[Samba] clients not connecting to samba shares

Gary Dale gary at extremeground.com
Wed Mar 29 19:06:53 UTC 2023


On 2023-03-29 03:25, Rowland Penny via samba wrote:
>
>
> On 29/03/2023 04:34, Gary Dale via samba wrote:
>
>> I'm not sure what the current relationship is between samba and 
>> winbind. The wiki installation talks about it. I'd have to go back to 
>> see whether it needs to be installed. I only use samba for some 
>> virtual machines so I haven't kept pace with the changes...
>
> You need winbind on a DC, see the list of packages I posted earlier, 
> install those and you will get all the required packages.
>
> Rowland
>
Following the advice of 
https://wiki.samba.org/index.php/Distribution-specific_Package_Installation, 
below the installation report after I did a more thorough purging of 
Samba-related stuff. I took the further advice and changed the realm to 
HOME.RAHIM-DALE-ORG. The DC remains TheLibrarian.

# apt install acl attr samba samba-dsdb-modules samba-vfs-modules 
winbind libpam-winbind libnss-win bind krb5-config krb5-user dnsutils
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
acl is already the newest version (2.2.53-10).
attr is already the newest version (1:2.4.48-6).
samba-dsdb-modules is already the newest version 
(2:4.13.13+dfsg-1~deb11u5).
samba-vfs-modules is already the newest version (2:4.13.13+dfsg-1~deb11u5).
The following additional packages will be installed:
  bind9-dnsutils libkadm5srv-mit12 libkdb5-10 samba-common 
samba-common-bin tdb-tools
Suggested packages:
  krb5-k5tls krb5-doc bind9 bind9utils ctdb smbldap-tools ufw 
heimdal-clients
The following NEW packages will be installed:
  bind9-dnsutils dnsutils krb5-config krb5-user libkadm5srv-mit12 
libkdb5-10 libnss-winbind libpam-winbind samba
  samba-common samba-common-bin tdb-tools winbind
0 upgraded, 13 newly installed, 0 to remove and 0 not upgraded.
Need to get 858 kB/3,883 kB of archives.
After this operation, 23.4 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://ftp.ca.debian.org/debian stable/main amd64 winbind amd64 
2:4.13.13+dfsg-1~deb11u5 [570 kB]
Get:2 http://ftp.ca.debian.org/debian stable/main amd64 libnss-winbind 
amd64 2:4.13.13+dfsg-1~deb11u5 [123 kB]
Get:3 http://ftp.ca.debian.org/debian stable/main amd64 libpam-winbind 
amd64 2:4.13.13+dfsg-1~deb11u5 [141 kB]
Get:4 http://ftp.ca.debian.org/debian stable/main amd64 krb5-config all 
2.6+nmu1 [23.6 kB]
Fetched 858 kB in 0s (2,975 kB/s)
Preconfiguring packages ...
Selecting previously unselected package samba-common.
(Reading database ... 140248 files and directories currently installed.)
Preparing to unpack 
.../00-samba-common_2%3a4.13.13+dfsg-1~deb11u5_all.deb ...
Unpacking samba-common (2:4.13.13+dfsg-1~deb11u5) ...
Selecting previously unselected package samba-common-bin.
Preparing to unpack 
.../01-samba-common-bin_2%3a4.13.13+dfsg-1~deb11u5_amd64.deb ...
Unpacking samba-common-bin (2:4.13.13+dfsg-1~deb11u5) ...
Selecting previously unselected package winbind.
Preparing to unpack .../02-winbind_2%3a4.13.13+dfsg-1~deb11u5_amd64.deb ...
Unpacking winbind (2:4.13.13+dfsg-1~deb11u5) ...
Selecting previously unselected package libnss-winbind:amd64.
Preparing to unpack 
.../03-libnss-winbind_2%3a4.13.13+dfsg-1~deb11u5_amd64.deb ...
Unpacking libnss-winbind:amd64 (2:4.13.13+dfsg-1~deb11u5) ...
Selecting previously unselected package libpam-winbind:amd64.
Preparing to unpack 
.../04-libpam-winbind_2%3a4.13.13+dfsg-1~deb11u5_amd64.deb ...
Unpacking libpam-winbind:amd64 (2:4.13.13+dfsg-1~deb11u5) ...
Selecting previously unselected package tdb-tools.
Preparing to unpack .../05-tdb-tools_1.4.3-1+b1_amd64.deb ...
Unpacking tdb-tools (1.4.3-1+b1) ...
Selecting previously unselected package samba.
Preparing to unpack .../06-samba_2%3a4.13.13+dfsg-1~deb11u5_amd64.deb ...
Unpacking samba (2:4.13.13+dfsg-1~deb11u5) ...
Selecting previously unselected package bind9-dnsutils.
Preparing to unpack 
.../07-bind9-dnsutils_1%3a9.16.33-1~deb11u1_amd64.deb ...
Unpacking bind9-dnsutils (1:9.16.33-1~deb11u1) ...
Selecting previously unselected package dnsutils.
Preparing to unpack .../08-dnsutils_1%3a9.16.33-1~deb11u1_all.deb ...
Unpacking dnsutils (1:9.16.33-1~deb11u1) ...
Selecting previously unselected package krb5-config.
Preparing to unpack .../09-krb5-config_2.6+nmu1_all.deb ...
Unpacking krb5-config (2.6+nmu1) ...
Selecting previously unselected package libkdb5-10:amd64.
Preparing to unpack .../10-libkdb5-10_1.18.3-6+deb11u3_amd64.deb ...
Unpacking libkdb5-10:amd64 (1.18.3-6+deb11u3) ...
Selecting previously unselected package libkadm5srv-mit12:amd64.
Preparing to unpack .../11-libkadm5srv-mit12_1.18.3-6+deb11u3_amd64.deb ...
Unpacking libkadm5srv-mit12:amd64 (1.18.3-6+deb11u3) ...
Selecting previously unselected package krb5-user.
Preparing to unpack .../12-krb5-user_1.18.3-6+deb11u3_amd64.deb ...
Unpacking krb5-user (1.18.3-6+deb11u3) ...
Setting up libkdb5-10:amd64 (1.18.3-6+deb11u3) ...
Setting up samba-common (2:4.13.13+dfsg-1~deb11u5) ...

Creating config file /etc/samba/smb.conf with new version
Setting up krb5-config (2.6+nmu1) ...
Setting up tdb-tools (1.4.3-1+b1) ...
update-alternatives: using /usr/bin/tdbbackup.tdbtools to provide 
/usr/bin/tdbbackup (tdbbackup) in auto mode
Setting up samba-common-bin (2:4.13.13+dfsg-1~deb11u5) ...
Checking smb.conf with testparm
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Weak crypto is allowed
Server role: ROLE_STANDALONE

Done
Setting up libkadm5srv-mit12:amd64 (1.18.3-6+deb11u3) ...
Setting up bind9-dnsutils (1:9.16.33-1~deb11u1) ...
Setting up samba (2:4.13.13+dfsg-1~deb11u5) ...
Samba is not being run as an AD Domain Controller: Masking 
samba-ad-dc.service
Please ignore the following error about deb-systemd-helper not finding 
those services.
(samba-ad-dc.service masked)
insserv: script rpcbind: service portmap already provided!
insserv: script rpcbind: service portmap already provided!
insserv: script rpcbind: service portmap already provided!
Failed to preset unit: Unit file /etc/systemd/system/nmbd.service is 
masked.
/usr/bin/deb-systemd-helper: error: systemctl preset failed on 
nmbd.service: No such file or directory
Created symlink 
/etc/systemd/system/multi-user.target.wants/samba-ad-dc.service → 
/lib/systemd/system/samba-ad-dc.serv
ice.
Failed to preset unit: Unit file /etc/systemd/system/smbd.service is 
masked.
/usr/bin/deb-systemd-helper: error: systemctl preset failed on 
smbd.service: No such file or directory
nmbd.service is a disabled or a static unit, not starting it.
smbd.service is a disabled or a static unit, not starting it.
Job for samba-ad-dc.service failed because the control process exited 
with error code.
See "systemctl status samba-ad-dc.service" and "journalctl -xe" for 
details.
Setting up winbind (2:4.13.13+dfsg-1~deb11u5) ...
mkdir: created directory '/var/lib/samba/winbindd_privileged'
changed group of '/var/lib/samba/winbindd_privileged' from root to 
winbindd_priv
mode of '/var/lib/samba/winbindd_privileged' changed from 0755 
(rwxr-xr-x) to 0750 (rwxr-x---)
insserv: script rpcbind: service portmap already provided!
Failed to preset unit: Unit file /etc/systemd/system/winbind.service is 
masked.
/usr/bin/deb-systemd-helper: error: systemctl preset failed on 
winbind.service: No such file or directory
winbind.service is a disabled or a static unit, not starting it.
Setting up dnsutils (1:9.16.33-1~deb11u1) ...
Setting up libnss-winbind:amd64 (2:4.13.13+dfsg-1~deb11u5) ...
Setting up krb5-user (1.18.3-6+deb11u3) ...
Setting up libpam-winbind:amd64 (2:4.13.13+dfsg-1~deb11u5) ...
Processing triggers for man-db (2.9.4-2) ...
Processing triggers for libc-bin (2.31-13+deb11u5) ...


The reported errors seem to be due to further configuration being needed 
for a DC.

Next I continued with the wiki at 
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller

First I verified that /etc/resolv.conf was correct then I updated 
/etc/hosts to reflect the new realm name.

Next I ran: samba-tool domain provision --use-rfc2307 --interactive

This failed with an error:

ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed - 
ProvisioningError: guess_names: 'realm =' was not specified in supplied 
/etc/samba/smb.conf.  Please remove the smb.conf file and let provision 
generate it
   File "/usr/lib/python3/dist-packages/samba/netcmd/domain.py", line 
487, in run
     result = provision(self.logger,
   File "/usr/lib/python3/dist-packages/samba/provision/__init__.py", 
line 2245, in provision
     names = guess_names(lp=lp, hostname=hostname, domain=domain,
   File "/usr/lib/python3/dist-packages/samba/provision/__init__.py", 
line 642, in guess_names
     raise ProvisioningError("guess_names: 'realm =' was not specified 
in supplied %s.  Please remove the smb.conf file and let provision 
generate it" % lp.configfile)

So I removed the smb.conf and ran it again. This time I got:

INFO 2023-03-29 15:01:07,831 pid:17352 
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2122: 
Looking up IPv4 addresses
INFO 2023-03-29 15:01:07,832 pid:17352 
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2139: 
Looking up IPv6 addresses
WARNING 2023-03-29 15:01:07,833 pid:17352 
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2146: No 
IPv6 address will be assigned
Error: Unable to parse dn 
'CN=Schema,CN=Configuration,DC=home,DC=rahim-dale,DC=org,'
ERROR(runtime): uncaught exception - (87, 'WERR_INVALID_PARAMETER')
   File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 
186, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python3/dist-packages/samba/netcmd/domain.py", line 
487, in run
     result = provision(self.logger,
   File "/usr/lib/python3/dist-packages/samba/provision/__init__.py", 
line 2278, in provision
     schema = Schema(domainsid, invocationid=invocationid,
   File "/usr/lib/python3/dist-packages/samba/schema.py", line 147, in 
__init__
     self.set_from_ldif(prefixmap_ldif, self.schema_data, self.schemadn)
   File "/usr/lib/python3/dist-packages/samba/schema.py", line 160, in 
set_from_ldif
     dsdb._dsdb_set_schema_from_ldif(self.ldb, pf, df, dn)


I'm not sure what is causing this error. The only samba log is named 
log.%m and it has nothing from the time of running samba-tool either time.


More information about the samba mailing list