed
> > > version: 20171104
> > > Service pack: 4.7.0-git.23.4e3f0fb9d15SUSE-oS13.3-x86_64
> > >
> > > Is it possible to help me with allowing to authentificate me into
> > > domain,please?
> > >
> > >
> > > I look forward hearing from you
> > >
> > > Yours faithfully
> > >
> > >
> > > Peter Fodrek
>
> -----------------------------------------
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Windows server 2003 domain authentication with Samba version 4.7.0-git.23.4e3f0fb9d15SUSE-oS13.3-x86_64

Samba - General mailing list
In reply to this post by Samba - General mailing list
On Fri, 10 Nov 2017 10:39:10 +0100
 wrote:

> > You should have said that in the first place, I thought it was a
> > CIFS problem ;-)
> >
> > Can you please post your smb.conf
>
>
> it is set by yast and its only content is as follows. It may be
> problem in kerberos method as I think
>
>
> [global]

Is that it ?
Just '[global]' ????

I think you should try reading this:

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

I would also suggest you upgrade your 2003 server, it is EOL.

Also, please don't send replies just to me, send them to the list.

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Windows server 2003 domain authentication with Samba version 4.7.0-git.23.4e3f0fb9d15SUSE-oS13.3-x86_64

Samba - General mailing list
In reply to this post by Samba - General mailing list
Na piatok, 10. novembra 2017 10:03:03 CET Rowland Penny via samba napísali:

> On Fri, 10 Nov 2017 09:51:14 +0100
>
> "Peter Fodrek,ml. via samba" <[hidden email]> wrote:
> > Dear Mr. Cardon!
> > Na štvrtok, 9. novembra 2017 18:29:03 CET Denis Cardon via samba
> >
> > napísali:
> > > > IO would like to ask for help with diagnose why my Samba version
> > > > 4.7.0-git.
> > > > 23.4e3f0fb9d15SUSE-oS13.3-x86_64 in openSUSE Tumbleweed  can not
> > > > authentificate me on Windows server 2003 domain
> > > >
> > > > in /etc/fstab  I have working combination - smb version only
> > > > vorks if set to 1.0
> > >
> > > windows 2003 support only smb1 protocol, smb2 was introduced with
> > > winvista/win2k8. On version 4.7 Samba has modified the "client max
> > > protocol" to SMB3_11, but "client min protocol" was not modified
> > > [1].
> > >
> > > However, since you are on a rolling release, you are probably on a
> > > very recent kernel > 4.13. Your cifs module probably comes from
> > > that kernel distrib, and there has been a change on the min
> > > protocol version by default, see the thread on [2].
> >
> > Thank you for your answer
> > Maybe I write my question in not understandable form.
> >
> > CIFS mount works, but I can not login via Domain login and password
> > to the system on openSUSE.
> > I just use fstab to demostrate part of SAMBA settings on my client
> >
> > I look forward hering from you and anybody else
> >

> You should have said that in the first place, I thought it was a CIFS
> problem ;-)
>
> Can you please post your smb.conf


it is set by yast and its only content is as follows. It may be problem in kerberos method as
I think

[global]


Yours faithfully
 
 Peter Fodrek
>
-----------------------------------------
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Windows server 2003 domain authentication with Samba version 4.7.0-git.23.4e3f0fb9d15SUSE-oS13.3-x86_64

Samba - General mailing list
In reply to this post by Samba - General mailing list
On Fri, 10 Nov 2017 11:38:00 +0100
 wrote:

> Na piatok, 10. novembra 2017 11:07:13 CET Rowland Penny via samba
> napísali:
> > On Fri, 10 Nov 2017 10:39:10 +0100
> >
> >  wrote:
> > > > You should have said that in the first place, I thought it was a
> > > > CIFS problem ;-)
> > > >
> > > > Can you please post your smb.conf
> > >
> > > it is set by yast and its only content is as follows. It may be
> > > problem in kerberos method as I think
> > >
> > >
> > > [global]
> >
> > Is that it ?
> > Just '[global]' ????
>
> Not realy, something cahnged text twice, It is included in text as
> weel as in attachement
>
> [global]
>
>        security = ADS        workgroup = 1ZVARACSKA        log file
> = /var/log/samba/%m.log kerberos method = system keytab        client
> signing = yes        client use spnego = yes idmap gid =
> 10000-20000        idmap uid = 10000-20000        usershare allow
> guests = No        realm = 1ZVARACSKA.SK
>                                                                                       template
> homedir = /home/%D/%U
>                                                                              winbind
> refresh tickets = yes
>                                                                               template
> shell = /bin/bash
>                                                                                  winbind
> offline logon = yes  
>
>
>
>
> > I think you should try reading this:
> >
> > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
> >
> > I would also suggest you upgrade your 2003 server, it is EOL.
> >
> > Also, please don't send replies just to me, send them to the list.
> >
> > Rowland
>
>

Firstly, do you think you could find another email client ?

Yast appears to be borked, it is producing an extremely old style
smb.conf, can I suggest you read this:

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

You said in another post that the windows server is maintained by a
third party, I beg to differ, it is being mis-maintained by a third
party. If it was being maintained, it would have been upgraded by now,
it went EOL 2 years ago.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Windows server 2003 domain authentication with Samba version 4.7.0-git.23.4e3f0fb9d15SUSE-oS13.3-x86_64

Samba - General mailing list
Na piatok, 10. novembra 2017 11:52:26 CET Rowland Penny via samba napísali:

> On Fri, 10 Nov 2017 11:38:00 +0100
>
> wrote:
> > Na piatok, 10. novembra 2017 11:07:13 CET Rowland Penny via samba
> >
> > napísali:
> > > On Fri, 10 Nov 2017 10:39:10 +0100
> > >
> > > wrote:
> > > > > You should have said that in the first place, I thought it was a
> > > > > CIFS problem
> > > > >
> > > > > Can you please post your smb.conf
> > > >
> > > > it is set by yast and its only content is as follows. It may be
> > > > problem in kerberos method as I think
> > > >
> > > >
> > > > [global]
> > >
> > > Is that it ?
> > > Just '[global]' ????
> >
> > Not realy, something cahnged text twice, It is included in text as
> > weel as in attachement
> >
> > [global]
> >
> > security = ADS        workgroup = 1ZVARACSKA        log file
> >
> > = /var/log/samba/%m.log kerberos method = system keytab        client
> > signing = yes        client use spnego = yes idmap gid =
> > 10000-20000        idmap uid = 10000-20000        usershare allow

> >
> > > I think you should try reading this:
> > >
> > > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
> > >
> > > I would also suggest you upgrade your 2003 server, it is EOL.
> > >
> > > Also, please don't send replies just to me, send them to the list.
> > >
> > > Rowland
>
> Firstly, do you think you could find another email client ?
>

Maybe it was misconfigurtation of kmail/kontact of myselfg. It may now work ok.



> Yast appears to be borked, it is producing an extremely old style
> smb.conf, can I suggest you read this:

I was newer



> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

Thank you. It looks like very similar to  way that I have used for stnadrad
ldap  authentification for login, ssh and subversion server in the past.


Kind regards
Peter

>
> You said in another post that the windows server is maintained by a
> third party, I beg to differ, it is being mis-maintained by a third
> party. If it was being maintained, it would have been upgraded by now,
> it went EOL 2 years ago.
>
> Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba