[Samba] Unable to access shares after upgrade to version 4.17.3
Rowland Penny
rpenny at samba.org
Mon Nov 21 08:30:40 UTC 2022
On 20/11/2022 23:24, spindles seven via samba wrote:
> Hi all,
>
> I have a domain-joined fileserver which was running a self-compiled version 4.17.2. I updated this to version 4.17.3 when it came out – again self-compiled. When bullseye backports became available for my box’s architecture (armel) I decided to use that valuable resource rather than continue to self-compile. (Many thanks Michael for providing these releases in Backports – much appreciated). So I uninstalled the self-compiled version, deleted the folder /usr/local/samba and any .tdb files I could find.
>
>
>
> I installed samba version 4.17.3-debian from backports and re-joined the domain, using the same smb.conf. However I now can’t access the share from any Windows machine – even if I provide valid credentials. Testing with smbclient produces:
>
>
>
> root at goflex:~# smbclient -L localhost -U%
>
>
>
> Sharename Type Comment
>
> --------- ---- -------
>
> images Disk
>
> IPC$ IPC IPC Service (Samba 4.17.3-Debian)
>
> SMB1 disabled -- no workgroup available
>
>
>
> root at goflex:~# smbclient //goflex/images -U roy
>
> Password for [MICROLYNX\roy]:
>
> session setup failed: NT_STATUS_LOGON_FAILURE
>
>
>
> root at goflex:~# smbclient //goflex.microlynx.org/images -U roy
>
> Password for [MICROLYNX\roy]:
>
> session setup failed: NT_STATUS_LOGON_FAILURE
>
>
>
> BUT using the IP address of golfex succeeds:
>
> root at goflex:~# smbclient //192.168.2.40/images -U roy
>
> Password for [MICROLYNX\roy]:
>
> Try "help" to get a list of possible commands.
>
> smb: \>
>
>
>
> Don’t know whether this is relevant, but the log file: log.wb-GOFLEX reports:
>
> [2022/11/20 22:44:19.851122, 1] ../../source3/rpc_client/cli_pipe.c:550(cli_pipe_validate_current_pdu)
>
> ../../source3/rpc_client/cli_pipe.c:550: RPC fault code DCERPC_NCA_S_OP_RNG_ERROR received from host goflex!
>
> and
>
>
>
> log.wb-MICROLYNX reports:
>
> [2022/11/20 22:44:09.611781, 1] ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
>
> ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with backend 'tdb': Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory
>
>
>
> and indeed there is no such file.
>
>
>
> This pointed to a dns issue, so I checked that goflex.microlynx.org has an entry:
>
> root at goflex:~# host -t A goflex
>
> goflex.microlynx.org has address 192.168.2.40
>
> root at goflex:~# host -t A goflex.microlynx.org
>
> goflex.microlynx.org has address 192.168.2.40
>
> root at goflex:~# dig goflex.microlynx.org
>
>
>
> ; <<>> DiG 9.16.33-Debian <<>> goflex.microlynx.org
>
> ;; global options: +cmd
>
> ;; Got answer:
>
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38034
>
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>
>
>
> ;; OPT PSEUDOSECTION:
>
> ; EDNS: version: 0, flags:; udp: 1232
>
> ; COOKIE: aa9b9eee1a385ba201000000637ab570830c55f6a435553b (good)
>
> ;; QUESTION SECTION:
>
> ;goflex.microlynx.org. IN A
>
>
>
> ;; ANSWER SECTION:
>
> goflex.microlynx.org. 3600 IN A 192.168.2.40
>
>
>
> ;; Query time: 0 msec
>
> ;; SERVER: 192.168.2.4#53(192.168.2.4)
>
> ;; WHEN: Sun Nov 20 23:17:04 GMT 2022
>
> ;; MSG SIZE rcvd: 93
>
> root at goflex:~# cat /etc/resolv.conf
>
> search microlynx.org
>
> nameserver 192.168.2.4
>
> nameserver 192.168.2.5
>
>
>
> The other interesting thing is that I can no longer logon via SSH using my Kerberos ticket from my Windows machine.
>
>
>
> I’m stumped at this point, so any help will be appreciated,
>
>
>
> Regards,
>
>
>
> Roy
>
>
>
OK, 4.17.3 was released to deal with CVE-2022-42898. Unfortunately there
is a regression in Heimdal, but it is only supposed to affect 32bit
systems, see here for more details:
https://bugzilla.samba.org/show_bug.cgi?id=15203
Rowland
More information about the samba
mailing list