[Samba] CentOS update broke Samba
Andreas Schneider
asn at samba.org
Sun Oct 20 18:31:11 UTC 2019
On Saturday, 19 October 2019 21:18:39 CEST Alex Moen via samba wrote:
> Running CentOS Linux release 7.7.1908. Have Samba running as our fileserver
> on our (mostly) Windows network. Ran my "normal" yum updates today, and
> Samba was upgraded (last updates were on 8/10/2019). I was on 4.8.3
> before; now it's 4.9.1:
>
> Updated samba-4.8.3-6.el7_6.x86_64
> @updates Updated samba-client-4.8.3-6.el7_6.x86_64
> @updates Updated samba-client-libs-4.8.3-6.el7_6.x86_64
> @updates Updated samba-common-4.8.3-6.el7_6.noarch
> @updates Updated samba-common-libs-4.8.3-6.el7_6.x86_64
> @updates Updated
> samba-common-tools-4.8.3-6.el7_6.x86_64 @updates
> Updated samba-libs-4.8.3-6.el7_6.x86_64
> @updates Updated samba-winbind-4.8.3-6.el7_6.x86_64
> @updates Updated samba-winbind-modules-4.8.3-6.el7_6.x86_64
> @updates
>
> samba-4.9.1-6.el7.x86_64 Sat 19 Oct 2019 09:43:13 AM
> CDT samba-winbind-4.9.1-6.el7.x86_64 Sat 19 Oct 2019 09:43:00
> AM CDT samba-client-4.9.1-6.el7.x86_64 Sat 19 Oct 2019
> 09:43:00 AM CDT samba-winbind-modules-4.9.1-6.el7.x86_64 Sat 19 Oct
> 2019 09:42:29 AM CDT samba-common-tools-4.9.1-6.el7.x86_64 Sat 19
> Oct 2019 09:40:54 AM CDT samba-libs-4.9.1-6.el7.x86_64 Sat
> 19 Oct 2019 09:40:53 AM CDT samba-client-libs-4.9.1-6.el7.x86_64
> Sat 19 Oct 2019 09:40:52 AM CDT samba-common-libs-4.9.1-6.el7.x86_64
> Sat 19 Oct 2019 09:40:51 AM CDT samba-common-4.9.1-6.el7.noarch
> Sat 19 Oct 2019 09:40:51 AM CDT
>
> Initially, smbd wouldn't even start. nmbd and winbind were fine, but smbd
> was spouting an error about "nobody is a group name" and "Failed to create
> BUILTIN\Guests group NT_STATUS_ACCESS_DENIED! Can Winbind allocate gids?"
>
> After lots of googling, I finally got the process to start properly, and
> (from the limited testing I can do on Saturdays) Windows clients can
> connect (this is the only Samba/CIFS server on the network). (FFR: I added
> the "username map script" and the two "idmap config A36561" stanzas in the
> smb.conf file below to get smbd restarted. I also needed to create a new
> guest user, and add "guest account = guest".) However, my Linux clients
> are not able to connect using CIFS. I am encountering the following errors
> in the log file for the Linux PC:
>
> "gensec_spnego_server_negTokenTarg_step: SPNEGO(ntlmssp) login failed:
> NT_STATUS_NO_SUCH_USER" "NT error packet at
> ../source3/smbd/sesssetup.c(247) cmd=115 (SMBsesssetupX)
> NT_STATUS_LOGON_FAILURE"
>
> even though, earlier in the log file, I have this (encouraging) entry:
>
> "Auth: [SMB,(null)] user [A36561]\[alexm] at [Sat, 19 Oct 2019
> 13:58:12.577574 CDT] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER]
> workstation [ALEXM-SURFACE-PRO] remote host [ipv4:192.168.254.191:56314]
> mapped to [A36561]\[alexm]. local host [ipv4:192.168.255.5:445]"
>
> So, my usermap seems to be working, as my login should be alexm.
>
> I have been working on this for four hours now, and am completely out of
> ideas.
>
> smb.conf:
> # Global parameters
> [global]
> interfaces = lo eno16780032
> netbios name = NDTC-FS
> server string = NDTC File Server 2017
> #server max protocol = SMB2
> workgroup = A36561
> domain master = Yes
> preferred master = yes
> local master = yes
> ldap admin dn = cn=admin,o=ndtc
> ldap passwd sync = yes
> ldap ssl = no
> ldap suffix = ou=ndtel,o=ndtc
> ldap debug level = 1
> ldap debug threshold = 5
> log file = /var/log/samba/log.%m
> log level = 3
> max log size = 50000
> domain logons = Yes
> nt pipe support = No
> lanman auth = Yes
> passdb backend = ldapsam:"ldap://66.163.128.204"
> security = user
> guest account = guest
> username map = /etc/samba/usermap.txt
> username map script = /bin/echo
> wins support = Yes
> idmap config * : backend = tdb
> idmap config * : range = 1000000-1999999
> idmap config A36561 : backend = autorib
> idmap config A36561 : range = 2000000-4000000
> cups options = raw
> ntlm auth = yes
>
> [homes]
> comment = Home Directories
> browseable = No
> read only = No
>
> [groups]
> comment = Group Directories
> path = /cust/ndtel/groups
> blocking locks = No
> force create mode = 0660
> force directory mode = 0770
> read only = No
>
> [officeview]
> comment = The Office View
> path = /cust/ndtel/officeview
> force create mode = 0777
> force directory mode = 0777
> guest ok = Yes
> read only = No
> write list = +users
>
> [docvault]
> comment = Document Vault
> path = /cust/ndtel/groups/business/docvault
> browseable = No
> force create mode = 0777
> force directory mode = 0777
> force group = +business
> read only = No
> write list = +business
>
> [share]
> comment = Share space
> path = /cust/ndtel/share
> force create mode = 0777
> force directory mode = 0777
> guest ok = Yes
> read only = No
> write list = +users
>
> [archive]
> comment = Archive area
> path = /archive
> force create mode = 0777
> force directory mode = 0777
> force group = +internet
> read only = no
> write list = +internet
>
> [printers]
> comment = All Printers
> path = /var/spool/samba
> browseable = No
> printable = Yes
>
>
>
>
>
> Output of testparm:
>
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> ldap_url_parse_ext(ldap://localhost/)
> ldap_init: trying /etc/openldap/ldap.conf
> ldap_init: using /etc/openldap/ldap.conf
> ldap_url_parse_ext(ldap://66.163.128.204)
> ldap_init: HOME env is /root
> ldap_init: trying /root/ldaprc
> ldap_init: trying /root/.ldaprc
> ldap_init: LDAPCONF env is NULL
> ldap_init: LDAPRC env is NULL
> Registered MSG_REQ_POOL_USAGE
> Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
> Load smb config files from /etc/samba/smb.conf
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> Processing section "[homes]"
> Processing section "[groups]"
> Processing section "[officeview]"
> Processing section "[docvault]"
> Processing section "[share]"
> Processing section "[archive]"
> Processing section "[printers]"
> Loaded services file OK.
> Server role: ROLE_DOMAIN_PDC
>
> Press enter to see a dump of your service definitions
>
>
> Any advice would be very greatly appreciated.
I think this is the following bug:
https://bugzilla.samba.org/show_bug.cgi?id=14106
More information about the samba
mailing list