[Samba] [EXTERNAL]Re: SMB1 Domain stopped working after updates quick solution needed
Dale Schroeder
samba at txschroeder.family
Tue Jun 13 15:33:25 UTC 2023
On 6/13/23 8:03 AM, Mark Bannister via samba wrote:
>
> On 6/12/2023 4:27 PM, Rowland Penny via samba wrote:
>>
>>
>> On 12/06/2023 21:51, Mark Bannister via samba wrote:
>>
>>>>
>>> Ok, so I need to search for info on a "NT4-sytle PDC"? Everything I
>>> find is about AD. Do you think this error is the reason for Winbind
>>> exiting "idmap backend rid not found" ?
>>>
>>> --
>>
>>
>> Okay, after digging in some very old files, try this as the
>> '[global]' part of your smb.conf
>>
>> [global]
>> workgroup = LINGROUP
>> server string = APP Samba %v %h
>> wins support = Yes
>> dns proxy = No
>> log file = /var/log/samba/log.%m
>> max log size = 1000
>> panic action = /usr/share/samba/panic-action %d
>> server role = classic primary domain controller
>> obey pam restrictions = Yes
>> unix password sync = Yes
>> passwd program = /usr/bin/passwd %u
>> passwd chat = *Enter\snew\s*\spassword:* %n\n
>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>> pam password change = Yes
>> map to guest = Bad User
>> domain logons = Yes
>> logon drive = H:
>> logon home =
>> logon path =
>> logon script = logon.bat
>> add machine script = sudo /usr/sbin/useradd -g machines -c
>> "%u machine account" -d /var/lib/samba -s /bin/false %u
>> add user script = /usr/sbin/adduser --quiet
>> --disabled-password --gecos "" %u
>> domain master = Yes
>> load printers = No
>> name resolve order = wins lmhosts host bcast
>> ntlm auth = ntlmv1-permitted
>> preferred master = Yes
>> server max protocol = NT1
>> client max protocol = NT1
>> template homedir = /home/%U
>> template shell = /bin/bash
>> admin users = sysadmin
>> hosts allow = 127.0.0.1 192.168.1. 192.168.0.0/26
>> hosts deny = 0.0.0.0/0
>> use client driver = Yes
>> veto oplock files =
>> /*.TV/*.FAM/*.dat/*.DAT/*.db/*.DB/*.X??/*.x??/*.Y??/*.y??/*.MB/*.mb/*.VAL/*.val/*.PX/*.px/*.mdb/*.MDB/*.lck/*.LCK/
>>
>> Rowland
>>
>>
>>
> OK, I got winbind to run.
>
>
> smbd messages:
>
> : Samba name server APPSERVER1 is now a local master browser for
> workgroup LINGROUP on subnet 172.17.0.1
> Jun 13 07:46:56 APPServer1 nmbd[2996]:
> Jun 13 07:46:56 APPServer1 nmbd[2996]: *****
> Jun 13 07:46:56 APPServer1 nmbd[2996]: [2023/06/13 07:46:56.141436,
> 0] ../../source3/nmbd/nmbd_become_lmb.c:398(become_local_master_stage2)
> Jun 13 07:46:56 APPServer1 nmbd[2996]: *****
> Jun 13 07:46:56 APPServer1 nmbd[2996]:
> Jun 13 07:46:56 APPServer1 nmbd[2996]: Samba name server APPSERVER1
> is now a local master browser for workgroup LINGROUP on subnet
> 192.168.1.1>
> Jun 13 07:46:56 APPServer1 nmbd[2996]:
> Jun 13 07:46:56 APPServer1 nmbd[2996]: *****
>
> nmbd messages:
>
> Jun 13 07:46:34 APPServer1 smbd[3006]: [2023/06/13 07:46:34.944377,
> 0] ../../source3/smbd/server.c:1746(main)
> Jun 13 07:46:34 APPServer1 smbd[3006]: smbd version 4.18.3 started.
> Jun 13 07:46:34 APPServer1 smbd[3006]: Copyright Andrew Tridgell and
> the Samba Team 1992-2023
> Jun 13 07:46:34 APPServer1 smbd[3006]: [2023/06/13 07:46:34.945894,
> 0] ../../source3/param/loadparm.c:4143(lp_load_ex)
> *Jun 13 07:46:34 APPServer1 smbd[3006]: lp_load_ex: Max protocol NT1
> is less than min protocol SMB2_ *
>
>
> winbind:
>
> Jun 13 07:46:32 APPServer1 winbind[2956]: * Starting the Winbind
> daemon winbind
> Jun 13 07:46:32 APPServer1 winbindd[2966]: [2023/06/13
> 07:46:32.772850, 0] ../../source3/winbindd/winbindd.c:1441(main)
> Jun 13 07:46:32 APPServer1 winbindd[2966]: winbindd version 4.18.3
> started.
> Jun 13 07:46:32 APPServer1 winbindd[2966]: Copyright Andrew Tridgell
> and the Samba Team 1992-2023
> Jun 13 07:46:32 APPServer1 winbindd[2966]: [2023/06/13
> 07:46:32.774251, 0] ../../source3/param/loadparm.c:4143(lp_load_ex)
> *Jun 13 07:46:32 APPServer1 winbindd[2966]: lp_load_ex: Max protocol
> NT1 is less than min protocol SMB2_02.*
> Jun 13 07:46:32 APPServer1 winbindd[2968]: [2023/06/13
> 07:46:32.780494, 0]
> ../../source3/winbindd/winbindd_cache.c:3116(initialize_winbindd_cac>
> Jun 13 07:46:32 APPServer1 winbindd[2968]: initialize_winbindd_cache:
> clearing cache and re-creating with version number 2
> Jun 13 07:46:32 APPServer1 winbind[2956]: ...done.
> Jun 13 07:46:32 APPServer1 systemd[1]: Started LSB: start Winbind daemon.
You have a couple of instance of this message in the logs:
*Max protocol NT1 is less than min protocol SMB2_*
So, you should also set the min protocol(s) to NT1.
Dale
>
> Current global config:
>
> add machine script = sudo /usr/sbin/useradd -g machines -c "%u
> machine account" -d /var/lib/samba -s /bin/false %u
> add user script = /usr/sbin/adduser --quiet
> --disabled-password --gecos "" %u
> client max protocol = NT1
> dns proxy = No
> domain logons = Yes
> domain master = Yes
> load printers = No
> log file = /var/log/samba/log.%m
> logon drive = H:
> logon home =
> logon path =
> logon script = logon.bat
> map to guest = Bad User
> max log size = 1000
> name resolve order = wins lmhosts host bcast
> ntlm auth = ntlmv1-permitted
> obey pam restrictions = Yes
> pam password change = Yes
> panic action = /usr/share/samba/panic-action %d
> passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> passwd program = /usr/bin/passwd %u
> preferred master = Yes
> server max protocol = NT1
> server role = classic primary domain controller
> server string = APP Samba %v %h
> template homedir = /home/%U
> template shell = /bin/bash
> unix password sync = Yes
> username map = /usr/local/samba/etc/username.map
> wins support = Yes
> workgroup = LINGROUP
> idmap config lingroup : range = 10000-999999
> idmap config lingroup : backend = rid
> idmap config * : range = 3000-7999
> idmap config * : backend = tdb
> admin users = sysadmin
> hosts allow = 127.0.0.1 192.168.1. 192.168.0.0/26
> hosts deny = 0.0.0.0/0
> use client driver = Yes
> veto oplock files =
> /*.TV/*.FAM/*.dat/*.DAT/*.db/*.DB/*.X??/*.x??/*.Y??/*.y??/*.MB/*.mb/*.VAL/*.val/*.PX/*.px/*.mdb/*.MDB/*.lck/*.LCK/
>
> I had to add back some things to get smbd to run. Windows computers
> can't see the Samba network (two other Ubuntu servers are running
> samba and windows does not see any of them). Samba has no log files
> for the Win10 IP's or names.
>
> TLDR: winbind is running now, but nothing else has changed.
>
>
> --
> Mark B
More information about the samba
mailing list