[Samba] samba behavior change with version upgrade
David H. Durgee
dhdurgee at verizon.net
Thu Jun 7 21:23:33 UTC 2018
Rowland Penny via samba wrote:
> On Thu, 7 Jun 2018 14:24:57 -0400
> "David H. Durgee via samba" <samba at lists.samba.org> wrote:
>
>> Rowland Penny via samba wrote:
>>> On Thu, 7 Jun 2018 14:57:34 +0100
>>> Rowland Penny via samba <samba at lists.samba.org> wrote:
>>>
>>>> On Thu, 7 Jun 2018 14:51:11 +0100
>>>> Rowland Penny via samba <samba at lists.samba.org> wrote:
>>>>
>>>>> On Thu, 7 Jun 2018 15:43:07 +0200
>>>>> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
>>>>>
>>>>>> David,
>>>>>>
>>>>>> So only Rowland is allowed to help?? If everybody does that them
>>>>>> in feeling really sorry for him. There are lots of people here
>>>>>> with very good knowledge. Even if its a long post, everything
>>>>>> might be relevant, i suggest, you try it.. It does not hurt.
>>>>>> Anonimize the config if needed.
>>>>>>
>>>>> I am trying to do two things at once, re-writing the time server
>>>>> wikipage and reading (and shortening) the smb.conf files I was
>>>>> sent, give me a few minutes and I will post them with a comment.
>>>>>
>>>>> Rowland
>>>>>
>>>> OK, here are thr two smb.conf files without commented lines and
>>>> obvious default lines.
>>>>
>>>> This is what the OP should have posted:
>>>>
>>>> MAYA:
>>>>
>>>> [global]
>>>> workgroup = AGI-NET
>>>> server string = %h server (Samba, LinuxMint)
>>>> dns proxy = no
>>>> log file = /var/log/samba/log.%m
>>>> max log size = 2048
>>>> log level = 0
>>>> syslog = 0
>>>> panic action = /usr/share/samba/panic-action %d
>>>> obey pam restrictions = yes
>>>> unix password sync = yes
>>>> passwd program = /usr/bin/passwd %u
>>>> passwd chat = *Enter\snew\s*\spassword:* %n\n
>>>> *Retype\snew\s*\spassword:* %n\n
>>>> *password\supdated\ssuccessfully* . pam password change = yes map
>>>> to guest = bad user client lanman auth = yes
>>>> client ntlmv2 auth = no
>>>> lanman auth = yes
>>>> usershare allow guests = yes
>>>>
>>>> [printers]
>>>> comment = All Printers
>>>> browseable = no
>>>> path = /var/spool/samba
>>>> printable = yes
>>>> guest ok = no
>>>> read only = yes
>>>> create mask = 0700
>>>>
>>>> [print$]
>>>> comment = Printer Drivers
>>>> path = /var/lib/samba/printers
>>>> browseable = yes
>>>> read only = yes
>>>> guest ok = no
>>>>
>>>> [testing]
>>>> comment = Samba test shared directory
>>>> read only = no
>>>> locking = no
>>>> path = /var/tmp
>>>> guest ok = yes
>>>>
>>>> SYLVIA:
>>>>
>>>> [global]
>>>> workgroup = AGI-NET
>>>> server string = %h server (Samba, LinuxMint)
>>>> dns proxy = no
>>>> log file = /var/log/samba/log.%m
>>>> max log size = 2048
>>>> log level = 0
>>>> syslog = 0
>>>> panic action = /usr/share/samba/panic-action %d
>>>> server role = standalone server
>>>> obey pam restrictions = yes
>>>> unix password sync = yes
>>>> passwd program = /usr/bin/passwd %u
>>>> passwd chat = *Enter\snew\s*\spassword:* %n\n
>>>> *Retype\snew\s*\spassword:* %n\n
>>>> *password\supdated\ssuccessfully* . pam password change = yes map
>>>> to guest = bad user client lanman auth = yes
>>>> client ntlmv2 auth = no
>>>> lanman auth = yes
>>>> usershare allow guests = yes
>>>>
>>>> [printers]
>>>> comment = All Printers
>>>> browseable = no
>>>> path = /var/spool/samba
>>>> printable = yes
>>>> guest ok = no
>>>> read only = yes
>>>> create mask = 0700
>>>>
>>>> [print$]
>>>> comment = Printer Drivers
>>>> path = /var/lib/samba/printers
>>>> browseable = yes
>>>> read only = yes
>>>> guest ok = no
>>>>
>>>> [testing]
>>>> comment = Samba test shared directory
>>>> read only = no
>>>> locking = no
>>>> path = /var/tmp
>>>> guest ok = yes
>>>>
>>> OK, remove these lines:
>>>
>>> client lanman auth = yes
>>> client ntlmv2 auth = no
>>> lanman auth = yes
>>>
>>> They are the exact opposites to what you need.
>>>
>>> Rowland
>> I'm not sure of that. My LAN has two OS/2 systems on it and I mount
>> network shares from them. Neither of them use network shared
>> resources from my linux system, but my linux system must be able to
>> mount those network shares. To the best of my knowledge lanman auth
>> is a requirement for accessing OS/2 shares. Perhaps given that the
>> sharing is all from linux to OS/2 one of those can be changed.
> Why does it sometimes feel like pulling teeth, you could have said
> something earlier.
>
> You are running a very insecure network, give me half an hour and I
> will give you all your passwords.
>
>> Are these entries of any consequence for another linux mint sylvia
>> system performing gvfs-mount via gigolo of the testing share?
>> Likewise they are in both smb.conf files, so why would 4.3.11-Ubuntu
>> have problems with them that 3.6.25 doesn't?
> Probably because the code has changed so much between the two versions,
> there were also releases to deal with these CVE's:
>
> CVE-2016-2119 CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112
> CVE-2016-2113 CVE-2016-2114 CVE-2016-2115 CVE-2016-2118
>
> And they were just in the 4.3 release series and they dealt with
> authentication.
>
> Try removing the lines (you could just comment them out) restart Samba
> and see if it cures your present problem. If it does, you just have to
> find a way around the problem of having two out of date servers in
> your network.
>
> Rowland
As requested I commented out the lines and rebooted the system. Behavior
on sylvia is identical to what it is with those lines enabled. Next?
Dave
More information about the samba
mailing list