Re: Gentoo, Samba, Upgrade, Authentications now failing

[Jason Gerfen <jason.gerfen@xxxxxxxxxxxx>]

Ivan Ordonez wrote:
> Hi Jason,
>
> Sorry I can't be of any help but I am thinking about updating our PDC to 
> 3.0.30 but afraid it will have the same problem.  I have a few questions 
> if you don't mind.
>
> 1.  Can a PDC be remove on the domain and join again?  if so, who will 
> be the login server to authenticate the process of joining the PDC to 
> the domain?  I have two BDC and one PDC.
%> net ads join -U ADMINISTRATOR@DOMAIN <-- joins samba server to domain 
(could be PDC, BDC or Domain member server types depending on config)
%> net ads leave -U ADMINISTRATOR@DOMAIN <-- this will remove the 
machine account from active directory
> 2.  Can you roll back to Samba 3.0.24 if you emerge 3.0.30
Nope, the lastest in portage right now is 3.0.28
> Thanks to any info you can provide.
>
> -Ivan
>
>
>
> Jason Gerfen wrote:
> > I rolled it back and experienced the same problems so I went ahead and 
> > followed the following steps during the upgrade to 3.0.30
> >
> > 1. Removed machine from domain trust user account
> > 2. Uninstalled samba
> > 3. Re-installed latest 3.0.30 using Gentoo's emerge facility
> > 4. Used Kinit with domain admin account
> > 5. Joined machine to domain
> > 6. Ensured that krb5auth using winbind worked (now working, had to 
> > modify user accounts in active directory. even having to go so far as 
> > to remove user, and recreate then apply the RFC2307 schema attributes)
> >
> >
> > Everything is authenticating again but I am not able to get the 
> > pam_mkhomedir.so object create my user directories.
> > relevant file info:
> >         nt acl support = yes
> >         inherit permissions = yes
> >         create mask = 0022
> >         template homedir = /home/samba/%U
> >
> >         comment = %U Home directory
> >         browsable = yes
> >         read only = yes
> >         create mask = 0022
> >         force create mode = 0022
> >         directory mask = 0022
> >         force directory mode = 0022
> >         path = /home/samba/%U
> >
> > %> ls -lah /home
> > drwxrwxrwx  2 nobody users  48 Jun  2 09:48 samba
> >
> > Am I missing something with the permissions? I know, they are at 755 
> > for now so I can figure out why its not working. What is the best 
> > practice for this folders permissions? Thanks.
> >
> > Jason Gerfen wrote:
> > > John Drescher wrote:
> > > > > Ok I have updated it and am no able to authenticate. It seems that 
> > > > > even
> > > > > though my smb.conf shows 'client plaintext auth = no' in the logs when
> > > > > performing a 'wbinfo --krb5auth=username%password' it shows
> > > > >
> > > > > plaintext kerberos password authentication for [username%password] 
> > > > > failed
> > > > > (requesting cctype: FILE)
> > > > >
> > > > > Any ideas? I do appreciate any help I can get on this. Here is some 
> > > > > version
> > > > > information: Version 3.0.30
> > > > > --
> > > >
> > > > Sorry that did not help. For now I am out of ideas. Hopefully someone
> > > > knows how to fix that soon otherwise I would go back to the last
> > > > version that worked.
> > > No worries, I will roll it back to 3.0.28. I am not sure why it would 
> > > use plaintext vs. the ntlmv2 that is specified in the config.
> > >
> > >
> > > > John


--
Jas
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba