Koozali.org: home of the SME Server
Obsolete Releases => SME Server 9.x => Topic started by: Raphaël on January 16, 2021, 10:32:43 AM
-
Hi and sorry sorry poor English.
We have a problem on a production SmeServer 9.2 with the SME serving as a Domain controller.
I think, there is a (recent, after the correction of the Yum update error) update that prevents new users of a client (on Windows 10, already mounted to the domain) from connecting.
It's a "The specified domain does not exist or could not be contacted" error style.
Old users log in without a problem.
I installed a fresh test SME 9.2 without updating, inject the backup, and the same new user on the same client connect without any problem.
Is anybody else have this problem ?
Thank you, i hope my message is clear.
-
Latest e-smith-samba updates default to smb2 to match standard Windows 10 having smb1 turned off..
You can set smb1 by a db command - see this bug https://bugs.contribs.org/show_bug.cgi?id=10970
other way is to downgrade to previous e-smith-samba rpm
-
I have a very similar problem (possibly related). Smeserver 9.2 with the latest updates acting as a "Workgroup and Domain controller". I am unable to "add" a newly created domain user to a Windows 10 Pro computer (latest updates 20H2 ver 19042.746) which is already connected to the domain. Error message is "This PC is having problems communicating with the domain".
If the domain user has already logged on to the Windows 10 computer (ie. they have a local profile in c:\Users) there is no problems logging in but if I try to login with an existing domain account not previously logged in to that PC, I get this error: "We can't sign you in with this credential because this domain isnt available. Make sure your device is connected to your organization's network".
I have seen this problem on two different smeserver 9.2 domain controllers. I was able to remove the computer from the domain and then add it back to the domain without any problems. I tried to rename the computer then remove and add it back to the domain and also have tried the following:
#config setprop smb ServerMinProtocol SMB1
#expand-template /etc/samba/smb.conf
#signal-event post-upgrade
#signal-event rebootand
#yum downgrade e-smith-samba
#signal-event post-upgrade
#signal-event reboot
And still unable to add a new domain user to the PC or logon with an existing domain account (that has no local profile). No issues logging in with a previous user account that has logged on before. Not sure what's going on.
Best Regards,
Lloyd
-
Hi.
As TerryF have mentioned I have downgraded the e-smith-samba-2.4.0-27.el6.sme package to the e-smith-samba-2.4.0-24.el6.sme package and now, i can connect new users.
It's seems not possible to desactive SMB1 in Windows 10, without downgrading the samba package, and use smeserver 9.2 as a Domain Controller.
Regards
Raphaël
-
OK I just checked and mine is working now also. I'm sure I tried it after re-booting both the workstation and server and it wasn't working but now is? Thanks Terry.
-
There is more to the update than just a change to smb used, that was the major one for windows users but also includes other changes to samba from upstream..
Anyway glad a simple downgrade solves the issue, I am happy on the latest :-)
Added: Very Unlikely to be any future updates or changes, pretty well zero :-)
-
I should add here I also use wsdd on my sme9 home server and one in a NFP setting, both have smb2 enabled does the job in those situations.
-
What are the commands to install the downgrade?
I've never had to do this before, and am having this problem.
I have downloaded the RPM, and have it copied to the server.
I am using SME 9.2
Would I have the same issue if I upgrade to SME 10?
TIA
-
Dont need to download etc..
just issue a # yum downgrade e-smith-samba - from the cli
Added: this also means your windows clients remaining with smb1, Mr Microsoft has tried to dump it last 2-3 years, who knows what the next MS update will bring
-
I did as you said, and this is what it responded with. I tried this on two servers.
# yum downgrade e-smith-samba
Loaded plugins: fastestmirror, smeserver
Setting up Downgrade Process
Loading mirror speeds from cached hostfile
YumRepo Error: All mirror URLs are not using ftp, http or file.
Eg. Invalid release/repo/arch combination/
removing mirrorlist with no valid mirrors: /var/cache/yum/x86_64/6/base/mirrorli
st.txt
Error: Cannot find a valid baseurl for repo: base
Not sure why there are lines through part of this. just doing a copy and paste
-
Have you followed the details provided here? https://forums.contribs.org/index.php/topic,54338.0.html
The reason I ask is I just tried the downgrade and it worked OK
https://forums.contribs.org/index.php/topic,54338.0.html
-
Would I have the same issue if I upgrade to SME 10?
TIA
There is no upgrade to sme10 as yet, beta is close to release, use in prod environment at your own risk. SME10 and the wsdd work fine on my test VMs, if it does the job for you only testing will tell.
-
I can confirm the same problem of ldkeen for me: to be able to add domain users locally the only solution is downgrading to e-smith-samba-2.4.0-24.el6.sme.noarch and enable SMB1.0 in Windows 10.Maybe there are some more tricks to be applied to have full functionality with SMB2.0.
Another important thing to test over SME10.
-
I should add here I also use wsdd on my sme9 home server and one in a NFP setting, both have smb2 enabled does the job in those situations.
Remember that wsdd was not released as a contrib for v9 so they probably won't have it.
Also likely forcing use of SMB2 disables the old netbios network browsing so W10 can't 'see' the server.
Connecting via IP should work for connecting to domains
Setting Samba to SMB v1 should also work by name (without having to downgrade) if W10 has SMB v1 enabled.
Samba with SME v10 with SMB v3 works for browsing with the wsdd contrib but needs testing.
-
Remember that wsdd was not released as a contrib for v9 so they probably won't have it.
Also likely forcing use of SMB2 disables the old netbios network browsing so W10 can't 'see' the server.
Connecting via IP should work for connecting to domains
Setting Samba to SMB v1 should also work by name (without having to downgrade) if W10 has SMB v1 enabled.
Samba with SME v10 with SMB v3 works for browsing with the wsdd contrib but needs testing.
https://linux-blog.anracom.com/2020/05/24/samba-4-shares-wsdd-and-windows-10-how-to-list-linux-samba-servers-in-the-win-10-explorer/
This seems to give a good summary.
-
We have a contrib for wsdd on v10......
I built it last year. It is still in testing, for those who want to help test v10.
I have no idea about domain logons as I have no Windows....
The real answer is for everyone to help with v10. Many hands make light work.
-
We have a contrib for wsdd on v10......
I built it last year. It is still in testing, for those who want to help test v10.
I have no idea about domain logons as I have no Windows....
The real answer is for everyone to help with v10. Many hands make light work.
Contrib Name + Repository ?
-
Contrib Name + Repository ?
Same place as all contribs are for testing.
We don't generally publicise them because SME is currently still Alpha and there have been massive ongoing changes that break things overnight.
We just haven't got enough time to support general queries on stuff breaking in Alpha when the answer will probably be down to some breaking change.
It is far too easy right now to break your install by making a small mistake.
We will start releasing contribs to the contribs repo after things have stabilised with a Beta and we can then fully re-test contribs against it.
If you want to help properly *test* something specifically just talk to us on Rocket in the development team and we can guide you.
You have an account......
-
Contrib Name + Repository ?
Might be worthwhile having a look at the home of wsdd on Git, some useful info there
https://github.com/christgau/wsdd