[Samba] Unable to access shares after upgrade to version 4.17.3
spindles seven
spindles7 at gmail.com
Sun Nov 20 23:24:54 UTC 2022
Hi all,
I have a domain-joined fileserver which was running a self-compiled version 4.17.2. I updated this to version 4.17.3 when it came out – again self-compiled. When bullseye backports became available for my box’s architecture (armel) I decided to use that valuable resource rather than continue to self-compile. (Many thanks Michael for providing these releases in Backports – much appreciated). So I uninstalled the self-compiled version, deleted the folder /usr/local/samba and any .tdb files I could find.
I installed samba version 4.17.3-debian from backports and re-joined the domain, using the same smb.conf. However I now can’t access the share from any Windows machine – even if I provide valid credentials. Testing with smbclient produces:
root at goflex:~# smbclient -L localhost -U%
Sharename Type Comment
--------- ---- -------
images Disk
IPC$ IPC IPC Service (Samba 4.17.3-Debian)
SMB1 disabled -- no workgroup available
root at goflex:~# smbclient //goflex/images -U roy
Password for [MICROLYNX\roy]:
session setup failed: NT_STATUS_LOGON_FAILURE
root at goflex:~# smbclient //goflex.microlynx.org/images -U roy
Password for [MICROLYNX\roy]:
session setup failed: NT_STATUS_LOGON_FAILURE
BUT using the IP address of golfex succeeds:
root at goflex:~# smbclient //192.168.2.40/images -U roy
Password for [MICROLYNX\roy]:
Try "help" to get a list of possible commands.
smb: \>
Don’t know whether this is relevant, but the log file: log.wb-GOFLEX reports:
[2022/11/20 22:44:19.851122, 1] ../../source3/rpc_client/cli_pipe.c:550(cli_pipe_validate_current_pdu)
../../source3/rpc_client/cli_pipe.c:550: RPC fault code DCERPC_NCA_S_OP_RNG_ERROR received from host goflex!
and
log.wb-MICROLYNX reports:
[2022/11/20 22:44:09.611781, 1] ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with backend 'tdb': Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory
and indeed there is no such file.
This pointed to a dns issue, so I checked that goflex.microlynx.org has an entry:
root at goflex:~# host -t A goflex
goflex.microlynx.org has address 192.168.2.40
root at goflex:~# host -t A goflex.microlynx.org
goflex.microlynx.org has address 192.168.2.40
root at goflex:~# dig goflex.microlynx.org
; <<>> DiG 9.16.33-Debian <<>> goflex.microlynx.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38034
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: aa9b9eee1a385ba201000000637ab570830c55f6a435553b (good)
;; QUESTION SECTION:
;goflex.microlynx.org. IN A
;; ANSWER SECTION:
goflex.microlynx.org. 3600 IN A 192.168.2.40
;; Query time: 0 msec
;; SERVER: 192.168.2.4#53(192.168.2.4)
;; WHEN: Sun Nov 20 23:17:04 GMT 2022
;; MSG SIZE rcvd: 93
root at goflex:~# cat /etc/resolv.conf
search microlynx.org
nameserver 192.168.2.4
nameserver 192.168.2.5
The other interesting thing is that I can no longer logon via SSH using my Kerberos ticket from my Windows machine.
I’m stumped at this point, so any help will be appreciated,
Regards,
Roy
More information about the samba
mailing list