We are using FreeIPA for Linux accounts and a Windows DC for Windows accounts. Users were able to access their Linux file systems from Windows using their windows user name and password.
After upgrading samba from samba-4.10.16-7.el7_9.x86_64 to samba-4.10.16-18.el7_9.x86_64 users cannot authenticate and I get the following error message:
1.2.3.4.log: ../../source3/auth/auth_util.c:1889(check_account) check_account: Failed to convert SID S-1-5-21-xxxxxxx-xxxxxxx-xxxxxxx-1158 to a UID (dom_user[DOMAIN\username])
Winbind is still running
My smb.conf:
[global] netbios name = HOSTNAME security = ADS workgroup = DOMAIN realm = DOMAIN.FULL.NAME
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072 SO_SNDBUF=131072 use sendfile = true dns proxy = no
log file = /var/log/samba/%m.log max log size = 50 log level = 1
client signing = required server signing = auto
[Tmpdisk] comment = TMP-Disk public = yes path = /tmp browsable = Yes read only = No
Nothing else updated or changed. What do I miss? This setup was working for years..
Thank you in advance!
Gerhard Schneider
Am 04.02.2022 um 18:30 schrieb Gerhard Schneider:
After upgrading samba from samba-4.10.16-7.el7_9.x86_64 to samba-4.10.16-18.el7_9.x86_64 users cannot authenticate and I get the following error message:
It seems that the problem is related to https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1954342
and some backported security fix is breaking Samba
The remove_domain.pl workaround mentioned IS working for me! (but it should NOT be a final solution - should it?) :-D
Shall I open a bug at RedHat?
Gerhard Schneider
-
Gerhard Schneider