[Samba] SMB1 Domain stopped working after updates quick solution needed
Rowland Penny
rpenny at samba.org
Mon Jun 12 19:37:38 UTC 2023
On 12/06/2023 20:06, Mark Bannister via samba wrote:
> Simple small domain network running on a VM instance.
>
> Windows 10 browsing and shares not working. I MUST have SMB1 working in
> order for a legacy database (Corel Paradox with Borland BDE) to work. We
> are migrating away from this but it won't happen today. Error message
> from clients log "./../source3/smbd/server_exit.c:239(exit_server_common)
> Server exit (no protocol supported"
>
> History:
>
> Just updated from Ubuntu 18 up to 22.04.2 using stand Ubuntu repositories.
>
> Everything seemed to be working but then I couldn't join a new
> workstation to the domain (been a long time since that was an issue).
> Read a few posts about Windows 22H2 causing isusses so I updated Samba
> via add-apt-repository ppa:linux-schools/samba-latest
>
> Did not fix the issue.
>
> If I set server max protocol = NT1 to "server Min protocol" browsing
> and shares work but I get locking errors on the database lock files and
> it freezes the database (note veto op locks parameter in smb.conf).
>
> I reverted back to Version 4.15.13-Ubuntu but the same behavior.
>
> This was a working installation so SMB1 is activated on all Win10
> workstations.
>
> I've got no working database so I need a fast solution as well as a long
> term one. We are planning to switch to a Microsoft AD but that isn't
> even planned out yet.
>
>
> testparm
> Load smb config files from /etc/samba/smb.conf
> lpcfg_do_global_parameter: WARNING: The "domain logons" option is
> deprecated
> Loaded services file OK.
> Weak crypto is allowed
>
> Server role: ROLE_DOMAIN_PDC
>
> Press enter to see a dump of your service definitions
>
> # Global parameters
> [global]
> add machine script = sudo /usr/sbin/useradd -g machines -c "%u
> machine account" -d /var/lib/samba -s /bin/false %u
> add user script = /usr/sbin/adduser --quiet --disabled-password
> --gecos "" %u
> dns proxy = No
> domain logons = Yes
> domain master = Yes
> load printers = No
> log file = /var/log/samba/log.%m
> logon drive = H:
> logon home =
> logon path =
> logon script = logon.bat
> map to guest = Bad User
> max log size = 1000
> name resolve order = wins lmhosts host bcast
> ntlm auth = ntlmv1-permitted
> obey pam restrictions = Yes
> pam password change = Yes
> panic action = /usr/share/samba/panic-action %d
> passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> passwd program = /usr/bin/passwd %u
> preferred master = Yes
> security = USER
> server max protocol = NT1
> server role = classic primary domain controller
> server string = APP Samba %v %h
> template homedir = /home/%U
> template shell = /bin/bash
> unix password sync = Yes
> username map = /usr/local/samba/etc/username.map
> wins support = Yes
> workgroup = LINGROUP
> idmap config lingroup : range = 10000-999999
> idmap config lingroup : backend = rid
> idmap config * : range = 3000-7999
> idmap config * : backend = tdb
> admin users = sysadmin
> hosts allow = 127.0.0.1 192.168.1. 192.168.0.0/26
> hosts deny = 0.0.0.0/0
> use client driver = Yes
> veto oplock files =
> /*.TV/*.FAM/*.dat/*.DAT/*.db/*.DB/*.X??/*.x??/*.Y??/*.y??/*.MB/*.mb/*.VAL/*.val/*.PX/*.px/*.mdb/*.MDB/*.lck/*.LCK/
>
>
> [homes]
> browseable = No
> comment = Home Directories
> create mask = 0700
> directory mask = 0700
> read only = No
> valid users = %S
> vfs objects = recycle
> recycle:exclude = *.tmp, *~, *.bak
> recycle:keeptree = yes
> recycle:repository = Recycle_Bin
>
>
> [netlogon]
> comment = Network Logon Service
> guest ok = Yes
> path = /srv/samba/netlogon ; path = /home/samba/netlogon
>
>
> [printers]
> browseable = No
> comment = All Printers
> create mask = 0700
> guest ok = Yes
> path = /var/spool/samba
> printable = Yes
>
>
> [print$]
> comment = Printer Drivers
> path = /var/lib/samba/printers
> write list = root @lpadmin
>
>
> [PDFprinter]
> comment = Cups Virtual PDF Printer
> guest ok = Yes
> lpq command =
> path = /var/spool/samba
> printable = Yes
>
>
> [DATA]
> comment = APP Files
> force group = sambashare
> force user = nobody
> inherit acls = Yes
> path = /mnt/APPDATA
> read only = No
> write list = @sambashare
>
>
> --
> Mark B
Ubuntu 18.04 used Samba 4.7.6 (if I remember correctly) and didn't
require winbind, but from Samba 4.8.0 you need to run winbind. I know
this usually requires 'security = domain' but you also have 'server role
= classic primary domain controller'. Do you have winbind installed and
running ?
You might also want to set 'client max protocol = NT1', Samba, by
default, move to SMBv2 from 4.11.0
Rowland
More information about the samba
mailing list