Samba Server Role Primary Domain Controller Issue With Windows 10/11 update 07/2023

[sbharvey]

As title suggests Samba Server Role PDC is not allowing Remote Desktop Access to work if Windows Hosts are joined to domain provided by Samba Server. Also Linux hosts cannot mount via mount.smb3 . If users try to mount a Window10 Host share they will receive a trusted server fault error.
See Bugzilla link:
https://bugzilla.samba.org/show_bug.cgi?id=15418#c0

It appears there is a lot of activity on this bug, but at some point, it appears those working on it will solve the issue. When the issue is resolved, I suggest the Clear Linux distribution be updated to include samba with the latest fixes.

[sbharvey]

It looks like Samba-Bugzilla bug 1548 status has changed to "Solved" Looking at the Clear Linux release notes for
Clear Linux build 39660 is reporting that the samba changes as follow: "samba 4.18.1-182 -> 4.18.1-183"

The fix for secure channel faulty since Windows 10/11 update 07/2023 has been released as follow:
Stefan Metzmacher 2023-07-20 07:25:38 UTC
Fixes are released in samba-4.16.11, samba-4.17.10 and samba-4.18.5,
the follow up will be tracked in https://bugzilla.samba.org/show_bug.cgi?id=15425

What's to stop the version of samba with Clear Linux changing form 4.18.1.xxx to 4.18.5.xxx sometime soon?

[sbharvey]

I have also had the July 2023 Windows 10 update affect mount.smb3 command functionality with Windows 10 hosts. I have entered a new bug report at bugzilla.samba.org. There is a comment at the end that is suggesting to update samba to 4.18.5 for security purposes. See comments and quote and the link of the bug at bugzilla.samba.org.

"Rowland Penny 2023-07-22 06:51:09 UTC
You will either need to patch your version of Samba or wait until Clear OS provides new packages that use the latest Samba version 4.18.5 , released for security purposes, the patch is also in that release."

https://bugzilla.samba.org/show_bug.cgi?id=15428#c2

[Aqua1ung]

I see Samba updated to 4.18.5 in 39690. Does that work to your liking?

[sbharvey]

I have stood up my VMware 16.2 server and 2 windows host environment. I was able to run Wireshark on Clear Linux server as well as confirm the mount.smb3 function works.

I added Wireshark transcript data to the samba Bugzilla
site/ticket: https://bugzilla.samba.org/show_bug.cgi?id=15428#c2
Thank you for updating Clear Linux to samba version.

Keep this ticket open if there is some kind of regression testing that
is done to verify fitness with further Clear Linux builds, otherwise.
you can close it.

======================================================
Fri Jul 28 08:53:53 AM PDT 2023
======================================================
Version of software
==================================================================
Server:
swupd info
Distribution: Clear Linux OS
Installed version: 39690
Version URL: https://cdn.download.clearlinux.org/update
Content URL: https://cdn.download.clearlinux.org/update

samba --version
Version 4.18.5

krb5-config --all
Version: Kerberos 5 release 1.21.1
Vendor: Massachusetts Institute of Technology
Prefix: /usr
Exec_prefix: /usr

uname -a
Linux clr-linux-srv 6.4.5-1338.native #1 SMP Sun Jul 23 06:26:44 PDT 2023 x86_64 GNU/Linux

[Aqua1ung]

Will installing Samba on my network allow me to share each computer's USB drive with all the other computers on the network?

[sbharvey]

On the windows side that, easy you create a share that can be mounted on the Linux server with mount.smb3. You will have
to supply credentials for ether the windows domain or the workstation you are mounting the share from.
For example, this is sample usage. There is a man entry for mount.smb3.

In this case the Jennifers could be share that is exposing a USB drive that is on the Windows work station.

mount.smb3 //harvey-video.harvey.net/Jennifers /mnt/net/harvey-video.harvey.net/jennifers -o cred=/root/Documents/compact-flashOrSD-DriveArchive/cred.txt

So the answer to your question is yes. If the macines are other Windows hosts. If they are other Linux servers you
would not do this you would use nfs. (Uninx/Linux file service.)