[Samba] CentOS update broke Samba

Alex Moen alexm at ndtel.com
Sat Oct 19 19:18:39 UTC 2019


Running CentOS Linux release 7.7.1908. Have Samba running as our fileserver on our (mostly) Windows network.   Ran my "normal" yum updates today, and Samba was upgraded (last updates were on 8/10/2019).  I was on 4.8.3 before; now it's 4.9.1:

     Updated     samba-4.8.3-6.el7_6.x86_64                                  @updates
     Updated     samba-client-4.8.3-6.el7_6.x86_64                           @updates
     Updated     samba-client-libs-4.8.3-6.el7_6.x86_64                      @updates
     Updated     samba-common-4.8.3-6.el7_6.noarch                           @updates
     Updated     samba-common-libs-4.8.3-6.el7_6.x86_64                      @updates
     Updated     samba-common-tools-4.8.3-6.el7_6.x86_64                     @updates
     Updated     samba-libs-4.8.3-6.el7_6.x86_64                             @updates
     Updated     samba-winbind-4.8.3-6.el7_6.x86_64                          @updates
     Updated     samba-winbind-modules-4.8.3-6.el7_6.x86_64                  @updates

samba-4.9.1-6.el7.x86_64                      Sat 19 Oct 2019 09:43:13 AM CDT
samba-winbind-4.9.1-6.el7.x86_64              Sat 19 Oct 2019 09:43:00 AM CDT
samba-client-4.9.1-6.el7.x86_64               Sat 19 Oct 2019 09:43:00 AM CDT
samba-winbind-modules-4.9.1-6.el7.x86_64      Sat 19 Oct 2019 09:42:29 AM CDT
samba-common-tools-4.9.1-6.el7.x86_64         Sat 19 Oct 2019 09:40:54 AM CDT
samba-libs-4.9.1-6.el7.x86_64                 Sat 19 Oct 2019 09:40:53 AM CDT
samba-client-libs-4.9.1-6.el7.x86_64          Sat 19 Oct 2019 09:40:52 AM CDT
samba-common-libs-4.9.1-6.el7.x86_64          Sat 19 Oct 2019 09:40:51 AM CDT
samba-common-4.9.1-6.el7.noarch               Sat 19 Oct 2019 09:40:51 AM CDT

Initially, smbd wouldn't even start.  nmbd and winbind were fine, but smbd was spouting an error about "nobody is a group name" and "Failed to create BUILTIN\Guests group NT_STATUS_ACCESS_DENIED!  Can Winbind allocate gids?"

After lots of googling, I finally got the process to start properly, and (from the limited testing I can do on Saturdays) Windows clients can connect (this is the only Samba/CIFS server on the network). (FFR: I added the "username map script" and the two "idmap config A36561" stanzas in the smb.conf file below to get smbd restarted.  I also needed to create a new guest user, and add "guest account = guest".)  However, my Linux clients are not able to connect using CIFS.  I am encountering the following errors in the log file for the Linux PC:

"gensec_spnego_server_negTokenTarg_step: SPNEGO(ntlmssp) login failed: NT_STATUS_NO_SUCH_USER"
"NT error packet at ../source3/smbd/sesssetup.c(247) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE"

even though, earlier in the log file, I have this (encouraging) entry:

"Auth: [SMB,(null)] user [A36561]\[alexm] at [Sat, 19 Oct 2019 13:58:12.577574 CDT] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [ALEXM-SURFACE-PRO] remote host [ipv4:192.168.254.191:56314] mapped to [A36561]\[alexm]. local host [ipv4:192.168.255.5:445]"

So, my usermap seems to be working, as my login should be alexm.

I have been working on this for four hours now, and am completely out of ideas.

smb.conf:
# Global parameters
[global]
         interfaces = lo eno16780032
         netbios name = NDTC-FS
         server string = NDTC File Server 2017
         #server max protocol = SMB2
         workgroup = A36561
         domain master = Yes
         preferred master = yes
         local master = yes
         ldap admin dn = cn=admin,o=ndtc
         ldap passwd sync = yes
         ldap ssl = no
         ldap suffix = ou=ndtel,o=ndtc
         ldap debug level = 1
         ldap debug threshold = 5
         log file = /var/log/samba/log.%m
         log level = 3
         max log size = 50000
         domain logons = Yes
         nt pipe support = No
         lanman auth = Yes
         passdb backend = ldapsam:"ldap://66.163.128.204"
         security = user
         guest account = guest
         username map = /etc/samba/usermap.txt
         username map script = /bin/echo
         wins support = Yes
         idmap config * : backend = tdb
         idmap config * : range = 1000000-1999999
         idmap config A36561 : backend = autorib
         idmap config A36561 : range = 2000000-4000000
         cups options = raw
         ntlm auth = yes

[homes]
         comment = Home Directories
         browseable = No
         read only = No

[groups]
         comment = Group Directories
         path = /cust/ndtel/groups
         blocking locks = No
         force create mode = 0660
         force directory mode = 0770
         read only = No

[officeview]
         comment = The Office View
         path = /cust/ndtel/officeview
         force create mode = 0777
         force directory mode = 0777
         guest ok = Yes
         read only = No
         write list = +users

[docvault]
         comment = Document Vault
         path = /cust/ndtel/groups/business/docvault
         browseable = No
         force create mode = 0777
         force directory mode = 0777
         force group = +business
         read only = No
         write list = +business

[share]
         comment = Share space
         path = /cust/ndtel/share
         force create mode = 0777
         force directory mode = 0777
         guest ok = Yes
         read only = No
         write list = +users

[archive]
         comment = Archive area
         path = /archive
         force create mode = 0777
         force directory mode = 0777
         force group = +internet
         read only = no
         write list = +internet

[printers]
         comment = All Printers
         path = /var/spool/samba
         browseable = No
         printable = Yes





Output of testparm:

rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
ldap_url_parse_ext(ldap://localhost/)
ldap_init: trying /etc/openldap/ldap.conf
ldap_init: using /etc/openldap/ldap.conf
ldap_url_parse_ext(ldap://66.163.128.204)
ldap_init: HOME env is /root
ldap_init: trying /root/ldaprc
ldap_init: trying /root/.ldaprc
ldap_init: LDAPCONF env is NULL
ldap_init: LDAPRC env is NULL
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[groups]"
Processing section "[officeview]"
Processing section "[docvault]"
Processing section "[share]"
Processing section "[archive]"
Processing section "[printers]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC

Press enter to see a dump of your service definitions


Any advice would be very greatly appreciated.

TIA,
Alex



More information about the samba mailing list