[Samba] samba behavior change with version upgrade

David H. Durgee dhdurgee at verizon.net
Thu Jun 7 21:23:33 UTC 2018 

Rowland Penny via samba wrote:
> On Thu, 7 Jun 2018 14:24:57 -0400
> "David H. Durgee via samba" <samba at lists.samba.org> wrote:
>
>> Rowland Penny via samba wrote:
>>> On Thu, 7 Jun 2018 14:57:34 +0100
>>> Rowland Penny via samba <samba at lists.samba.org> wrote:
>>>
>>>> On Thu, 7 Jun 2018 14:51:11 +0100
>>>> Rowland Penny via samba <samba at lists.samba.org> wrote:
>>>>
>>>>> On Thu, 7 Jun 2018 15:43:07 +0200
>>>>> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
>>>>>
>>>>>> David,
>>>>>>
>>>>>> So only Rowland is allowed to help?? If everybody does that them
>>>>>> in feeling really sorry for him. There are lots of people here
>>>>>> with very good knowledge. Even if its a long post, everything
>>>>>> might be relevant, i suggest, you try it.. It does not hurt.
>>>>>> Anonimize the config if needed.
>>>>>>
>>>>> I am trying to do two things at once, re-writing the time server
>>>>> wikipage and reading (and shortening) the smb.conf files I was
>>>>> sent, give me a few minutes and I will post them with a comment.
>>>>>
>>>>> Rowland
>>>>>
>>>> OK, here are thr two smb.conf files without commented lines and
>>>> obvious default lines.
>>>>
>>>> This is what the OP should have posted:
>>>>
>>>> MAYA:
>>>>
>>>> [global]
>>>>      workgroup = AGI-NET
>>>>      server string = %h server (Samba, LinuxMint)
>>>>      dns proxy = no
>>>>      log file = /var/log/samba/log.%m
>>>>      max log size = 2048
>>>>      log level = 0
>>>>      syslog = 0
>>>>      panic action = /usr/share/samba/panic-action %d
>>>>      obey pam restrictions = yes
>>>>      unix password sync = yes
>>>>      passwd program = /usr/bin/passwd %u
>>>>      passwd chat = *Enter\snew\s*\spassword:* %n\n
>>>> *Retype\snew\s*\spassword:* %n\n
>>>> *password\supdated\ssuccessfully* . pam password change = yes map
>>>> to guest = bad user client lanman auth = yes
>>>>      client ntlmv2 auth = no
>>>>      lanman auth = yes
>>>>      usershare allow guests = yes
>>>>
>>>> [printers]
>>>>      comment = All Printers
>>>>      browseable = no
>>>>      path = /var/spool/samba
>>>>      printable = yes
>>>>      guest ok = no
>>>>      read only = yes
>>>>      create mask = 0700
>>>>
>>>> [print$]
>>>>      comment = Printer Drivers
>>>>      path = /var/lib/samba/printers
>>>>      browseable = yes
>>>>      read only = yes
>>>>      guest ok = no
>>>>
>>>> [testing]
>>>> 	comment = Samba test shared directory
>>>> 	read only = no
>>>> 	locking = no
>>>> 	path = /var/tmp
>>>>       guest ok = yes
>>>>
>>>> SYLVIA:
>>>>
>>>> [global]
>>>>      workgroup = AGI-NET
>>>> 	server string = %h server (Samba, LinuxMint)
>>>>      dns proxy = no
>>>>      log file = /var/log/samba/log.%m
>>>>      max log size = 2048
>>>>     log level = 0
>>>>      syslog = 0
>>>>      panic action = /usr/share/samba/panic-action %d
>>>>      server role = standalone server
>>>>      obey pam restrictions = yes
>>>>      unix password sync = yes
>>>>      passwd program = /usr/bin/passwd %u
>>>>      passwd chat = *Enter\snew\s*\spassword:* %n\n
>>>> *Retype\snew\s*\spassword:* %n\n
>>>> *password\supdated\ssuccessfully* . pam password change = yes map
>>>> to guest = bad user client lanman auth = yes
>>>>      client ntlmv2 auth = no
>>>>      lanman auth = yes
>>>>      usershare allow guests = yes
>>>>
>>>> [printers]
>>>>      comment = All Printers
>>>>      browseable = no
>>>>      path = /var/spool/samba
>>>>      printable = yes
>>>>      guest ok = no
>>>>      read only = yes
>>>>      create mask = 0700
>>>>
>>>> [print$]
>>>>      comment = Printer Drivers
>>>>      path = /var/lib/samba/printers
>>>>      browseable = yes
>>>>      read only = yes
>>>>      guest ok = no
>>>>
>>>> [testing]
>>>> 	comment = Samba test shared directory
>>>> 	read only = no
>>>> 	locking = no
>>>> 	path = /var/tmp
>>>>       guest ok = yes
>>>>
>>> OK, remove these lines:
>>>
>>>      client lanman auth = yes
>>>      client ntlmv2 auth = no
>>>      lanman auth = yes
>>>
>>> They are the exact opposites to what you need.
>>>
>>> Rowland
>> I'm not sure of that.  My LAN has two OS/2 systems on it and I mount
>> network shares from them.  Neither of them use network shared
>> resources from my linux system, but my linux system must be able to
>> mount those network shares.  To the best of my knowledge lanman auth
>> is a requirement for accessing OS/2 shares.  Perhaps given that the
>> sharing is all from linux to OS/2 one of those can be changed.
> Why does it sometimes feel like pulling teeth, you could have said
> something earlier.
>
> You are running a very insecure network, give me half an hour and I
> will give you all your passwords.
>
>> Are these entries of any consequence for another linux mint sylvia
>> system performing gvfs-mount via gigolo of the testing share?
>> Likewise they are in both smb.conf files, so why would 4.3.11-Ubuntu
>> have problems with them that 3.6.25 doesn't?
> Probably because the code has changed so much between the two versions,
> there were also releases to deal with these CVE's:
>
> CVE-2016-2119 CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112
> CVE-2016-2113 CVE-2016-2114 CVE-2016-2115 CVE-2016-2118
>
> And they were just in the 4.3 release series and they dealt with
> authentication.
>
> Try removing the lines (you could just comment them out) restart Samba
> and see if it cures your present problem. If it does, you just have to
> find a way around the problem of having two out of date servers in
> your network.
>
> Rowland

As requested I commented out the lines and rebooted the system. Behavior 
on sylvia is identical to what it is with those lines enabled.  Next?

Dave

More information about the samba mailing list