Topics Map > University of Chicago > IT Services > Accounts, Identity, & Security > Access Management

Active Directory - Samba Issues

This article describes how to address potential compatibility problems between Samba 3.x and Windows Active Directory 2008r2.

IT Services has come across a few issues with samba versions prior to version 3.3 that will cause authentication to fail if negotiating with Windows 2008 R2 Active Directory. Officially, these issues were fixed in version 3.4, however patches are available for version 3.3. These fixes cannot be back-ported to Samba 3.2 or earlier, due to limitations in those branches' implementations of the full NetBIOS protocol suite. Since ITS is in the process of upgrading all AD servers to 2008 R2, we recommend that you upgrade to a stable, supported version.

Samba Versions Affected

Any version of Samba prior to version 3.4. This includes RHEL 4 and RHEL 5. RHEL 6 is not affected, since its default package is version 3.5.10. If you are using another distribution, then please check the Samba version to verify if you are affected.

Solution

RHEL 4:

There is no update package that fixes this issue, and the latest channel package is version 3.0.33. You will need to either compile a later package from source, or upgrade to RHEL 5 or later.

RHEL 5:

Follow these steps to install. You will need root privileges to complete this task. Step 6 requires adequate privileges to join a machine to a domain, therefore it requires an AD admin rebind to the domain.

  1. yum remove samba samba-common
  2. yum install samba3x-winbind
  3. cp /etc/samba/smb.conf.rpmsave/etc/samba/smb.conf
  4. cp /etc/samba/secrets.tdb/var/lib/samba/private/
  5. /sbin/service winbind start
  6. net ads join -U [userid]

For more information, refer to the following articles at Samba-Bugzilla:




Keywords:ad winbind samba-bugzilla   Doc ID:24402
Owner:Dan K.Group:University of Chicago
Created:2012-05-18 13:22 CSTUpdated:2016-10-13 12:42 CST
Sites:University of Chicago, University of Chicago - Sandbox
Feedback:  0   0