[Samba] [EXTERNAL]Re: SMB1 Domain stopped working after updates quick solution needed
Mark Bannister
mark at injection-moldings.com
Tue Jun 13 16:45:12 UTC 2023
New weird symptom. It looks like maybe multiple copies of smbd and nmdb
are running?? I think this because I stopped nmbd (sudo systemctl stop
nmbd) but the nmbd log kept generating entries (running tail -f) and I
saw entries in the nmbd log about already running.
So I stopped and disabled nmbd, smbd, winbind with systemctl and get
this message:
sudo systemctl disable smbd
smbd.service is not a native service, redirecting to systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable smbd
When I reboot smbd, nmbd, winbind are either running again or "active
(exited)".
So, not normal I assume and maybe a Ubuntu qusestion?
--
Mark B
On 6/13/2023 10:33 AM, Dale Schroeder via samba wrote:
>
>
> On 6/13/23 8:03 AM, Mark Bannister via samba wrote:
>>
>> On 6/12/2023 4:27 PM, Rowland Penny via samba wrote:
>>>
>>>
>>> On 12/06/2023 21:51, Mark Bannister via samba wrote:
>>>
>>>>>
>>>> Ok, so I need to search for info on a "NT4-sytle PDC"? Everything I
>>>> find is about AD. Do you think this error is the reason for
>>>> Winbind exiting "idmap backend rid not found" ?
>>>>
>>>> --
>>>
>>>
>>> Okay, after digging in some very old files, try this as the
>>> '[global]' part of your smb.conf
>>>
>>> [global]
>>> workgroup = LINGROUP
>>> server string = APP Samba %v %h
>>> wins support = Yes
>>> dns proxy = No
>>> log file = /var/log/samba/log.%m
>>> max log size = 1000
>>> panic action = /usr/share/samba/panic-action %d
>>> server role = classic primary domain controller
>>> obey pam restrictions = Yes
>>> unix password sync = Yes
>>> passwd program = /usr/bin/passwd %u
>>> passwd chat = *Enter\snew\s*\spassword:* %n\n
>>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>>> pam password change = Yes
>>> map to guest = Bad User
>>> domain logons = Yes
>>> logon drive = H:
>>> logon home =
>>> logon path =
>>> logon script = logon.bat
>>> add machine script = sudo /usr/sbin/useradd -g machines -c
>>> "%u machine account" -d /var/lib/samba -s /bin/false %u
>>> add user script = /usr/sbin/adduser --quiet
>>> --disabled-password --gecos "" %u
>>> domain master = Yes
>>> load printers = No
>>> name resolve order = wins lmhosts host bcast
>>> ntlm auth = ntlmv1-permitted
>>> preferred master = Yes
>>> server max protocol = NT1
>>> client max protocol = NT1
>>> template homedir = /home/%U
>>> template shell = /bin/bash
>>> admin users = sysadmin
>>> hosts allow = 127.0.0.1 192.168.1. 192.168.0.0/26
>>> hosts deny = 0.0.0.0/0
>>> use client driver = Yes
>>> veto oplock files =
>>> /*.TV/*.FAM/*.dat/*.DAT/*.db/*.DB/*.X??/*.x??/*.Y??/*.y??/*.MB/*.mb/*.VAL/*.val/*.PX/*.px/*.mdb/*.MDB/*.lck/*.LCK/
>>>
>>> Rowland
>>>
>>>
>>>
>> OK, I got winbind to run.
>>
>>
>> smbd messages:
>>
>> : Samba name server APPSERVER1 is now a local master browser for
>> workgroup LINGROUP on subnet 172.17.0.1
>> Jun 13 07:46:56 APPServer1 nmbd[2996]:
>> Jun 13 07:46:56 APPServer1 nmbd[2996]: *****
>> Jun 13 07:46:56 APPServer1 nmbd[2996]: [2023/06/13 07:46:56.141436,
>> 0] ../../source3/nmbd/nmbd_become_lmb.c:398(become_local_master_stage2)
>> Jun 13 07:46:56 APPServer1 nmbd[2996]: *****
>> Jun 13 07:46:56 APPServer1 nmbd[2996]:
>> Jun 13 07:46:56 APPServer1 nmbd[2996]: Samba name server APPSERVER1
>> is now a local master browser for workgroup LINGROUP on subnet
>> 192.168.1.1>
>> Jun 13 07:46:56 APPServer1 nmbd[2996]:
>> Jun 13 07:46:56 APPServer1 nmbd[2996]: *****
>>
>> nmbd messages:
>>
>> Jun 13 07:46:34 APPServer1 smbd[3006]: [2023/06/13 07:46:34.944377,
>> 0] ../../source3/smbd/server.c:1746(main)
>> Jun 13 07:46:34 APPServer1 smbd[3006]: smbd version 4.18.3 started.
>> Jun 13 07:46:34 APPServer1 smbd[3006]: Copyright Andrew Tridgell
>> and the Samba Team 1992-2023
>> Jun 13 07:46:34 APPServer1 smbd[3006]: [2023/06/13 07:46:34.945894,
>> 0] ../../source3/param/loadparm.c:4143(lp_load_ex)
>> *Jun 13 07:46:34 APPServer1 smbd[3006]: lp_load_ex: Max protocol
>> NT1 is less than min protocol SMB2_ *
>>
>>
>> winbind:
>>
>> Jun 13 07:46:32 APPServer1 winbind[2956]: * Starting the Winbind
>> daemon winbind
>> Jun 13 07:46:32 APPServer1 winbindd[2966]: [2023/06/13
>> 07:46:32.772850, 0] ../../source3/winbindd/winbindd.c:1441(main)
>> Jun 13 07:46:32 APPServer1 winbindd[2966]: winbindd version 4.18.3
>> started.
>> Jun 13 07:46:32 APPServer1 winbindd[2966]: Copyright Andrew
>> Tridgell and the Samba Team 1992-2023
>> Jun 13 07:46:32 APPServer1 winbindd[2966]: [2023/06/13
>> 07:46:32.774251, 0] ../../source3/param/loadparm.c:4143(lp_load_ex)
>> *Jun 13 07:46:32 APPServer1 winbindd[2966]: lp_load_ex: Max
>> protocol NT1 is less than min protocol SMB2_02.*
>> Jun 13 07:46:32 APPServer1 winbindd[2968]: [2023/06/13
>> 07:46:32.780494, 0]
>> ../../source3/winbindd/winbindd_cache.c:3116(initialize_winbindd_cac>
>> Jun 13 07:46:32 APPServer1 winbindd[2968]: initialize_winbindd_cache:
>> clearing cache and re-creating with version number 2
>> Jun 13 07:46:32 APPServer1 winbind[2956]: ...done.
>> Jun 13 07:46:32 APPServer1 systemd[1]: Started LSB: start Winbind
>> daemon.
> You have a couple of instance of this message in the logs:
>
> *Max protocol NT1 is less than min protocol SMB2_*
>
> So, you should also set the min protocol(s) to NT1.
>
> Dale
>>
>> Current global config:
>>
>> add machine script = sudo /usr/sbin/useradd -g machines -c "%u
>> machine account" -d /var/lib/samba -s /bin/false %u
>> add user script = /usr/sbin/adduser --quiet
>> --disabled-password --gecos "" %u
>> client max protocol = NT1
>> dns proxy = No
>> domain logons = Yes
>> domain master = Yes
>> load printers = No
>> log file = /var/log/samba/log.%m
>> logon drive = H:
>> logon home =
>> logon path =
>> logon script = logon.bat
>> map to guest = Bad User
>> max log size = 1000
>> name resolve order = wins lmhosts host bcast
>> ntlm auth = ntlmv1-permitted
>> obey pam restrictions = Yes
>> pam password change = Yes
>> panic action = /usr/share/samba/panic-action %d
>> passwd chat = *Enter\snew\s*\spassword:* %n\n
>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>> passwd program = /usr/bin/passwd %u
>> preferred master = Yes
>> server max protocol = NT1
>> server role = classic primary domain controller
>> server string = APP Samba %v %h
>> template homedir = /home/%U
>> template shell = /bin/bash
>> unix password sync = Yes
>> username map = /usr/local/samba/etc/username.map
>> wins support = Yes
>> workgroup = LINGROUP
>> idmap config lingroup : range = 10000-999999
>> idmap config lingroup : backend = rid
>> idmap config * : range = 3000-7999
>> idmap config * : backend = tdb
>> admin users = sysadmin
>> hosts allow = 127.0.0.1 192.168.1. 192.168.0.0/26
>> hosts deny = 0.0.0.0/0
>> use client driver = Yes
>> veto oplock files =
>> /*.TV/*.FAM/*.dat/*.DAT/*.db/*.DB/*.X??/*.x??/*.Y??/*.y??/*.MB/*.mb/*.VAL/*.val/*.PX/*.px/*.mdb/*.MDB/*.lck/*.LCK/
>>
>> I had to add back some things to get smbd to run. Windows computers
>> can't see the Samba network (two other Ubuntu servers are running
>> samba and windows does not see any of them). Samba has no log files
>> for the Win10 IP's or names.
>>
>> TLDR: winbind is running now, but nothing else has changed.
>>
>>
>> --
>> Mark B
More information about the samba
mailing list