[Samba] CentOS update broke Samba

Andreas Schneider asn at samba.org
Sun Oct 20 18:31:11 UTC 2019


On Saturday, 19 October 2019 21:18:39 CEST Alex Moen via samba wrote:
> Running CentOS Linux release 7.7.1908. Have Samba running as our fileserver
> on our (mostly) Windows network.   Ran my "normal" yum updates today, and
> Samba was upgraded (last updates were on 8/10/2019).  I was on 4.8.3
> before; now it's 4.9.1:
> 
>      Updated     samba-4.8.3-6.el7_6.x86_64                                 
> @updates Updated     samba-client-4.8.3-6.el7_6.x86_64                     
>      @updates Updated     samba-client-libs-4.8.3-6.el7_6.x86_64           
>           @updates Updated     samba-common-4.8.3-6.el7_6.noarch           
>                @updates Updated     samba-common-libs-4.8.3-6.el7_6.x86_64 
>                     @updates Updated    
> samba-common-tools-4.8.3-6.el7_6.x86_64                     @updates
> Updated     samba-libs-4.8.3-6.el7_6.x86_64                            
> @updates Updated     samba-winbind-4.8.3-6.el7_6.x86_64                    
>      @updates Updated     samba-winbind-modules-4.8.3-6.el7_6.x86_64       
>           @updates
> 
> samba-4.9.1-6.el7.x86_64                      Sat 19 Oct 2019 09:43:13 AM
> CDT samba-winbind-4.9.1-6.el7.x86_64              Sat 19 Oct 2019 09:43:00
> AM CDT samba-client-4.9.1-6.el7.x86_64               Sat 19 Oct 2019
> 09:43:00 AM CDT samba-winbind-modules-4.9.1-6.el7.x86_64      Sat 19 Oct
> 2019 09:42:29 AM CDT samba-common-tools-4.9.1-6.el7.x86_64         Sat 19
> Oct 2019 09:40:54 AM CDT samba-libs-4.9.1-6.el7.x86_64                 Sat
> 19 Oct 2019 09:40:53 AM CDT samba-client-libs-4.9.1-6.el7.x86_64         
> Sat 19 Oct 2019 09:40:52 AM CDT samba-common-libs-4.9.1-6.el7.x86_64       
>   Sat 19 Oct 2019 09:40:51 AM CDT samba-common-4.9.1-6.el7.noarch          
>     Sat 19 Oct 2019 09:40:51 AM CDT
> 
> Initially, smbd wouldn't even start.  nmbd and winbind were fine, but smbd
> was spouting an error about "nobody is a group name" and "Failed to create
> BUILTIN\Guests group NT_STATUS_ACCESS_DENIED!  Can Winbind allocate gids?"
> 
> After lots of googling, I finally got the process to start properly, and
> (from the limited testing I can do on Saturdays) Windows clients can
> connect (this is the only Samba/CIFS server on the network). (FFR: I added
> the "username map script" and the two "idmap config A36561" stanzas in the
> smb.conf file below to get smbd restarted.  I also needed to create a new
> guest user, and add "guest account = guest".)  However, my Linux clients
> are not able to connect using CIFS.  I am encountering the following errors
> in the log file for the Linux PC:
> 
> "gensec_spnego_server_negTokenTarg_step: SPNEGO(ntlmssp) login failed:
> NT_STATUS_NO_SUCH_USER" "NT error packet at
> ../source3/smbd/sesssetup.c(247) cmd=115 (SMBsesssetupX)
> NT_STATUS_LOGON_FAILURE"
> 
> even though, earlier in the log file, I have this (encouraging) entry:
> 
> "Auth: [SMB,(null)] user [A36561]\[alexm] at [Sat, 19 Oct 2019
> 13:58:12.577574 CDT] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER]
> workstation [ALEXM-SURFACE-PRO] remote host [ipv4:192.168.254.191:56314]
> mapped to [A36561]\[alexm]. local host [ipv4:192.168.255.5:445]"
> 
> So, my usermap seems to be working, as my login should be alexm.
> 
> I have been working on this for four hours now, and am completely out of
> ideas.
> 
> smb.conf:
> # Global parameters
> [global]
>          interfaces = lo eno16780032
>          netbios name = NDTC-FS
>          server string = NDTC File Server 2017
>          #server max protocol = SMB2
>          workgroup = A36561
>          domain master = Yes
>          preferred master = yes
>          local master = yes
>          ldap admin dn = cn=admin,o=ndtc
>          ldap passwd sync = yes
>          ldap ssl = no
>          ldap suffix = ou=ndtel,o=ndtc
>          ldap debug level = 1
>          ldap debug threshold = 5
>          log file = /var/log/samba/log.%m
>          log level = 3
>          max log size = 50000
>          domain logons = Yes
>          nt pipe support = No
>          lanman auth = Yes
>          passdb backend = ldapsam:"ldap://66.163.128.204"
>          security = user
>          guest account = guest
>          username map = /etc/samba/usermap.txt
>          username map script = /bin/echo
>          wins support = Yes
>          idmap config * : backend = tdb
>          idmap config * : range = 1000000-1999999
>          idmap config A36561 : backend = autorib
>          idmap config A36561 : range = 2000000-4000000
>          cups options = raw
>          ntlm auth = yes
> 
> [homes]
>          comment = Home Directories
>          browseable = No
>          read only = No
> 
> [groups]
>          comment = Group Directories
>          path = /cust/ndtel/groups
>          blocking locks = No
>          force create mode = 0660
>          force directory mode = 0770
>          read only = No
> 
> [officeview]
>          comment = The Office View
>          path = /cust/ndtel/officeview
>          force create mode = 0777
>          force directory mode = 0777
>          guest ok = Yes
>          read only = No
>          write list = +users
> 
> [docvault]
>          comment = Document Vault
>          path = /cust/ndtel/groups/business/docvault
>          browseable = No
>          force create mode = 0777
>          force directory mode = 0777
>          force group = +business
>          read only = No
>          write list = +business
> 
> [share]
>          comment = Share space
>          path = /cust/ndtel/share
>          force create mode = 0777
>          force directory mode = 0777
>          guest ok = Yes
>          read only = No
>          write list = +users
> 
> [archive]
>          comment = Archive area
>          path = /archive
>          force create mode = 0777
>          force directory mode = 0777
>          force group = +internet
>          read only = no
>          write list = +internet
> 
> [printers]
>          comment = All Printers
>          path = /var/spool/samba
>          browseable = No
>          printable = Yes
> 
> 
> 
> 
> 
> Output of testparm:
> 
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> ldap_url_parse_ext(ldap://localhost/)
> ldap_init: trying /etc/openldap/ldap.conf
> ldap_init: using /etc/openldap/ldap.conf
> ldap_url_parse_ext(ldap://66.163.128.204)
> ldap_init: HOME env is /root
> ldap_init: trying /root/ldaprc
> ldap_init: trying /root/.ldaprc
> ldap_init: LDAPCONF env is NULL
> ldap_init: LDAPRC env is NULL
> Registered MSG_REQ_POOL_USAGE
> Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
> Load smb config files from /etc/samba/smb.conf
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> Processing section "[homes]"
> Processing section "[groups]"
> Processing section "[officeview]"
> Processing section "[docvault]"
> Processing section "[share]"
> Processing section "[archive]"
> Processing section "[printers]"
> Loaded services file OK.
> Server role: ROLE_DOMAIN_PDC
> 
> Press enter to see a dump of your service definitions
> 
> 
> Any advice would be very greatly appreciated.

I think this is the following bug:

https://bugzilla.samba.org/show_bug.cgi?id=14106






More information about the samba mailing list