# upgraded samba, share authentication broken now [SOLVED]

## plut0

I just upgraded from samba-3.0.24-r2 to 3.0.26a-r2.  I have a share that uses windows authentication from our domain.  This worked on the old version, now it won't authenticate on the new version.

emerge samba -pv:

```
[ebuild   R   ] net-fs/samba-3.0.26a-r2  USE="acl ads -async automount caps cups doc -examples -fam -ipv6 ldap pam python quotas readline (-selinux) swat syslog winbind" LINGUAS="-ja -pl" 0 kB
```

smb.conf:

```
[global]

        netbios name = HOSTNAME

        socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384

        idmap uid = 10000-20000

        idmap gid = 10000-20000

        winbind separator = +

        winbind use default domain = yes

        winbind enum users = no

        winbind enum groups = no

        workgroup = DOMAIN

        os level = 0

        password server = *

        preferred master = no

        local master = no

        domain master = no

        max log size = 50

        log file = /var/log/samba/log.%m

        encrypt passwords = yes

        dns proxy = no

        realm = DOMAIN.COM

        security = ADS

        wins server = 172.16.x.x

        wins proxy = no

        use sendfile = no

[software$]

        comment = Software

        guest ok = no

        public = no

        browseable = yes

        writeable = yes

        valid users = @"DOMAIN+domain admins"

        path = /home/Software

        force user = root

        force group = users

        create mask = 0664

        directory mask = 0775
```

I downgraded to 3.0.24-r3 and it worked again so something is wrong with the new version or I'm missing something.  Any idea what is wrong?Last edited by plut0 on Mon Nov 26, 2007 7:27 pm; edited 2 times in total

----------

## ScOut3R

I've also upgraded Samba on one of my servers and all the XP clients couldn't connect to the simple shares. So this problem occurs even if you don't use Samba as a PDC. I've head a serious headache when the sysadmin called me that the accounting and banking stopped at the company because of the upgrade.

----------

## plut0

I adjusted the topic accordingly.  This puts us in a really bad situation because of the security advisory, GLSA 200711-29 Samba: Execution of arbitrary code.

----------

## ScOut3R

Check out this topic.

----------

## plut0

Thanks for the link.  I can confirm that using the IP address does work.

Is there a fix for the hostname?  Perhaps a configuration option that is needed now?

----------

## ScOut3R

Haven't tried it myself yet, but check this out:

```

Changes to MS-DFS Root Share Behavior

=====================================

Please be aware that the initial value for the "msdfs root" share

parameter was changed in the 3.0.25 release series and that this

option is now disabled by default. Windows clients frequently require

a reboot in order to clear any cached information about MS-DFS

root shares on a server and you may experience failures accessing

file services on Samba 3.0.25 servers until the client reboot

is performed. Alternately, you may explicitly re-enable the

parameter in smb.conf. Please refer to the smb.conf(5) man page

for more details.
```

----------

## plut0

Thanks, that fixed it!

```
[global]

msdfs root = yes
```

----------

## ScOut3R

Great! I'll try it out myself when i'll get to it.

----------

## Dagger

I was supposed to update my samba servers last saturday. Good I decided to delay it for another week or I would be in trouble!

----------

## skogs

My this was frustrating.  Why couldn't I find this thread yesterday during the schedule maintenance window?  Here I've been beating my head against the wall, tearing apart configuration files, when all that was really necessary was the customary Redmond Fixall...the reboot.  

I just sort of assumed that since I'd just upgraded samba and pam, that samba/pam was the problem...not a simple reboot of the CLIENT windows pc.  ARgh...

Golf Word.

----------

