[Samba] Certain systems can no longer access samba post upgrade to 4.3.9

Rowland Penny rpenny at samba.org
Wed Aug 31 15:11:37 UTC 2016 

On Wed, 31 Aug 2016 09:42:35 -0400
Jeff Hodge via samba <samba at lists.samba.org> wrote:

> On Tue, Aug 30, 2016 at 11:57 AM, Jeff Hodge <jeff.hodge55 at gmail.com>
> wrote:
> 
> > On Mon, Aug 29, 2016 at 6:13 PM, Jeremy Allison <jra at samba.org>
> > wrote:
> >
> >> On Mon, Aug 29, 2016 at 11:41:53AM -0400, Jeff Hodge via samba
> >> wrote:
> >> > During an ubuntu 14.04 update samba was updated from 4.1.6 to
> >> > 4.3.9.  We had no problems with any windows system accessing the
> >> > server prior to
> >> the
> >> > upgrade to 4.3.9.  It seems to affect access to the entire samba
> >> > server
> >> as
> >> > no shares are able to be seen or accessed when trying to view
> >> \\servername
> >> > or \\servname.domain.local
> >> >
> >> > The "fix" seems to be to use the fully qualified name, but after
> >> > a while that will stop working and you have to change to the
> >> > short name and vice versa.  I am trying to correlate the times
> >> > to see if there is a pattern, but no pattern has emerged yet.
> >> >
> >> > What is odd is if the short name is failing and you change to
> >> > fully qualified and the share comes up, you will then be able to
> >> > use the short name to pull up the share after you have made the
> >> > successful connection
> >> to
> >> > the fully qualified name.
> >> >
> >> > The one log entry that seems to identify systems with this issue
> >> > is
> >> this,
> >> > repeated over and over:
> >> >
> >> > [2016/08/29 08:35:56.694436,  0]
> >> > ../source3/param/loadparm.c:1460(canonicalize_servicename)
> >> >   canonicalize_servicename: NULL source name!
> >> >
> >> > [2016/08/29 08:35:57.694984,  0]
> >> > ../source3/param/loadparm.c:1460(canonicalize_servicename)
> >> >   canonicalize_servicename: NULL source name!
> >> >
> >> > [2016/08/29 08:35:58.694495,  0]
> >> > ../source3/param/loadparm.c:1460(canonicalize_servicename)
> >> >   canonicalize_servicename: NULL source name!
> >> >
> >> > The majority of our servers are not having any problems
> >> > accessing the
> >> samba
> >> > shares, but a few key high use systems are having this issue.
> >> >
> >> > Has anyone seen this error and may have an idea what may be
> >> > causing and possible system setting that may need to be
> >> > changed/enabled in 4.3.9 to allow all systems to connect
> >> > reliably?
> >>
> >> Can you post your smb.conf, plus a debug level 10 log from one
> >> of the machines having the problem ?
> >>
> >
> > It seems a workaround is to to set guest ok = yes on the user
> > share.  We have not seen the error since we made that change.
> >
> > We also changed another share from user share to one configured in
> > the smb.conf file and have not seen the issue on that server since
> > yesterday. This may be a more permanent fix as we did not have to
> > set guest ok = yes on its share.
> >
> > I will try to get an output of the logs at log level 10, however I
> > have been unable to reproduce this in our Dev environment.  Which
> > class do you want me to set logging level 10 on, or to be safe just
> > use all?
> >
> > Here is the smb.conf file in case anyone sees anything in there:
> >
> > [global]
> > security = ads
> > netbios name = server104
> > netbios aliases = server04
> > realm = DOMAIN.LOCAL
> > idmap config * : range = 500-10000000
> > idmap config * : backend = tdb
> > winbind enum users = no
> > winbind enum groups = no
> > winbind refresh tickets = true
> > template homedir = /home/%D/%U
> > template shell = /bin/bash
> > client use spnego = yes
> > domain master = no
> > create mask = 0664
> > directory mask = 0775
> > machine password timeout = 0
> > hosts deny = 172.17.4.0/255.255.255.0
> > interfaces = eth1
> > bind interfaces only = yes
> > winbind max clients = 1000
> > winbind max domain connections = 10
> > log level = 1
> >
> >    workgroup = DOMAIN
> >    server string = %h server (Samba, Ubuntu)
> >    dns proxy = no
> >    log file = /var/log/samba/log.%m
> >    max log size = 1000
> >    syslog = 0
> >    panic action = /usr/share/samba/panic-action %d
> >    encrypt passwords = true
> >    passdb backend = tdbsam
> >    obey pam restrictions = yes
> >    unix password sync = yes
> >    passwd program = /usr/bin/passwd %u
> >    passwd chat = *Enter\snew\s*\spassword:* %n\n
> > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> >    pam password change = yes
> >    map to guest = bad user
> >    usershare allow guests = yes
> >
> > [printers]
> >    comment = All Printers
> >    browseable = no
> >    path = /var/spool/samba
> >    printable = yes
> >    guest ok = no
> >    read only = yes
> >    create mask = 0700
> > [print$]
> >    comment = Printer Drivers
> >    path = /var/lib/samba/printers
> >    browseable = yes
> >    read only = yes
> >    guest ok = no
> >
> >
> > User share:
> >
> > #VERSION 2
> > path=/home/DOMAIN/
> > comment=
> > usershare_acl=S-1-1-0:F
> > guest ok = yes


Can I suggest you try this smb.conf, yours is full of default settings
and doesn't have a range for the domain, if required, you can change
the numbers in the ranges, but the two ranges must not overlap.

 [global]
    workgroup = DOMAIN
    security = ads
    realm = DOMAIN.LOCAL
    netbios name = server104
    netbios aliases = server04
    dedicated keytab file = /etc/krb5.keytab
    kerberos method = secrets and keytab
    server string = %h server (Samba, Ubuntu)
    winbind enum users = no
    winbind enum groups = no
    winbind nss info = rfc2307
    winbind refresh tickets = true

    ## map ids outside of domain to tdb files.
    idmap config *:backend = tdb
    idmap config *:range = 2000-9999
    ## map ids from the domain  the ranges may not overlap !
    idmap config SAMDOM : backend = rid
    idmap config SAMDOM : range = 10000-999999

    template shell = /bin/bash
    domain master = no
    create mask = 0664
    directory mask = 0775
    hosts deny = 172.17.4.0/255.255.255.0
    interfaces = eth1
    bind interfaces only = yes
    log level = 1
    dns proxy = no
    log file = /var/log/samba/log.%m
    max log size = 1000
    syslog = 0
    panic action = /usr/share/samba/panic-action %d
    map to guest = bad user
    usershare allow guests = yes

 [printers]
    comment = All Printers
    browseable = no
    path = /var/spool/samba
    printable = yes
    guest ok = no
    read only = yes
    create mask = 0700
 [print$]
    comment = Printer Drivers
    path = /var/lib/samba/printers
    browseable = yes
    read only = yes
    guest ok = no


 User share:

 #VERSION 2
 path=/home/DOMAIN/
 comment=
 usershare_acl=S-1-1-0:F
 guest ok = yes

Rowland

More information about the samba mailing list