[Samba] Upgraded samba, mostly still works, but have one issue

Mark Casey markc at unifiedgroup.com
Mon Dec 12 09:14:47 MST 2011 

Hello list,

I recently upgraded an Ubuntu 8.04 LTS samba server to 10.04 LTS which 
took the installed version of samba from version 3.0.28a to version 
3.4.7. The server is an AD member using idmap-rid. I have updated the 
idmap directives in the config and it mostly worked (winbind works, 
Windows users can get to their shares with their correct permissions, 
etc.). The only thing that got broken is the ability of our IP security 
cameras to store data directly to the server through samba. I believe 
this may have been caused by a change to a default setting, such as the  
allowed authentication methods or possibly something like 'allow trusted 
domains', since these cameras are not capable of actually joining the 
domain. I've looked at some of the in-between release notes but no 
changes have jumped out at me.

The cameras are configured to connect to the given smb/cifs server and 
share (which exists and can be mapped from Windows if you use the right 
user). The share ('camshare') has share-level permissions set such that 
DOMAIN\camera should have full access. I have winbind set to use the 
default domain so the cameras are configured to connect as 'camera' 
instead of 'DOMAIN\camera' (but I've tried both anyway, to no avail). I 
have checked the password on the 'camera' account repeatedly.

However you can see that something isn't right when the cameras try to 
mount the share:
> root at server:~# tail -f /var/log/samba/log.smbd | grep camera
>   check_ntlm_password:  Authentication for user [camera] -> [camera] 
> FAILED with error NT_STATUS_NO_SUCH_USER
>   check_ntlm_password:  Authentication for user [camera] -> [camera] 
> FAILED with error NT_STATUS_NO_SUCH_USER
>   check_ntlm_password:  Authentication for user [camera] -> [camera] 
> FAILED with error NT_STATUS_NO_SUCH_USER

If I use that username with the password when mapping the share from 
Win7, it works and the correct permissions are there.

Here is the smb.conf:
> [global]
>         server string = File Server
>         workgroup = DOMAIN
>         realm = DOMAIN.COM
>         security = ADS
>         password server = *
>         #password server = dc1.domain.com
>         username map = /etc/samba/smbusers
>         obey pam restrictions = Yes
>         enable privileges = Yes
>         map to guest = Bad User
>         client NTLMv2 auth = Yes
>         log level = 2, vfs:1
>         syslog = 0
>         max log size = 0
>         load printers = No
>         preferred master = No
>         local master = No
>         domain master = No
>         dns proxy = No
>         disable netbios = yes
>         ldap ssl = no
>         host msdfs = No
>         template shell = /bin/false
>         winbind enum users = Yes
>         winbind enum groups = Yes
>         winbind use default domain = Yes
>         winbind refresh tickets = Yes
>
>         idmap backend = tdb
>         idmap uid = 100000-199999
>         idmap gid = 100000-199999
>         idmap config DOMAIN:backend = rid
>         idmap config DOMAIN:range = 100000 - 500000
>         idmap config DOMAIN:default = yes
>
>         hosts allow = 10.0.1.0/255.255.255.0 10.1.1.0/255.255.255.0 
> 10.2.0.0/255.255.255.0 10.0.8.0/255.255.255.0 10.1.8.0/255.255.255.0 
> 10.2.8.0/255.255.255.0 172.10.0.0/255.255.255.0 172.11.0.0/255.255.255.0
>         map acl inherit = No
>         hide special files = Yes
>         map archive = No
>         map readonly = No
>         map system = No
>         map hidden = No
>         force create mode = 707
>         force directory mode = 707
>         ea support = No
>         store dos attributes = No
>         wide links = No
>         follow symlinks = No
>         dos filemode = No
>         add share command=/etc/samba/command.pl
>         delete share command=/etc/samba/command.pl
>         change share command=/etc/samba/command.pl
>
> [camshare]
>         comment = Camera data share
>         path = /home/camshare
>         read only = No
>         writeable = Yes
>         inherit owner = Yes
>         guest ok = No
>
> [mainshare]
>         comment = Main Fileshare
>         path = /home/mainshare
>         read only = No
>         writeable = Yes
>         inherit owner = Yes
>         guest ok = Yes
>
>         vfs objects = recycle extd_audit
>         recycle:repository = Recycle Bin
>         recycle:directory_mode = 707
>         recycle:keeptree = yes
>         recycle:versions = no
>         recycle:touch = yes
>         recycle:touch_mtime = no
>         recycle:maxsize = 209715200
>         recycle:exclude = *.tmp *.temp ~$* *.~??

I've left off some other shares that don't seem relevant.

I can provide other info and or more logs if needed. Thanks in advance 
for any assistance you may be able to provide.

Thank you,
Mark

More information about the samba mailing list