Bjoern Voigt wrote:
> After upgrading Samba 4.7.6 to 4.8.0 I could not authenticate anymore
> from Windows 10 and with mount.cifs. smbclient had no problems.
I got exactly the same issue with my recently updated Tumbleweed and all Windows 7
laptops trying to connect.
Windows 10 works and I can connect to other linux workstations, thus it hardly looks like
the same issue.
Log is same
> From /var/log/samba/log.smbd:
> [2018/04/09 21:26:50.820964, 2]
> check_ntlm_password: Authentication for user [myusername] ->
> [myusername] FAILED with error NT_STATUS_LOGON_FAILURE, authoritative=1
> [2018/04/09 21:26:50.821022, 2]
> Auth: [SMB2,(null)] user \[myusername] at [Mon, 09 Apr 2018
> 21:26:50.821006 CEST] with [NTLMv2] status [NT_STATUS_LOGON_FAILURE]
> workstation  remote host [ipv4:192.168.111.11:54644] mapped to
> \[myusername]. local host [ipv4:192.168.111.2:445]
> After downgrading to Samba 4.7.6 with "tumbleweed switch 20180401" the
> issue was resolved.
I don't want to roll back to an older tumbleweed since this will get me in other
troubles with the graphics card
I could fix my Samba 4.8.0 installation by removing
the [global] option
"domain logons" for NT4 domain logons. I do not know the reason, why
this is necessary.
I have no such entry in my smb.conf, the only entries connected to that topic are:
workgroup = XXX
password server = xxx.xxx.xxx.xxx
log level = 1 auth:10 winbind:10
usershare allow guests = No
#kerberos method = secrets and keytab
realm = XXX.XXX.XXX
security = ADS
#usershare max shares = 100
#client use spnego = yes
#client signing = yes
It doesn't matter if I comment those in/out, thus I am now a bit stuck between here
Is there a simple way to downgrade only samba in order to further test?
I didn't found a simple way yet to downgrade that package only, but I will if I can
access the rpms.
However, this should be only the final step to verify between which update of samba this
This email and any attachments are intended solely for the use of the individual or entity
to whom it is addressed and may be confidential and/or privileged.
If you are not one of the named recipients or have received this email in error,
(i) you should not read, disclose, or copy it,
(ii) please notify sender of your receipt by reply email and delete this email and all
(iii) Dassault Systemes does not accept or assume any liability or responsibility for any
use of or reliance on this email.
For other languages, go to http://www.3ds.com/terms/email-disclaimer