[Samba] Unable to access shares after upgrade to version 4.17.3

spindles seven spindles7 at gmail.com
Sun Nov 20 23:24:54 UTC 2022 

Hi all,

I have a domain-joined fileserver which was running a self-compiled version 4.17.2.   I updated this to version 4.17.3 when it came out – again self-compiled.     When bullseye backports became available for my box’s architecture (armel) I decided to use that valuable resource rather than continue to self-compile.  (Many thanks Michael for providing these releases in Backports – much appreciated).   So I uninstalled the self-compiled version, deleted the folder /usr/local/samba and any .tdb files I could find.

 

I installed samba version 4.17.3-debian from backports and re-joined the domain, using the same smb.conf.    However I now can’t access the share from any Windows machine – even if I provide valid credentials.   Testing with smbclient produces:

 

root at goflex:~# smbclient -L localhost -U%

 

        Sharename       Type      Comment

        ---------       ----      -------

        images          Disk

        IPC$            IPC       IPC Service (Samba 4.17.3-Debian)

SMB1 disabled -- no workgroup available

 

root at goflex:~# smbclient //goflex/images -U roy

Password for [MICROLYNX\roy]:

session setup failed: NT_STATUS_LOGON_FAILURE

 

root at goflex:~# smbclient //goflex.microlynx.org/images -U roy

Password for [MICROLYNX\roy]:

session setup failed: NT_STATUS_LOGON_FAILURE

 

BUT using the IP address of golfex succeeds:

root at goflex:~# smbclient //192.168.2.40/images -U roy

Password for [MICROLYNX\roy]:

Try "help" to get a list of possible commands.

smb: \>

 

Don’t know whether this is relevant, but the log file: log.wb-GOFLEX reports:

[2022/11/20 22:44:19.851122,  1] ../../source3/rpc_client/cli_pipe.c:550(cli_pipe_validate_current_pdu)

  ../../source3/rpc_client/cli_pipe.c:550: RPC fault code DCERPC_NCA_S_OP_RNG_ERROR received from host goflex!

and

 

log.wb-MICROLYNX reports:

[2022/11/20 22:44:09.611781,  1] ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)

  ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with backend 'tdb': Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory

 

and indeed there is no such file.

 

This pointed to a dns issue, so I checked that goflex.microlynx.org has an entry:

root at goflex:~# host -t A goflex

goflex.microlynx.org has address 192.168.2.40

root at goflex:~# host -t A goflex.microlynx.org

goflex.microlynx.org has address 192.168.2.40

root at goflex:~# dig goflex.microlynx.org

 

; <<>> DiG 9.16.33-Debian <<>> goflex.microlynx.org

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38034

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 1232

; COOKIE: aa9b9eee1a385ba201000000637ab570830c55f6a435553b (good)

;; QUESTION SECTION:

;goflex.microlynx.org.          IN      A

 

;; ANSWER SECTION:

goflex.microlynx.org.   3600    IN      A       192.168.2.40

 

;; Query time: 0 msec

;; SERVER: 192.168.2.4#53(192.168.2.4)

;; WHEN: Sun Nov 20 23:17:04 GMT 2022

;; MSG SIZE  rcvd: 93

root at goflex:~# cat /etc/resolv.conf

search microlynx.org

nameserver 192.168.2.4

nameserver 192.168.2.5

 

The other interesting thing is that I can no longer logon via SSH using my Kerberos ticket from my Windows machine.

 

I’m stumped at this point, so any help will be appreciated,

 

Regards,

 

Roy

More information about the samba mailing list