[Samba] SMB1 Domain stopped working after updates quick solution needed
Mark Bannister
mark at injection-moldings.com
Mon Jun 12 19:06:56 UTC 2023
Simple small domain network running on a VM instance.
Windows 10 browsing and shares not working. I MUST have SMB1 working in
order for a legacy database (Corel Paradox with Borland BDE) to work.
We are migrating away from this but it won't happen today. Error
message from clients log
"./../source3/smbd/server_exit.c:239(exit_server_common)
Server exit (no protocol supported"
History:
Just updated from Ubuntu 18 up to 22.04.2 using stand Ubuntu repositories.
Everything seemed to be working but then I couldn't join a new
workstation to the domain (been a long time since that was an issue).
Read a few posts about Windows 22H2 causing isusses so I updated Samba
via add-apt-repository ppa:linux-schools/samba-latest
Did not fix the issue.
If I set server max protocol = NT1 to "server Min protocol" browsing
and shares work but I get locking errors on the database lock files and
it freezes the database (note veto op locks parameter in smb.conf).
I reverted back to Version 4.15.13-Ubuntu but the same behavior.
This was a working installation so SMB1 is activated on all Win10
workstations.
I've got no working database so I need a fast solution as well as a long
term one. We are planning to switch to a Microsoft AD but that isn't
even planned out yet.
testparm
Load smb config files from /etc/samba/smb.conf
lpcfg_do_global_parameter: WARNING: The "domain logons" option is deprecated
Loaded services file OK.
Weak crypto is allowed
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
# Global parameters
[global]
add machine script = sudo /usr/sbin/useradd -g machines -c "%u
machine account" -d /var/lib/samba -s /bin/false %u
add user script = /usr/sbin/adduser --quiet --disabled-password
--gecos "" %u
dns proxy = No
domain logons = Yes
domain master = Yes
load printers = No
log file = /var/log/samba/log.%m
logon drive = H:
logon home =
logon path =
logon script = logon.bat
map to guest = Bad User
max log size = 1000
name resolve order = wins lmhosts host bcast
ntlm auth = ntlmv1-permitted
obey pam restrictions = Yes
pam password change = Yes
panic action = /usr/share/samba/panic-action %d
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
passwd program = /usr/bin/passwd %u
preferred master = Yes
security = USER
server max protocol = NT1
server role = classic primary domain controller
server string = APP Samba %v %h
template homedir = /home/%U
template shell = /bin/bash
unix password sync = Yes
username map = /usr/local/samba/etc/username.map
wins support = Yes
workgroup = LINGROUP
idmap config lingroup : range = 10000-999999
idmap config lingroup : backend = rid
idmap config * : range = 3000-7999
idmap config * : backend = tdb
admin users = sysadmin
hosts allow = 127.0.0.1 192.168.1. 192.168.0.0/26
hosts deny = 0.0.0.0/0
use client driver = Yes
veto oplock files =
/*.TV/*.FAM/*.dat/*.DAT/*.db/*.DB/*.X??/*.x??/*.Y??/*.y??/*.MB/*.mb/*.VAL/*.val/*.PX/*.px/*.mdb/*.MDB/*.lck/*.LCK/
[homes]
browseable = No
comment = Home Directories
create mask = 0700
directory mask = 0700
read only = No
valid users = %S
vfs objects = recycle
recycle:exclude = *.tmp, *~, *.bak
recycle:keeptree = yes
recycle:repository = Recycle_Bin
[netlogon]
comment = Network Logon Service
guest ok = Yes
path = /srv/samba/netlogon ; path = /home/samba/netlogon
[printers]
browseable = No
comment = All Printers
create mask = 0700
guest ok = Yes
path = /var/spool/samba
printable = Yes
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
write list = root @lpadmin
[PDFprinter]
comment = Cups Virtual PDF Printer
guest ok = Yes
lpq command =
path = /var/spool/samba
printable = Yes
[DATA]
comment = APP Files
force group = sambashare
force user = nobody
inherit acls = Yes
path = /mnt/APPDATA
read only = No
write list = @sambashare
--
Mark B
More information about the samba
mailing list