[Samba] CentOS update broke Samba
Rowland penny
rpenny at samba.org
Sat Oct 19 19:57:33 UTC 2019
On 19/10/2019 20:18, Alex Moen via samba wrote:
> Running CentOS Linux release 7.7.1908. Have Samba running as our
> fileserver on our (mostly) Windows network. Ran my "normal" yum
> updates today, and Samba was upgraded (last updates were on
> 8/10/2019). I was on 4.8.3 before; now it's 4.9.1:
>
> Updated samba-4.8.3-6.el7_6.x86_64 @updates
> Updated samba-client-4.8.3-6.el7_6.x86_64 @updates
> Updated samba-client-libs-4.8.3-6.el7_6.x86_64 @updates
> Updated samba-common-4.8.3-6.el7_6.noarch @updates
> Updated samba-common-libs-4.8.3-6.el7_6.x86_64 @updates
> Updated samba-common-tools-4.8.3-6.el7_6.x86_64 @updates
> Updated samba-libs-4.8.3-6.el7_6.x86_64 @updates
> Updated samba-winbind-4.8.3-6.el7_6.x86_64 @updates
> Updated samba-winbind-modules-4.8.3-6.el7_6.x86_64 @updates
>
> samba-4.9.1-6.el7.x86_64 Sat 19 Oct 2019 09:43:13
> AM CDT
> samba-winbind-4.9.1-6.el7.x86_64 Sat 19 Oct 2019 09:43:00
> AM CDT
> samba-client-4.9.1-6.el7.x86_64 Sat 19 Oct 2019 09:43:00
> AM CDT
> samba-winbind-modules-4.9.1-6.el7.x86_64 Sat 19 Oct 2019 09:42:29
> AM CDT
> samba-common-tools-4.9.1-6.el7.x86_64 Sat 19 Oct 2019 09:40:54
> AM CDT
> samba-libs-4.9.1-6.el7.x86_64 Sat 19 Oct 2019 09:40:53
> AM CDT
> samba-client-libs-4.9.1-6.el7.x86_64 Sat 19 Oct 2019 09:40:52
> AM CDT
> samba-common-libs-4.9.1-6.el7.x86_64 Sat 19 Oct 2019 09:40:51
> AM CDT
> samba-common-4.9.1-6.el7.noarch Sat 19 Oct 2019 09:40:51
> AM CDT
>
> Initially, smbd wouldn't even start. nmbd and winbind were fine, but
> smbd was spouting an error about "nobody is a group name" and "Failed
> to create BUILTIN\Guests group NT_STATUS_ACCESS_DENIED! Can Winbind
> allocate gids?"
>
> After lots of googling, I finally got the process to start properly,
> and (from the limited testing I can do on Saturdays) Windows clients
> can connect (this is the only Samba/CIFS server on the network). (FFR:
> I added the "username map script" and the two "idmap config A36561"
> stanzas in the smb.conf file below to get smbd restarted. I also
> needed to create a new guest user, and add "guest account = guest".)
> However, my Linux clients are not able to connect using CIFS. I am
> encountering the following errors in the log file for the Linux PC:
>
> "gensec_spnego_server_negTokenTarg_step: SPNEGO(ntlmssp) login failed:
> NT_STATUS_NO_SUCH_USER"
> "NT error packet at ../source3/smbd/sesssetup.c(247) cmd=115
> (SMBsesssetupX) NT_STATUS_LOGON_FAILURE"
>
> even though, earlier in the log file, I have this (encouraging) entry:
>
> "Auth: [SMB,(null)] user [A36561]\[alexm] at [Sat, 19 Oct 2019
> 13:58:12.577574 CDT] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER]
> workstation [ALEXM-SURFACE-PRO] remote host
> [ipv4:192.168.254.191:56314] mapped to [A36561]\[alexm]. local host
> [ipv4:192.168.255.5:445]"
>
> So, my usermap seems to be working, as my login should be alexm.
>
> I have been working on this for four hours now, and am completely out
> of ideas.
>
> smb.conf:
> # Global parameters
> [global]
> interfaces = lo eno16780032
> netbios name = NDTC-FS
> server string = NDTC File Server 2017
> #server max protocol = SMB2
> workgroup = A36561
> domain master = Yes
> preferred master = yes
> local master = yes
> ldap admin dn = cn=admin,o=ndtc
> ldap passwd sync = yes
> ldap ssl = no
> ldap suffix = ou=ndtel,o=ndtc
> ldap debug level = 1
> ldap debug threshold = 5
> log file = /var/log/samba/log.%m
> log level = 3
> max log size = 50000
> domain logons = Yes
> nt pipe support = No
> lanman auth = Yes
> passdb backend = ldapsam:"ldap://66.163.128.204"
> security = user
> guest account = guest
> username map = /etc/samba/usermap.txt
> username map script = /bin/echo
> wins support = Yes
> idmap config * : backend = tdb
> idmap config * : range = 1000000-1999999
> idmap config A36561 : backend = autorib
> idmap config A36561 : range = 2000000-4000000
> cups options = raw
> ntlm auth = yes
>
> [homes]
> comment = Home Directories
> browseable = No
> read only = No
>
> [groups]
> comment = Group Directories
> path = /cust/ndtel/groups
> blocking locks = No
> force create mode = 0660
> force directory mode = 0770
> read only = No
>
> [officeview]
> comment = The Office View
> path = /cust/ndtel/officeview
> force create mode = 0777
> force directory mode = 0777
> guest ok = Yes
> read only = No
> write list = +users
>
> [docvault]
> comment = Document Vault
> path = /cust/ndtel/groups/business/docvault
> browseable = No
> force create mode = 0777
> force directory mode = 0777
> force group = +business
> read only = No
> write list = +business
>
> [share]
> comment = Share space
> path = /cust/ndtel/share
> force create mode = 0777
> force directory mode = 0777
> guest ok = Yes
> read only = No
> write list = +users
>
> [archive]
> comment = Archive area
> path = /archive
> force create mode = 0777
> force directory mode = 0777
> force group = +internet
> read only = no
> write list = +internet
>
> [printers]
> comment = All Printers
> path = /var/spool/samba
> browseable = No
> printable = Yes
>
>
>
>
First a few comments about your smb.conf:
nt pipe support = No
You really shouldn't set the above line.
Is there a Unix user called 'guest' ?
Having said that, there isn't much point in having the 'guest account'
and the 'guest ok = yes' lines, because you haven't set 'map to guest =
bad user', so you will not have guest access.
You also seem to have a typo 'backend = autorib' should be 'backend =
autorid'
Finally, to fix your main problem, check if winbind is running.
Rowland
More information about the samba
mailing list