# Inability to authenticate to Samba share after recent update



## darrendavid (Aug 17, 2018)

Hi all-

Scratching my head on this one. I updated to 11.2-RELEASE when it came out, rebuilt all ports from scratch, and aside from a few hiccups, everything had been working beautifully. Yesterday, I updated to 11.2-p2 and brought all installed ports up to date, and suddenly I'm unable to authenticate against any of my Samba shares (I've got samba48-4.8.4 installed). To be honest, it seems to fluctuate between not accepting valid credentials and flat out refusing the connection. I've tested from both Windows and OSX. This was all working fine before the updates, so I'm at a loss for what's happening.

Some additional information and troubleshooting steps:
- I I found this thread regarding NTLM auth, but no permutation of changes on Windows or in smb4.conf made a difference.
- This seemed like an outlier (And it's FreeNAS, I know) but for kicks and grins it didn't change things.
- It is interesting that in the logfile for my Windows laptop in /var/log/samba I'm seeing repeated lines of 

```
[2018/08/17 12:28:58.711145,  1] ../source3/smbd/service.c:521(make_connection_snum)
  create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
```

I'm thoroughly stumped as to how to troubleshoot here. I also recognize that I might have tweaked something else that might have caused these issues, just not sure where to look.

Thanks in advance for any and all insights.

Darren


----------



## `Orum (Aug 18, 2018)

Just to clarify, you were running 4.8.4 before, without issue, and since going from 11.2 -> 11.2-p2, and rebuilding samba (without updates/changes to your ports tree or port configuration) things stopped working?  If that's the case, I'm stumped as well unless samba does something weird with IP fragmenting.

I had an issue a few weeks back going from 4.5 -> 4.8 recently, but that was because I wrongly assumed the machine had AES-NI when it didn't, and was fixed just by turning that off.  Much more recently a user couldn't authenticate to our 4.8.4 DC, but that was resolved by rebooting the machine (the Win7 client); I suspect the issue may have been due to the recent patches being applied from MS.

*Edit: *I'll take a closer look at the logs when the user couldn't log in if you're interested.


----------



## darrendavid (Aug 20, 2018)

I was running 4.8.2 without issue. For purposes of testing, I just tried installing Samba 4.7.9 and I'm having the same behavior, so I'm guessing the issue is elsewhere. Still stumped.


----------



## darrendavid (Aug 20, 2018)

Aha! I had added myself to wheel for a sec, and my smb4.conf was set to disallow logins from wheel. Hooray for debug logging.


----------

