![]() |
|
OpenBSD Packages and Ports Installation and upgrading of packages and ports on OpenBSD. |
![]() |
|
Thread Tools | Display Modes |
|
|||
![]()
Hi,
I tried signing up for the Samba general mailing list four or five days ago now but haven't been granted access yet, so I thought I'd try asking here even though it's probably not an OpenBSD specific problem. Though may it is since OpenBSD is so locked down out of the box and I may be missing something I need to unlock. I have a sandbox where I play with older computers like Sun SPARCclassics and Ultra1s, and is also set up for retro LAN gaming. I decided to standardize most of the Sun boxes on the latest versions of OpenBSD that support their architectures (5.9 for Sun4c & Sun4m, 7.4 for Sun4u). I have a Debian 7 server with RAIDs to store all the packages, configs, etc. I like to use Samba to transfer the files back and forth. But the other main use for SERVER3 is to offer up shares to the WinXP & Win98 gaming desktops. So I don't want to deal with upgrading the whole Samba setup right now--I have too many other things I need to get done first. Please note that I'm not trying to access SUN6's share from SERVER3--I just want to attach to SUN6's share from a XP desktop I use for doing all the configuration on all the headless unix boxes. But I don't want to keep the passwords on SUN6, I want it to authenticate with SERVER3 like all my other smbd do. Here are the configs, minus all the parameters that are (I hope) irrelevant. SERVER3 "The authentication server" = Debian 7 "Wheezy" Samba-3.6.6-6 NOTE: This config has been working great for many years, I don't want to screw it up. [global] workgroup = WORKGROUP1 netbios name = SERVER3 server string = Samba Server %v on %h map to guest = Bad User obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes lanman auth = Yes client NTLMv2 auth = No client lanman auth = Yes client plaintext auth = Yes name resolve order = lmhosts host wins bcast logon script = %U.bat logon path = \export\logon domain logons = Yes os level = 33 preferred master = Yes domain master = Yes wins support = Yes usershare allow guests = Yes idmap config * : range = idmap config * : backend = tdb SUN6 "The authentication client" = OpenBSD-SPARC64 7.4 Samba-4.19.0v0 NOTE: I've been experimenting with different options here, this is just what is current. [global] workgroup = WORKGROUP1 netbios name = SUN6 server string = Samba Server %v on %h server role = MEMBER password server = SERVER3 hosts allow = 192.168.0. 127. dns proxy = no [sd2a] comment = sun6 filesystem share path = / valid users = root admin users = root read only = no browsable = yes To configure the various samba servers to all authenticate to SERVER3 I have always used this method: SERVER3# useradd -u 1006 -g 1006 -c "SUN6 Samba" -s /sbin/nologin -d /dev/null SUN6$ SERVER3# smbpasswd -a -m SUN6$ SUN6# smbpasswd -j WORKGROUP1 -U root SUN6# net join -S SERVER3 -U root ===But instead of joining, I get the following two lines of output=== Password for [WORKGROUP1\root]: Failed to join domain: failed to lookup DC info for domain 'WORKGROUP1' over rpc: The transport connection is now disconnected. These are old configs from when some of the other Sun boxes were running Samba 3 that has worked for a long time: SUN1 [global] workgroup = WORKGROUP1 netbios name = SUN1 server string = Samba Server %v on %h security = SERVER encrypt passwords = true password server = SERVER3 restrict anonymous = Yes name resolve order = host lmhosts wins bcast preferred master = False local master = No domain master = False hide dot files = No wide links = No follow symlinks = No [sda1] comment = SUN1 filesystem share path = / username = root read only = No SUN4 [global] workgroup = WORKGROUP1 netbios name = SUN4 server string = Samba Server %v on %h security = SERVER encrypt passwords = Yes password server = SERVER3 name resolve order = host lmhosts wins bcast preferred master = False local master = No domain master = False mangle case = Yes hide dot files = No wide links = No follow symlinks = No [sd0a] comment = SUN4 filesystem share path = / username = root read only = No I've been searching for the answer, but I don't think I'm using the correct search terms because I've been using this setup for many years now and don't remember the correct terminology. Any help getting this working would be greatly appreciated! Thanks, DJ |
|
|||
![]()
There are many results when you google for failed to lookup DC info for domain.
IIRC some older protocols used by Samba have been replaced with newer ones and interoperability between versions may not be not longer supported. I used to backup my wife's DOS 7.x computer with Samba on FreeBSD.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
![]()
Yes, and I've spent many hours now reading a bunch of them to no avail. Unfortunately that seems to be a rather generic error message because many of the matching search results were very old or involved situations/configurations which I could in no way relate to my issue. I've been running debug to the max on both the client and server but when I search with the output of the logs I'm still not finding anything useful. So hoping someone here has some experience with a similar set up.
That's pretty cool. I used Samba shares to network/PXE install Win98 for a long time, and used to use sharity on old Sun boxes. But it's always just been a useful tool for me that I knew only the bare minimum about. I've never run into a problem with it before that stumped me like this one. Thanks, DJ |
|
|||
![]()
IIRC Windows 10 does not support the old 1.0 version of SMB. This is confirmed by https://www.andreszsogon.com/fix-smb...ows-98-and-10/
Quote:
Code:
PROTOCOL VERSION FIRST CLIENT VERSION FIRST SERVER VERSION SMB 1.0 Windows 95/98/XP Windows Server 2003 SMB 2.0 Windows Vista Windows Server 2008 SMB 2.1 Windows 7 Windows Server 2008R2 SMB 3.0 Windows 8 Windows Server 2012
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
![]()
That is good info, I'll have to copy it into my notes. However, that doesn't shed any light on my current issue. If I understand correctly it is that the package for OpenBSD 7.4 is Samba 4.19, while my domain controller is Samba 3.6 on Debian. When I use the "net join" command to join the OpenBSD box to the existing domain and get it to authenticate against the Samba user db on the 3.6 box it fails. But I can't figure out what the Samba 4 "net join" is doing different than the Samba 3 "net join" does and thus what the Samba 3 server doesn't like about the Samba 4 "net join".
The XP, Win98, and Suns running old versions of OpenBSD (and thus Samba) are all able to do this just fine. Frustrating that so far neither looking at debug logs or searching has revealed to me why Samba 3 is rejecting the Samba 4 "net join". Thanks, DJ |
|
|||
![]()
I was trying to point out the possibility of protocol incompatibility. A few years ago I wanted to scp some data from an old OpenBSD box. It failed because the new scp did not support the older authentication keys anymore.
The Samba 4 net join could be using a newer authentication protocol version. And Samba 3.0, being older, does not yet know this newer version. They both seems to be able to communicate on a basic level, but maybe Samba 4 uses a new protocol enhancement that Samba 3 does not know yet.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump Last edited by J65nko; 11th February 2024 at 11:06 AM. |
|
|||
![]()
Yes, I think you are correct. Now I just need to find information about what could have changed and if I can set some parameter to make the net join backwards compatible.
Thanks DJ |
|
|||
![]()
You could download the ports tree and check which compile time options were used to build samba4. I can imagine for example they disabled a samba 3.0 compatibility layer. Just guessing
![]() Or compare with the samba3 ports tree. You can use https://openports.pl/path/net/samba to get an URL to the CVS or github mirror source file repositories. At this moment you are trying to authenticate against a Samba 3.x on you Debian box. Cannot you try a more recent Linux live CD/USB that has Samba4.x? IIRC Linux Mint USB images comes with the latest Samba4.x MX Linux, can be run from a live USB stick and has a tool for configuring Samba. See https://mxlinux.org/wiki/help-files/...-samba-config/
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
![]()
That might help get a clue. It seems highly likely that your guess is dead-on. What am I looking for, the CONFIGURE_ARGS in the Makefile???
I could try that but I'm not sure it would help me figure out why 4 to 3 doesn't work, I'm sure 4 to 4 is working. I guess it might be a better use of time to look into the compile options--or maybe even see if I can do a packet capture and if that reveals any hints. I also need to double check the logging on the 3 server, I should be seeing something there but I'm not even though Samba is writing tons of log files. Thanks, DJ |
|
|||
![]()
Yes, IIRC the CONFIGURE_ARGS are the compile time options. But you need to figure out from the Samba docs which one(s) to add.
You get an authentication error. Maybe the Kerberos protocol version is the culprit. See https://wiki.samba.org/index.php/Run...T_Kerberos_KDC RE: Samba4 server If if works with the Samba4 server you will know, that it is not something in your configuration. Just rule out as many possible errors as you can ![]() As an alternative you could try to contact the OpenBSD port maintainer, that could save you some time.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
![]() |
Thread Tools | |
Display Modes | |
|
|
![]() |
||||
Thread | Thread Starter | Forum | Replies | Last Post |
[7.2] Samba: NT_STATUS_CONNECTION_DISCONNECTED | CiotBSD | OpenBSD Packages and Ports | 0 | 20th November 2022 06:58 AM |
Samba 3.6.0 released | J65nko | News | 0 | 9th August 2011 07:55 PM |
ACL, Samba ACL, FTP acl | da1 | FreeBSD General | 3 | 3rd April 2009 10:14 PM |
Samba + acl | bichumo | General software and network | 0 | 30th June 2008 09:49 AM |
Samba NOT STARTING | pcfxer | FreeBSD General | 11 | 13th May 2008 09:29 AM |