[Samba] SMB1 Domain stopped working after updates quick solution needed

Mark Bannister mark at injection-moldings.com
Mon Jun 12 19:06:56 UTC 2023

Simple small domain network running on a VM instance.

Windows 10 browsing and shares not working.  I MUST have SMB1 working in 
order for a legacy database (Corel Paradox with Borland BDE) to work.  
We are migrating away from this but it won't happen today.  Error 
message from clients log 
   Server exit (no protocol supported"


Just updated from Ubuntu 18 up to 22.04.2  using stand Ubuntu repositories.

Everything seemed to be working but then I couldn't join a new 
workstation to the domain (been a long time since that was an issue).  
Read a few posts about Windows 22H2 causing isusses so I updated Samba 
via add-apt-repository ppa:linux-schools/samba-latest

Did not fix the issue.

If I set server max protocol = NT1  to "server Min protocol" browsing 
and shares work but I get locking errors on the database lock files and 
it freezes the database (note veto op locks parameter in smb.conf).

I reverted back to Version 4.15.13-Ubuntu but the same behavior.

This was a working installation so SMB1 is activated on all Win10 

I've got no working database so I need a fast solution as well as a long 
term one.  We are planning to switch to a Microsoft AD but that isn't 
even planned out yet.

Load smb config files from /etc/samba/smb.conf
lpcfg_do_global_parameter: WARNING: The "domain logons" option is deprecated
Loaded services file OK.
Weak crypto is allowed

Server role: ROLE_DOMAIN_PDC

Press enter to see a dump of your service definitions

# Global parameters
         add machine script = sudo /usr/sbin/useradd -g machines -c "%u 
machine account" -d /var/lib/samba -s /bin/false %u
         add user script = /usr/sbin/adduser --quiet --disabled-password 
--gecos "" %u
         dns proxy = No
         domain logons = Yes
         domain master = Yes
         load printers = No
         log file = /var/log/samba/log.%m
         logon drive = H:
         logon home =
         logon path =
         logon script = logon.bat
         map to guest = Bad User
         max log size = 1000
         name resolve order = wins lmhosts host bcast
         ntlm auth = ntlmv1-permitted
         obey pam restrictions = Yes
         pam password change = Yes
         panic action = /usr/share/samba/panic-action %d
         passwd chat = *Enter\snew\s*\spassword:* %n\n 
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
         passwd program = /usr/bin/passwd %u
         preferred master = Yes
         security = USER
         server max protocol = NT1
         server role = classic primary domain controller
         server string = APP Samba %v %h
         template homedir = /home/%U
         template shell = /bin/bash
         unix password sync = Yes
         username map = /usr/local/samba/etc/username.map
         wins support = Yes
         workgroup = LINGROUP
         idmap config lingroup : range = 10000-999999
         idmap config lingroup : backend = rid
         idmap config * : range = 3000-7999
         idmap config * : backend = tdb
         admin users = sysadmin
         hosts allow = 192.168.1.
         hosts deny =
         use client driver = Yes
         veto oplock files = 

         browseable = No
         comment = Home Directories
         create mask = 0700
         directory mask = 0700
         read only = No
         valid users = %S
         vfs objects = recycle
         recycle:exclude = *.tmp, *~, *.bak
         recycle:keeptree = yes
         recycle:repository = Recycle_Bin

         comment = Network Logon Service
         guest ok = Yes
         path = /srv/samba/netlogon ; path = /home/samba/netlogon

         browseable = No
         comment = All Printers
         create mask = 0700
         guest ok = Yes
         path = /var/spool/samba
         printable = Yes

         comment = Printer Drivers
         path = /var/lib/samba/printers
         write list = root @lpadmin

         comment = Cups Virtual PDF Printer
         guest ok = Yes
         lpq command =
         path = /var/spool/samba
         printable = Yes

         comment = APP Files
         force group = sambashare
         force user = nobody
         inherit acls = Yes
         path = /mnt/APPDATA
         read only = No
         write list = @sambashare

Mark B

More information about the samba mailing list