[Samba] [EXTERNAL]Re: SMB1 Domain stopped working after updates quick solution needed

Mark Bannister mark at injection-moldings.com
Tue Jun 13 16:45:12 UTC 2023 

New weird symptom.  It looks like maybe multiple copies of smbd and nmdb 
are running??  I think this because I stopped nmbd (sudo systemctl stop 
nmbd) but the nmbd log kept generating entries (running tail -f) and I 
saw entries in the nmbd log about already running.

So I stopped and disabled nmbd, smbd, winbind with systemctl and get 
this message:

sudo systemctl disable smbd
smbd.service is not a native service, redirecting to systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable smbd

When I reboot smbd, nmbd, winbind are either running again  or "active 
(exited)".

So, not normal I assume and maybe a Ubuntu qusestion?

--

Mark B

On 6/13/2023 10:33 AM, Dale Schroeder via samba wrote:
>
>
> On 6/13/23 8:03 AM, Mark Bannister via samba wrote:
>>
>> On 6/12/2023 4:27 PM, Rowland Penny via samba wrote:
>>>
>>>
>>> On 12/06/2023 21:51, Mark Bannister via samba wrote:
>>>
>>>>>
>>>> Ok, so I need to search for info on a "NT4-sytle PDC"? Everything I 
>>>> find is about AD.  Do you think this error is the reason for 
>>>> Winbind exiting "idmap backend rid not found"  ?
>>>>
>>>> -- 
>>>
>>>
>>> Okay, after digging in some very old files, try this as the 
>>> '[global]' part of your smb.conf
>>>
>>> [global]
>>>         workgroup = LINGROUP
>>>         server string = APP Samba %v %h
>>>         wins support = Yes
>>>         dns proxy = No
>>>         log file = /var/log/samba/log.%m
>>>         max log size = 1000
>>>         panic action = /usr/share/samba/panic-action %d
>>>         server role = classic primary domain controller
>>>         obey pam restrictions = Yes
>>>         unix password sync = Yes
>>>         passwd program = /usr/bin/passwd %u
>>>         passwd chat = *Enter\snew\s*\spassword:* %n\n 
>>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>>>         pam password change = Yes
>>>         map to guest = Bad User
>>>         domain logons = Yes
>>>         logon drive = H:
>>>         logon home =
>>>         logon path =
>>>         logon script = logon.bat
>>>         add machine script = sudo /usr/sbin/useradd -g machines -c 
>>> "%u machine account" -d /var/lib/samba -s /bin/false %u
>>>         add user script = /usr/sbin/adduser --quiet 
>>> --disabled-password --gecos "" %u
>>>         domain master = Yes
>>>         load printers = No
>>>         name resolve order = wins lmhosts host bcast
>>>         ntlm auth = ntlmv1-permitted
>>>         preferred master = Yes
>>>         server max protocol = NT1
>>>         client max protocol = NT1
>>>         template homedir = /home/%U
>>>         template shell = /bin/bash
>>>         admin users = sysadmin
>>>         hosts allow = 127.0.0.1 192.168.1. 192.168.0.0/26
>>>         hosts deny = 0.0.0.0/0
>>>         use client driver = Yes
>>>         veto oplock files = 
>>> /*.TV/*.FAM/*.dat/*.DAT/*.db/*.DB/*.X??/*.x??/*.Y??/*.y??/*.MB/*.mb/*.VAL/*.val/*.PX/*.px/*.mdb/*.MDB/*.lck/*.LCK/
>>>
>>> Rowland
>>>
>>>
>>>
>> OK, I got winbind to run.
>>
>>
>> smbd messages:
>>
>> :   Samba name server APPSERVER1 is now a local master browser for 
>> workgroup LINGROUP on subnet 172.17.0.1
>> Jun 13 07:46:56 APPServer1 nmbd[2996]:
>> Jun 13 07:46:56 APPServer1 nmbd[2996]:   *****
>> Jun 13 07:46:56 APPServer1 nmbd[2996]: [2023/06/13 07:46:56.141436,  
>> 0] ../../source3/nmbd/nmbd_become_lmb.c:398(become_local_master_stage2)
>> Jun 13 07:46:56 APPServer1 nmbd[2996]:   *****
>> Jun 13 07:46:56 APPServer1 nmbd[2996]:
>> Jun 13 07:46:56 APPServer1 nmbd[2996]:   Samba name server APPSERVER1 
>> is now a local master browser for workgroup LINGROUP on subnet 
>> 192.168.1.1>
>> Jun 13 07:46:56 APPServer1 nmbd[2996]:
>> Jun 13 07:46:56 APPServer1 nmbd[2996]:   *****
>>
>> nmbd messages:
>>
>> Jun 13 07:46:34 APPServer1 smbd[3006]: [2023/06/13 07:46:34.944377,  
>> 0] ../../source3/smbd/server.c:1746(main)
>> Jun 13 07:46:34 APPServer1 smbd[3006]:   smbd version 4.18.3 started.
>> Jun 13 07:46:34 APPServer1 smbd[3006]:   Copyright Andrew Tridgell 
>> and the Samba Team 1992-2023
>> Jun 13 07:46:34 APPServer1 smbd[3006]: [2023/06/13 07:46:34.945894,  
>> 0] ../../source3/param/loadparm.c:4143(lp_load_ex)
>> *Jun 13 07:46:34 APPServer1 smbd[3006]:   lp_load_ex: Max protocol 
>> NT1 is less than min protocol SMB2_ *
>>
>>
>> winbind:
>>
>> Jun 13 07:46:32 APPServer1 winbind[2956]:  * Starting the Winbind 
>> daemon winbind
>> Jun 13 07:46:32 APPServer1 winbindd[2966]: [2023/06/13 
>> 07:46:32.772850,  0] ../../source3/winbindd/winbindd.c:1441(main)
>> Jun 13 07:46:32 APPServer1 winbindd[2966]:   winbindd version 4.18.3 
>> started.
>> Jun 13 07:46:32 APPServer1 winbindd[2966]:   Copyright Andrew 
>> Tridgell and the Samba Team 1992-2023
>> Jun 13 07:46:32 APPServer1 winbindd[2966]: [2023/06/13 
>> 07:46:32.774251,  0] ../../source3/param/loadparm.c:4143(lp_load_ex)
>> *Jun 13 07:46:32 APPServer1 winbindd[2966]:   lp_load_ex: Max 
>> protocol NT1 is less than min protocol SMB2_02.*
>> Jun 13 07:46:32 APPServer1 winbindd[2968]: [2023/06/13 
>> 07:46:32.780494,  0] 
>> ../../source3/winbindd/winbindd_cache.c:3116(initialize_winbindd_cac>
>> Jun 13 07:46:32 APPServer1 winbindd[2968]: initialize_winbindd_cache: 
>> clearing cache and re-creating with version number 2
>> Jun 13 07:46:32 APPServer1 winbind[2956]:    ...done.
>> Jun 13 07:46:32 APPServer1 systemd[1]: Started LSB: start Winbind 
>> daemon.
> You have a couple of instance of this message in the logs:
>
> *Max protocol NT1 is less than min protocol SMB2_*
>
> So, you should also set the min protocol(s) to NT1.
>
> Dale
>>
>> Current global config:
>>
>>  add machine script = sudo /usr/sbin/useradd -g machines -c "%u 
>> machine account" -d /var/lib/samba -s /bin/false %u
>>         add user script = /usr/sbin/adduser --quiet 
>> --disabled-password --gecos "" %u
>>         client max protocol = NT1
>>         dns proxy = No
>>         domain logons = Yes
>>         domain master = Yes
>>         load printers = No
>>         log file = /var/log/samba/log.%m
>>         logon drive = H:
>>         logon home =
>>         logon path =
>>         logon script = logon.bat
>>         map to guest = Bad User
>>         max log size = 1000
>>         name resolve order = wins lmhosts host bcast
>>         ntlm auth = ntlmv1-permitted
>>         obey pam restrictions = Yes
>>         pam password change = Yes
>>         panic action = /usr/share/samba/panic-action %d
>>         passwd chat = *Enter\snew\s*\spassword:* %n\n 
>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>>         passwd program = /usr/bin/passwd %u
>>         preferred master = Yes
>>         server max protocol = NT1
>>         server role = classic primary domain controller
>>         server string = APP Samba %v %h
>>         template homedir = /home/%U
>>         template shell = /bin/bash
>>         unix password sync = Yes
>>         username map = /usr/local/samba/etc/username.map
>>         wins support = Yes
>>         workgroup = LINGROUP
>>         idmap config lingroup : range = 10000-999999
>>         idmap config lingroup : backend = rid
>>         idmap config * : range = 3000-7999
>>         idmap config * : backend = tdb
>>         admin users = sysadmin
>>         hosts allow = 127.0.0.1 192.168.1. 192.168.0.0/26
>>         hosts deny = 0.0.0.0/0
>>         use client driver = Yes
>>         veto oplock files = 
>> /*.TV/*.FAM/*.dat/*.DAT/*.db/*.DB/*.X??/*.x??/*.Y??/*.y??/*.MB/*.mb/*.VAL/*.val/*.PX/*.px/*.mdb/*.MDB/*.lck/*.LCK/
>>
>> I had to add back some things to get smbd to run.  Windows computers 
>> can't see the Samba network (two other Ubuntu servers are running 
>> samba and windows does not see any of them).  Samba has no log files 
>> for the Win10 IP's or names.
>>
>> TLDR: winbind is running now, but nothing else has changed.
>>
>>
>> -- 
>> Mark B

More information about the samba mailing list