[Samba] [EXTERNAL]Re: SMB1 Domain stopped working after updates quick solution needed
Mark Bannister
mark at injection-moldings.com
Tue Jun 13 13:03:45 UTC 2023
On 6/12/2023 4:27 PM, Rowland Penny via samba wrote:
>
>
> On 12/06/2023 21:51, Mark Bannister via samba wrote:
>
>>>
>> Ok, so I need to search for info on a "NT4-sytle PDC"? Everything I
>> find is about AD. Do you think this error is the reason for Winbind
>> exiting "idmap backend rid not found" ?
>>
>> --
>
>
> Okay, after digging in some very old files, try this as the '[global]'
> part of your smb.conf
>
> [global]
> workgroup = LINGROUP
> server string = APP Samba %v %h
> wins support = Yes
> dns proxy = No
> log file = /var/log/samba/log.%m
> max log size = 1000
> panic action = /usr/share/samba/panic-action %d
> server role = classic primary domain controller
> obey pam restrictions = Yes
> unix password sync = Yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> pam password change = Yes
> map to guest = Bad User
> domain logons = Yes
> logon drive = H:
> logon home =
> logon path =
> logon script = logon.bat
> add machine script = sudo /usr/sbin/useradd -g machines -c "%u
> machine account" -d /var/lib/samba -s /bin/false %u
> add user script = /usr/sbin/adduser --quiet
> --disabled-password --gecos "" %u
> domain master = Yes
> load printers = No
> name resolve order = wins lmhosts host bcast
> ntlm auth = ntlmv1-permitted
> preferred master = Yes
> server max protocol = NT1
> client max protocol = NT1
> template homedir = /home/%U
> template shell = /bin/bash
> admin users = sysadmin
> hosts allow = 127.0.0.1 192.168.1. 192.168.0.0/26
> hosts deny = 0.0.0.0/0
> use client driver = Yes
> veto oplock files =
> /*.TV/*.FAM/*.dat/*.DAT/*.db/*.DB/*.X??/*.x??/*.Y??/*.y??/*.MB/*.mb/*.VAL/*.val/*.PX/*.px/*.mdb/*.MDB/*.lck/*.LCK/
>
> Rowland
>
>
>
OK, I got winbind to run.
smbd messages:
: Samba name server APPSERVER1 is now a local master browser for
workgroup LINGROUP on subnet 172.17.0.1
Jun 13 07:46:56 APPServer1 nmbd[2996]:
Jun 13 07:46:56 APPServer1 nmbd[2996]: *****
Jun 13 07:46:56 APPServer1 nmbd[2996]: [2023/06/13 07:46:56.141436, 0]
../../source3/nmbd/nmbd_become_lmb.c:398(become_local_master_stage2)
Jun 13 07:46:56 APPServer1 nmbd[2996]: *****
Jun 13 07:46:56 APPServer1 nmbd[2996]:
Jun 13 07:46:56 APPServer1 nmbd[2996]: Samba name server APPSERVER1 is
now a local master browser for workgroup LINGROUP on subnet 192.168.1.1>
Jun 13 07:46:56 APPServer1 nmbd[2996]:
Jun 13 07:46:56 APPServer1 nmbd[2996]: *****
nmbd messages:
Jun 13 07:46:34 APPServer1 smbd[3006]: [2023/06/13 07:46:34.944377, 0]
../../source3/smbd/server.c:1746(main)
Jun 13 07:46:34 APPServer1 smbd[3006]: smbd version 4.18.3 started.
Jun 13 07:46:34 APPServer1 smbd[3006]: Copyright Andrew Tridgell and
the Samba Team 1992-2023
Jun 13 07:46:34 APPServer1 smbd[3006]: [2023/06/13 07:46:34.945894, 0]
../../source3/param/loadparm.c:4143(lp_load_ex)
Jun 13 07:46:34 APPServer1 smbd[3006]: lp_load_ex: Max protocol NT1 is
less than min protocol SMB2_
winbind:
Jun 13 07:46:32 APPServer1 winbind[2956]: * Starting the Winbind daemon
winbind
Jun 13 07:46:32 APPServer1 winbindd[2966]: [2023/06/13 07:46:32.772850,
0] ../../source3/winbindd/winbindd.c:1441(main)
Jun 13 07:46:32 APPServer1 winbindd[2966]: winbindd version 4.18.3
started.
Jun 13 07:46:32 APPServer1 winbindd[2966]: Copyright Andrew Tridgell
and the Samba Team 1992-2023
Jun 13 07:46:32 APPServer1 winbindd[2966]: [2023/06/13 07:46:32.774251,
0] ../../source3/param/loadparm.c:4143(lp_load_ex)
Jun 13 07:46:32 APPServer1 winbindd[2966]: lp_load_ex: Max protocol
NT1 is less than min protocol SMB2_02.
Jun 13 07:46:32 APPServer1 winbindd[2968]: [2023/06/13 07:46:32.780494,
0] ../../source3/winbindd/winbindd_cache.c:3116(initialize_winbindd_cac>
Jun 13 07:46:32 APPServer1 winbindd[2968]: initialize_winbindd_cache:
clearing cache and re-creating with version number 2
Jun 13 07:46:32 APPServer1 winbind[2956]: ...done.
Jun 13 07:46:32 APPServer1 systemd[1]: Started LSB: start Winbind daemon.
Current global config:
add machine script = sudo /usr/sbin/useradd -g machines -c "%u machine
account" -d /var/lib/samba -s /bin/false %u
add user script = /usr/sbin/adduser --quiet --disabled-password
--gecos "" %u
client max protocol = NT1
dns proxy = No
domain logons = Yes
domain master = Yes
load printers = No
log file = /var/log/samba/log.%m
logon drive = H:
logon home =
logon path =
logon script = logon.bat
map to guest = Bad User
max log size = 1000
name resolve order = wins lmhosts host bcast
ntlm auth = ntlmv1-permitted
obey pam restrictions = Yes
pam password change = Yes
panic action = /usr/share/samba/panic-action %d
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
passwd program = /usr/bin/passwd %u
preferred master = Yes
server max protocol = NT1
server role = classic primary domain controller
server string = APP Samba %v %h
template homedir = /home/%U
template shell = /bin/bash
unix password sync = Yes
username map = /usr/local/samba/etc/username.map
wins support = Yes
workgroup = LINGROUP
idmap config lingroup : range = 10000-999999
idmap config lingroup : backend = rid
idmap config * : range = 3000-7999
idmap config * : backend = tdb
admin users = sysadmin
hosts allow = 127.0.0.1 192.168.1. 192.168.0.0/26
hosts deny = 0.0.0.0/0
use client driver = Yes
veto oplock files =
/*.TV/*.FAM/*.dat/*.DAT/*.db/*.DB/*.X??/*.x??/*.Y??/*.y??/*.MB/*.mb/*.VAL/*.val/*.PX/*.px/*.mdb/*.MDB/*.lck/*.LCK/
I had to add back some things to get smbd to run. Windows computers
can't see the Samba network (two other Ubuntu servers are running samba
and windows does not see any of them). Samba has no log files for the
Win10 IP's or names.
TLDR: winbind is running now, but nothing else has changed.
--
Mark B
More information about the samba
mailing list