If you have samba as a domain member with: [global] allow trusted domains = no [share] force user = localunixuser Then smbd rejects any user connecting as the local unix user as it is considered not a trusted domain which is incorrect. Patch will follow.
This bug was referenced in samba master: ad0c0dd071401d98f0b7f595efbdf5312a165ab4 00034d022896f879bf91bb78eb9e2972162c99ce
Created attachment 18193 [details] patch for 4.19
Reassigning to Jule for inclusion in 4.19.
Pushed to autobuild-v4-19-test.
This bug was referenced in samba v4-19-test: b3ac235ba966c93744a457bd7014ec6f0503f1e5 62c90dfa32e7918e898c321dd81617c2e6da58ff
Closing out bug report. Thanks!
This bug was referenced in samba v4-19-stable (Release samba-4.19.4): b3ac235ba966c93744a457bd7014ec6f0503f1e5 62c90dfa32e7918e898c321dd81617c2e6da58ff
After updating one of our systems from Debian Buster (Samba 4.9.5) to Debian Bullseye (Samba 4.13.13) it looks like we are being hit by this issue. Are there any plans of backporting this patch to 4.13 of 4.17 (backports / Debian stable) ? Should I log this in Debian's bug tracker instead ? For search index reference, this is the error you get from smbclient in this case: $ smbclient -k //server.domain.com/Share tree connect failed: NT_STATUS_AUTHENTICATION_FIREWALL_FAILED Thanks,
(In reply to glorang from comment #8) I doubt very much if this will get directly fixed in 4.17.x by Samba. Samba provides support for the last three versions, which means, at this time, 4.20.x will get all fixes, 4.19.x will get maintenance fixes and 4.18.x will only get security fixes. Debian may decide to backport this fix, I suggest you ask them.