[Samba] [EXTERNAL]Re: SMB1 Domain stopped working after updates quick solution needed

Dale Schroeder samba at txschroeder.family
Tue Jun 13 15:33:25 UTC 2023 


On 6/13/23 8:03 AM, Mark Bannister via samba wrote:
>
> On 6/12/2023 4:27 PM, Rowland Penny via samba wrote:
>>
>>
>> On 12/06/2023 21:51, Mark Bannister via samba wrote:
>>
>>>>
>>> Ok, so I need to search for info on a "NT4-sytle PDC"? Everything I 
>>> find is about AD.  Do you think this error is the reason for Winbind 
>>> exiting "idmap backend rid not found"  ?
>>>
>>> -- 
>>
>>
>> Okay, after digging in some very old files, try this as the 
>> '[global]' part of your smb.conf
>>
>> [global]
>>         workgroup = LINGROUP
>>         server string = APP Samba %v %h
>>         wins support = Yes
>>         dns proxy = No
>>         log file = /var/log/samba/log.%m
>>         max log size = 1000
>>         panic action = /usr/share/samba/panic-action %d
>>         server role = classic primary domain controller
>>         obey pam restrictions = Yes
>>         unix password sync = Yes
>>         passwd program = /usr/bin/passwd %u
>>         passwd chat = *Enter\snew\s*\spassword:* %n\n 
>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>>         pam password change = Yes
>>         map to guest = Bad User
>>         domain logons = Yes
>>         logon drive = H:
>>         logon home =
>>         logon path =
>>         logon script = logon.bat
>>         add machine script = sudo /usr/sbin/useradd -g machines -c 
>> "%u machine account" -d /var/lib/samba -s /bin/false %u
>>         add user script = /usr/sbin/adduser --quiet 
>> --disabled-password --gecos "" %u
>>         domain master = Yes
>>         load printers = No
>>         name resolve order = wins lmhosts host bcast
>>         ntlm auth = ntlmv1-permitted
>>         preferred master = Yes
>>         server max protocol = NT1
>>         client max protocol = NT1
>>         template homedir = /home/%U
>>         template shell = /bin/bash
>>         admin users = sysadmin
>>         hosts allow = 127.0.0.1 192.168.1. 192.168.0.0/26
>>         hosts deny = 0.0.0.0/0
>>         use client driver = Yes
>>         veto oplock files = 
>> /*.TV/*.FAM/*.dat/*.DAT/*.db/*.DB/*.X??/*.x??/*.Y??/*.y??/*.MB/*.mb/*.VAL/*.val/*.PX/*.px/*.mdb/*.MDB/*.lck/*.LCK/
>>
>> Rowland
>>
>>
>>
> OK, I got winbind to run.
>
>
> smbd messages:
>
> :   Samba name server APPSERVER1 is now a local master browser for 
> workgroup LINGROUP on subnet 172.17.0.1
> Jun 13 07:46:56 APPServer1 nmbd[2996]:
> Jun 13 07:46:56 APPServer1 nmbd[2996]:   *****
> Jun 13 07:46:56 APPServer1 nmbd[2996]: [2023/06/13 07:46:56.141436,  
> 0] ../../source3/nmbd/nmbd_become_lmb.c:398(become_local_master_stage2)
> Jun 13 07:46:56 APPServer1 nmbd[2996]:   *****
> Jun 13 07:46:56 APPServer1 nmbd[2996]:
> Jun 13 07:46:56 APPServer1 nmbd[2996]:   Samba name server APPSERVER1 
> is now a local master browser for workgroup LINGROUP on subnet 
> 192.168.1.1>
> Jun 13 07:46:56 APPServer1 nmbd[2996]:
> Jun 13 07:46:56 APPServer1 nmbd[2996]:   *****
>
> nmbd messages:
>
> Jun 13 07:46:34 APPServer1 smbd[3006]: [2023/06/13 07:46:34.944377,  
> 0] ../../source3/smbd/server.c:1746(main)
> Jun 13 07:46:34 APPServer1 smbd[3006]:   smbd version 4.18.3 started.
> Jun 13 07:46:34 APPServer1 smbd[3006]:   Copyright Andrew Tridgell and 
> the Samba Team 1992-2023
> Jun 13 07:46:34 APPServer1 smbd[3006]: [2023/06/13 07:46:34.945894,  
> 0] ../../source3/param/loadparm.c:4143(lp_load_ex)
> *Jun 13 07:46:34 APPServer1 smbd[3006]:   lp_load_ex: Max protocol NT1 
> is less than min protocol SMB2_ *
>
>
> winbind:
>
> Jun 13 07:46:32 APPServer1 winbind[2956]:  * Starting the Winbind 
> daemon winbind
> Jun 13 07:46:32 APPServer1 winbindd[2966]: [2023/06/13 
> 07:46:32.772850,  0] ../../source3/winbindd/winbindd.c:1441(main)
> Jun 13 07:46:32 APPServer1 winbindd[2966]:   winbindd version 4.18.3 
> started.
> Jun 13 07:46:32 APPServer1 winbindd[2966]:   Copyright Andrew Tridgell 
> and the Samba Team 1992-2023
> Jun 13 07:46:32 APPServer1 winbindd[2966]: [2023/06/13 
> 07:46:32.774251,  0] ../../source3/param/loadparm.c:4143(lp_load_ex)
> *Jun 13 07:46:32 APPServer1 winbindd[2966]:   lp_load_ex: Max protocol 
> NT1 is less than min protocol SMB2_02.*
> Jun 13 07:46:32 APPServer1 winbindd[2968]: [2023/06/13 
> 07:46:32.780494,  0] 
> ../../source3/winbindd/winbindd_cache.c:3116(initialize_winbindd_cac>
> Jun 13 07:46:32 APPServer1 winbindd[2968]: initialize_winbindd_cache: 
> clearing cache and re-creating with version number 2
> Jun 13 07:46:32 APPServer1 winbind[2956]:    ...done.
> Jun 13 07:46:32 APPServer1 systemd[1]: Started LSB: start Winbind daemon.
You have a couple of instance of this message in the logs:

*Max protocol NT1 is less than min protocol SMB2_*

So, you should also set the min protocol(s) to NT1.

Dale
>
> Current global config:
>
>  add machine script = sudo /usr/sbin/useradd -g machines -c "%u 
> machine account" -d /var/lib/samba -s /bin/false %u
>         add user script = /usr/sbin/adduser --quiet 
> --disabled-password --gecos "" %u
>         client max protocol = NT1
>         dns proxy = No
>         domain logons = Yes
>         domain master = Yes
>         load printers = No
>         log file = /var/log/samba/log.%m
>         logon drive = H:
>         logon home =
>         logon path =
>         logon script = logon.bat
>         map to guest = Bad User
>         max log size = 1000
>         name resolve order = wins lmhosts host bcast
>         ntlm auth = ntlmv1-permitted
>         obey pam restrictions = Yes
>         pam password change = Yes
>         panic action = /usr/share/samba/panic-action %d
>         passwd chat = *Enter\snew\s*\spassword:* %n\n 
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>         passwd program = /usr/bin/passwd %u
>         preferred master = Yes
>         server max protocol = NT1
>         server role = classic primary domain controller
>         server string = APP Samba %v %h
>         template homedir = /home/%U
>         template shell = /bin/bash
>         unix password sync = Yes
>         username map = /usr/local/samba/etc/username.map
>         wins support = Yes
>         workgroup = LINGROUP
>         idmap config lingroup : range = 10000-999999
>         idmap config lingroup : backend = rid
>         idmap config * : range = 3000-7999
>         idmap config * : backend = tdb
>         admin users = sysadmin
>         hosts allow = 127.0.0.1 192.168.1. 192.168.0.0/26
>         hosts deny = 0.0.0.0/0
>         use client driver = Yes
>         veto oplock files = 
> /*.TV/*.FAM/*.dat/*.DAT/*.db/*.DB/*.X??/*.x??/*.Y??/*.y??/*.MB/*.mb/*.VAL/*.val/*.PX/*.px/*.mdb/*.MDB/*.lck/*.LCK/
>
> I had to add back some things to get smbd to run.  Windows computers 
> can't see the Samba network (two other Ubuntu servers are running 
> samba and windows does not see any of them).  Samba has no log files 
> for the Win10 IP's or names.
>
> TLDR: winbind is running now, but nothing else has changed.
>
>
> -- 
> Mark B

More information about the samba mailing list