[Samba] Unable to access shares after upgrade to version 4.17.3

Michael Tokarev mjt at tls.msk.ru
Mon Nov 21 05:31:51 UTC 2022

21.11.2022 02:24, spindles seven via samba wrote:
> Hi all,
> I have a domain-joined fileserver which was running a self-compiled version 4.17.2.   I updated this to version 4.17.3 when it came out – again self-compiled.     When bullseye backports became available for my box’s architecture (armel) I decided to use that valuable resource rather than continue to self-compile.  (Many thanks Michael for providing these releases in Backports – much appreciated).   So I uninstalled the self-compiled version, deleted the folder /usr/local/samba and any .tdb files I could find.
> I installed samba version 4.17.3-debian from backports and re-joined the domain, using the same smb.conf.    However I now can’t access the share from any Windows machine – even if I provide valid credentials.   Testing with smbclient produces:

This is a second report about 4.17.3-bpo version of samba in a few
days after an upload. I wonder if there's an issue with the build
somehow, - the samba package itself is no different from the one in
debian testing now, though.

Did you have similar probs with the self-compiled 4.17.3?

What's running on the DC?

> root at goflex:~# smbclient //goflex/images -U roy
> Password for [MICROLYNX\roy]:
> session setup failed: NT_STATUS_LOGON_FAILURE

So it looks like a different issue than reported yesterday, -
there, smbclient worked fine, it was only windows 10 machines
which were having issue accessing the shares (see the thread
"No longer access to shares after upgrade to 4.17.3" from
yesterday). But the situation is very similar.

> BUT using the IP address of golfex succeeds:
> root at goflex:~# smbclient // -U roy
> Password for [MICROLYNX\roy]:
> Try "help" to get a list of possible commands.
> smb: \>

> This pointed to a dns issue, so I checked that goflex.microlynx.org has an entry:

It might not be a DNS issue per se (or else you wont be able
to *connect* in the first place). It smells more about the
krb tickets - maybe for the machine itself?..

> The other interesting thing is that I can no longer logon via SSH using my Kerberos ticket from my Windows machine.

That might be worth to debug I think, or try to anyway.
(Not that I can be of a great help there, - I'm still
learning how it all works).


More information about the samba mailing list