[Samba] [EXTERNAL]Re: SMB1 Domain stopped working after updates quick solution needed
Mark Bannister
mark at injection-moldings.com
Tue Jun 13 18:54:19 UTC 2023
On 6/13/2023 10:33 AM, Dale Schroeder via samba wrote:
>
>
> On 6/13/23 8:03 AM, Mark Bannister via samba wrote:
>>
>> On 6/12/2023 4:27 PM, Rowland Penny via samba wrote:
>>>
>>>
>>> On 12/06/2023 21:51, Mark Bannister via samba wrote:
>>>
>>>>>
>>>> Ok, so I need to search for info on a "NT4-sytle PDC"? Everything I
>>>> find is about AD. Do you think this error is the reason for
>>>> Winbind exiting "idmap backend rid not found" ?
>>>>
>>>> --
>>>
>>>
>>> Okay, after digging in some very old files, try this as the
>>> '[global]' part of your smb.conf
>>>
>>> [global]
>>> workgroup = LINGROUP
>>> server string = APP Samba %v %h
>>> wins support = Yes
>>> dns proxy = No
>>> log file = /var/log/samba/log.%m
>>> max log size = 1000
>>> panic action = /usr/share/samba/panic-action %d
>>> server role = classic primary domain controller
>>> obey pam restrictions = Yes
>>> unix password sync = Yes
>>> passwd program = /usr/bin/passwd %u
>>> passwd chat = *Enter\snew\s*\spassword:* %n\n
>>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>>> pam password change = Yes
>>> map to guest = Bad User
>>> domain logons = Yes
>>> logon drive = H:
>>> logon home =
>>> logon path =
>>> logon script = logon.bat
>>> add machine script = sudo /usr/sbin/useradd -g machines -c
>>> "%u machine account" -d /var/lib/samba -s /bin/false %u
>>> add user script = /usr/sbin/adduser --quiet
>>> --disabled-password --gecos "" %u
>>> domain master = Yes
>>> load printers = No
>>> name resolve order = wins lmhosts host bcast
>>> ntlm auth = ntlmv1-permitted
>>> preferred master = Yes
>>> server max protocol = NT1
>>> client max protocol = NT1
>>> template homedir = /home/%U
>>> template shell = /bin/bash
>>> admin users = sysadmin
>>> hosts allow = 127.0.0.1 192.168.1. 192.168.0.0/26
>>> hosts deny = 0.0.0.0/0
>>> use client driver = Yes
>>> veto oplock files =
>>> /*.TV/*.FAM/*.dat/*.DAT/*.db/*.DB/*.X??/*.x??/*.Y??/*.y??/*.MB/*.mb/*.VAL/*.val/*.PX/*.px/*.mdb/*.MDB/*.lck/*.LCK/
>>>
>>> Rowland
>>>
>>>
>>>
>> OK, I got winbind to run.
>>
>>
>> smbd messages:
>>
>> : Samba name server APPSERVER1 is now a local master browser for
>> workgroup LINGROUP on subnet 172.17.0.1
>> Jun 13 07:46:56 APPServer1 nmbd[2996]:
>> Jun 13 07:46:56 APPServer1 nmbd[2996]: *****
>> Jun 13 07:46:56 APPServer1 nmbd[2996]: [2023/06/13 07:46:56.141436,
>> 0] ../../source3/nmbd/nmbd_become_lmb.c:398(become_local_master_stage2)
>> Jun 13 07:46:56 APPServer1 nmbd[2996]: *****
>> Jun 13 07:46:56 APPServer1 nmbd[2996]:
>> Jun 13 07:46:56 APPServer1 nmbd[2996]: Samba name server APPSERVER1
>> is now a local master browser for workgroup LINGROUP on subnet
>> 192.168.1.1>
>> Jun 13 07:46:56 APPServer1 nmbd[2996]:
>> Jun 13 07:46:56 APPServer1 nmbd[2996]: *****
>>
>> nmbd messages:
>>
>> Jun 13 07:46:34 APPServer1 smbd[3006]: [2023/06/13 07:46:34.944377,
>> 0] ../../source3/smbd/server.c:1746(main)
>> Jun 13 07:46:34 APPServer1 smbd[3006]: smbd version 4.18.3 started.
>> Jun 13 07:46:34 APPServer1 smbd[3006]: Copyright Andrew Tridgell
>> and the Samba Team 1992-2023
>> Jun 13 07:46:34 APPServer1 smbd[3006]: [2023/06/13 07:46:34.945894,
>> 0] ../../source3/param/loadparm.c:4143(lp_load_ex)
>> *Jun 13 07:46:34 APPServer1 smbd[3006]: lp_load_ex: Max protocol
>> NT1 is less than min protocol SMB2_ *
>>
>>
>> winbind:
>>
>> Jun 13 07:46:32 APPServer1 winbind[2956]: * Starting the Winbind
>> daemon winbind
>> Jun 13 07:46:32 APPServer1 winbindd[2966]: [2023/06/13
>> 07:46:32.772850, 0] ../../source3/winbindd/winbindd.c:1441(main)
>> Jun 13 07:46:32 APPServer1 winbindd[2966]: winbindd version 4.18.3
>> started.
>> Jun 13 07:46:32 APPServer1 winbindd[2966]: Copyright Andrew
>> Tridgell and the Samba Team 1992-2023
>> Jun 13 07:46:32 APPServer1 winbindd[2966]: [2023/06/13
>> 07:46:32.774251, 0] ../../source3/param/loadparm.c:4143(lp_load_ex)
>> *Jun 13 07:46:32 APPServer1 winbindd[2966]: lp_load_ex: Max
>> protocol NT1 is less than min protocol SMB2_02.*
>> Jun 13 07:46:32 APPServer1 winbindd[2968]: [2023/06/13
>> 07:46:32.780494, 0]
>> ../../source3/winbindd/winbindd_cache.c:3116(initialize_winbindd_cac>
>> Jun 13 07:46:32 APPServer1 winbindd[2968]: initialize_winbindd_cache:
>> clearing cache and re-creating with version number 2
>> Jun 13 07:46:32 APPServer1 winbind[2956]: ...done.
>> Jun 13 07:46:32 APPServer1 systemd[1]: Started LSB: start Winbind
>> daemon.
> You have a couple of instance of this message in the logs:
>
> *Max protocol NT1 is less than min protocol SMB2_*
>
> So, you should also set the min protocol(s) to NT1.
>
> Dale
>>
>> Current global config:
>>
>> add machine script = sudo /usr/sbin/useradd -g machines -c "%u
>> machine account" -d /var/lib/samba -s /bin/false %u
>> add user script = /usr/sbin/adduser --quiet
>> --disabled-password --gecos "" %u
>> client max protocol = NT1
>> dns proxy = No
>> domain logons = Yes
>> domain master = Yes
>> load printers = No
>> log file = /var/log/samba/log.%m
>> logon drive = H:
>> logon home =
>> logon path =
>> logon script = logon.bat
>> map to guest = Bad User
>> max log size = 1000
>> name resolve order = wins lmhosts host bcast
>> ntlm auth = ntlmv1-permitted
>> obey pam restrictions = Yes
>> pam password change = Yes
>> panic action = /usr/share/samba/panic-action %d
>> passwd chat = *Enter\snew\s*\spassword:* %n\n
>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>> passwd program = /usr/bin/passwd %u
>> preferred master = Yes
>> server max protocol = NT1
>> server role = classic primary domain controller
>> server string = APP Samba %v %h
>> template homedir = /home/%U
>> template shell = /bin/bash
>> unix password sync = Yes
>> username map = /usr/local/samba/etc/username.map
>> wins support = Yes
>> workgroup = LINGROUP
>> idmap config lingroup : range = 10000-999999
>> idmap config lingroup : backend = rid
>> idmap config * : range = 3000-7999
>> idmap config * : backend = tdb
>> admin users = sysadmin
>> hosts allow = 127.0.0.1 192.168.1. 192.168.0.0/26
>> hosts deny = 0.0.0.0/0
>> use client driver = Yes
>> veto oplock files =
>> /*.TV/*.FAM/*.dat/*.DAT/*.db/*.DB/*.X??/*.x??/*.Y??/*.y??/*.MB/*.mb/*.VAL/*.val/*.PX/*.px/*.mdb/*.MDB/*.lck/*.LCK/
>>
>> I had to add back some things to get smbd to run. Windows computers
>> can't see the Samba network (two other Ubuntu servers are running
>> samba and windows does not see any of them). Samba has no log files
>> for the Win10 IP's or names.
>>
>> TLDR: winbind is running now, but nothing else has changed.
>>
>>
>> --
>> Mark B
Still have issues with how Samba is starting, it starts even after
being disabled with systemctl, but at lest all parts are now starting
and staying running.
That solved the issue with the network not showing up. I don't know if
there were multiple copies of things running (nmbd, smbd) or they were
all stopping after detecting each other or just crapping out.
I have mostly solved the initial problem by setting all four of these:
client min protocol = NT1
server min protocol = NT1
client max protocol = NT1
server max protocol = NT1
I'm still having some locking issues on the database lock files, but
things are at least working and not corrupting data.
If anyone has some insight on either issue it would be appreciated.
--
Mark B
More information about the samba
mailing list