[Samba] clients not connecting to samba shares

Fri Mar 31 21:38:14 UTC 2023

On 2023-03-29 23:28, Gary Dale via samba wrote:
> On 2023-03-29 15:50, Rowland Penny via samba wrote:
>>
>>
>> On 29/03/2023 20:06, Gary Dale via samba wrote:
>>>>
>>> Following the advice of 
>>> https://wiki.samba.org/index.php/Distribution-specific_Package_Installation, 
>>> below the installation report after I did a more thorough purging of 
>>> Samba-related stuff. I took the further advice and changed the realm 
>>> to HOME.RAHIM-DALE-ORG. The DC remains TheLibrarian.
>>>
>>> # apt install acl attr samba samba-dsdb-modules samba-vfs-modules 
>>> winbind libpam-winbind libnss-win bind krb5-config krb5-user dnsutils
>>
>> I have updated that list.
>>
>>>
>>> Creating config file /etc/samba/smb.conf with new version
>>
>> This is why you need to remove the smb.conf, the package install 
>> creates one for a standalone server.
>>
>>>
>>>
>>> The reported errors seem to be due to further configuration being 
>>> needed for a DC.
>>>
>>> Next I continued with the wiki at 
>>> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
>>
>> I have updated that wikipage slightly.
>>
>>>
>>> First I verified that /etc/resolv.conf was correct then I updated 
>>> /etc/hosts to reflect the new realm name.
>>>
>>> Next I ran: samba-tool domain provision --use-rfc2307 --interactive
>>>
>>> This failed with an error:
>>>
>>> ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed 
>>> - ProvisioningError: guess_names: 'realm =' was not specified in 
>>> supplied /etc/samba/smb.conf.  Please remove the smb.conf file and 
>>> let provision generate it
>>
>> I moved the deletion on the wikipage, from where it was, it sounded 
>> like you only had to remove the smb.conf if the provision had run 
>> successfully.
>>
>>>
>>> So I removed the smb.conf and ran it again. This time I got:
>>>
>>> INFO 2023-03-29 15:01:07,831 pid:17352 
>>> /usr/lib/python3/dist-packages/samba/provision/__init__.py #2122: 
>>> Looking up IPv4 addresses
>>> INFO 2023-03-29 15:01:07,832 pid:17352 
>>> /usr/lib/python3/dist-packages/samba/provision/__init__.py #2139: 
>>> Looking up IPv6 addresses
>>> WARNING 2023-03-29 15:01:07,833 pid:17352 
>>> /usr/lib/python3/dist-packages/samba/provision/__init__.py #2146: No 
>>> IPv6 address will be assigned
>>> Error: Unable to parse dn 
>>> 'CN=Schema,CN=Configuration,DC=home,DC=rahim-dale,DC=org,'
>>
>> I know you updated /etc/hosts, but did the computer pick this up, 
>> does it think it is in the home.rahim-dale.org dns domain ?
>
> The computer should query /etc/hosts each time. The actual problem was 
> a typo in the file - I put a comma in when it only allows spaces to 
> separate the names.
>
>
>>
>>> I'm not sure what is causing this error. The only samba log is named 
>>> log.%m and it has nothing from the time of running samba-tool either 
>>> time.
>>
>> There wouldn't be anything in the logs at this point, Samba hasn't 
>> started, though thinking about it, did you stop any running Samba 
>> processes before the provision.
>>
>> I can assure this does work, to test it, I setup Debian 11 in a VM 
>> and created a new domain, the only real difference is that I used 
>> Samba from backports.
>>
>> I really suggest you use backports, even the Debian Samba maintainer 
>> (Michael Tokarev) is telling you to use backports.
>
> Baokports are for people who need something that the stable version 
> doesn't provide. That's not me. I run Debian/Stable on my servers for 
> a reason. I run Testing on my workstation because I want to help test 
> things. And I run it my new laptop because it requires drivers that 
> aren't available in Stable.
>
> Debian does update stable when a serious issue is found that can't be 
> patched. However that is a vector for breakage - it wasn't that long 
> ago that an update to ghostscript broke a lot programs in Stable that 
> used it to produce PDFs. We had to choose between a security flaw or a 
> lack of functionality.
>
> I'll wait until Bookworm becomes Stable to get the Samba upgrade.
>
>>
>> If it helps I can send you my notes.
>>
>> Rowland
>>
> BTW: After I fixed /etc/hosts, removed the /etc/samba/smb.conf and 
> re-ran provisioning, I was able to start samba. I connected my VM to 
> the new domain and I have almost everything working (for some reason 
> I've lost the E: drive letter for network mapping).
>
> Thanks for your help! Greatly appreciated.
>
Actually, I was probably a little optimistic in assessment. My network 
shares are problematic. I tried using 
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs 
to get the shares working but that let me down a rabbithole

The basic problem is my Linux computers use NSF to connect to network 
shares, If I set up the shares as described in the wiki, my Linux 
computers lose access - there doesn't appear to be a mapping between, 
for example, "Domain Users" and users. If I don't set up all the file 
ownerships to use "Domain Users", my Windows users can't use them 
(except for the domain Administrator).

And even going into the security tab on files or folders properties 
usually crashes the window - even when I'm logged in as the domain 
Administrator.

My first attempt to fix this was to upgrade to the backports version of 
Samba since you indicated it might be necessary for an up-to-date 
Windows 10 machine. The upgrade had no impact - the problems remain the 
same.

In the past this was resolvable by manually mapping the Windows groups 
to the Linux ones - and this was working on my server until recently. 
However I gather that some change to either Windows or Samba caused that 
to stop working.

Any advice on how to proceed?

Thanks.