[Samba] 4.20: smb.conf include = %I.conf / server min protocol

Moertenhumer Martin martin.moertenhumer at lisec.com
Thu Mar 20 17:14:33 UTC 2025 

From: Rowland Penny <rpenny at samba.org> 
> ...
> I recently found that the '%u' and '%U' variables do not return what you would expect. I have 'winbind use default domain = yes' set in smb.conf, so expect just the username for  '%u' or '%U', but '%u'
> now returns '$NETBIOS_DOMAINusername and '%U' returns 'username_$DNS_DOMAIN'. I wonder if '%I' isn't returning the IP address correctly ?
>
> Rowland

Hello Rowland, 

Thanks for your reply! I followed up on that - (I just double checked the smb.conf and it uses %m for the log, which resulted in the IP on my installation). Anyway: I replaced the log now with %I, restarted the service and connected to the share again. I was a not too surprised to find 2 log files for my connection attempt: 
log.0.0.0.0.test as well as log.1.2.3.4.test. It looks like the initial connection is done through the 0.0.0.0-log: (were smb tries to load the %i.conf and fails as there's no such file for 0.0.0.0. 1.2.3.4-log states it reads the config after the connection was initiated. 

(Anonymized) Log files attached. TLDR: it appears that the include is done/loaded AFTER the connection was initiated in this version of samba. Please let me know if I should verify this on an older smb version but from past experience this _used to work_. (I used to enable lanman auth, etc. for old NT machines or Window 98). 

[2025/03/20 16:51:28.377851,  3] ../../lib/util/access.c:372(allow_access)
  Allowed connection from 1.2.3.4 (1.2.3.4)
[2025/03/20 16:51:28.377938,  3] ../../source3/smbd/smb2_oplock.c:1410(init_oplocks)
  init_oplocks: initializing messages.
[2025/03/20 16:51:28.377983,  3] ../../source3/smbd/smb2_process.c:577(process_smb)
  Transaction 0 of length 248 (0 toread)
[2025/03/20 16:51:28.378138,  3] ../../source3/smbd/smb2_negprot.c:368(smbd_smb2_request_process_negprot)
  Selected protocol SMB3_11
--> at this stage logging in log.1.2.3.4.test starts

[2025/03/20 16:51:28.411133,  0] ../../source3/rpc_server/rpc_host.c:2905(main)
  samba-dcerpcd version 4.20.2 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2024
[2025/03/20 16:51:28.412989,  2] ../../source3/passdb/pdb_interface.c:163(make_pdb_method_name)
  No builtin backend found, trying to load plugin
[2025/03/20 16:51:28.413583,  3] ../../lib/util/modules.c:167(load_module_absolute_path)
  load_module_absolute_path: Module '/usr/lib64/samba/pdb/tdbsam.so' loaded
[2025/03/20 16:51:28.413640,  3] ../../source3/auth/token_util.c:707(finalize_local_nt_token)
  Failed to fetch domain sid for TESTDOMAIN
[2025/03/20 16:51:28.441982,  1] ../../source3/rpc_server/rpc_host.c:1812(rpc_worker_exited)
  rpc_worker_exited: No worker with PID 167244
[2025/03/20 16:51:28.487795,  0] ../../source3/rpc_server/rpc_worker.c:1155(rpc_worker_main)
  rpcd_classic version 4.20.2 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2024
[2025/03/20 16:51:28.487987,  2] ../../source3/lib/dmallocmsg.c:78(register_dmalloc_msgs)
  Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
[2025/03/20 16:51:28.489803,  2] ../../source3/passdb/pdb_interface.c:163(make_pdb_method_name)
  No builtin backend found, trying to load plugin
[2025/03/20 16:51:28.490524,  3] ../../lib/util/modules.c:167(load_module_absolute_path)
  load_module_absolute_path: Module '/usr/lib64/samba/pdb/tdbsam.so' loaded
[2025/03/20 16:51:28.490591,  3] ../../source3/auth/token_util.c:707(finalize_local_nt_token)
  Failed to fetch domain sid for TESTDOMAIN
[2025/03/20 16:51:28.491168,  3] ../../source3/param/loadparm.c:3982(lp_load_ex)
  lp_load_ex: refreshing parameters
[2025/03/20 16:51:28.491200,  3] ../../source3/param/loadparm.c:560(loadparm_s3_init_globals)
  Initialising global parameters
[2025/03/20 16:51:28.491249,  3] ../../source3/param/loadparm.c:2884(lp_do_section)
  Processing section "[global]"
[2025/03/20 16:51:28.491326,  2] ../../source3/param/loadparm.c:2547(lp_include)
!!!!!  Can't find include file /etc/samba/client_based_cfg/0.0.0.0.conf !!!!
...

the other log indicates, that the ip-based config is loaded AFTER the connection was initiated:
[2025/03/20 16:51:28.378379,  3] ../../auth/gensec/gensec_start.c:1083(gensec_register)
  GENSEC backend 'gssapi_spnego' registered
[2025/03/20 16:51:28.378443,  3] ../../auth/gensec/gensec_start.c:1083(gensec_register)
  GENSEC backend 'gssapi_krb5' registered
[2025/03/20 16:51:28.378450,  3] ../../auth/gensec/gensec_start.c:1083(gensec_register)
  GENSEC backend 'gssapi_krb5_sasl' registered
[2025/03/20 16:51:28.378456,  3] ../../auth/gensec/gensec_start.c:1083(gensec_register)
  GENSEC backend 'spnego' registered
[2025/03/20 16:51:28.378462,  3] ../../auth/gensec/gensec_start.c:1083(gensec_register)
  GENSEC backend 'schannel' registered
[2025/03/20 16:51:28.378468,  3] ../../auth/gensec/gensec_start.c:1083(gensec_register)
  GENSEC backend 'ncalrpc_as_system' registered
[2025/03/20 16:51:28.378475,  3] ../../auth/gensec/gensec_start.c:1083(gensec_register)
  GENSEC backend 'sasl-EXTERNAL' registered
[2025/03/20 16:51:28.378480,  3] ../../auth/gensec/gensec_start.c:1083(gensec_register)
  GENSEC backend 'ntlmssp' registered
[2025/03/20 16:51:28.378486,  3] ../../auth/gensec/gensec_start.c:1083(gensec_register)
  GENSEC backend 'ntlmssp_resume_ccache' registered
[2025/03/20 16:51:28.378492,  3] ../../auth/gensec/gensec_start.c:1083(gensec_register)
  GENSEC backend 'http_basic' registered
[2025/03/20 16:51:28.378498,  3] ../../auth/gensec/gensec_start.c:1083(gensec_register)
  GENSEC backend 'http_ntlm' registered
[2025/03/20 16:51:28.378504,  3] ../../auth/gensec/gensec_start.c:1083(gensec_register)
  GENSEC backend 'http_negotiate' registered
[2025/03/20 16:51:28.381109,  3] ../../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0xe2088297
[2025/03/20 16:51:28.382489,  3] ../../auth/ntlmssp/ntlmssp_server.c:509(ntlmssp_server_preauth)
  Got user=[user] domain=[TESTDOMAIN] workstation=[PC] len1=24 len2=270
[2025/03/20 16:51:28.382536,  3] ../../source3/auth/auth.c:202(auth_check_ntlm_password)
  auth_check_ntlm_password: check_ntlm_password:  Checking password for unmapped user [TESTDOMAIN]\[user]@[ PC] with the new password interface
[2025/03/20 16:51:28.382544,  3] ../../source3/auth/auth.c:208(auth_check_ntlm_password)
  auth_check_ntlm_password: check_ntlm_password:  mapped user is: [TESTDOMAIN]\[user]@[ PC]
[2025/03/20 16:51:28.382582,  3] ../../source3/auth/check_samsec.c:408(check_sam_security)
  check_sam_security: Couldn't find user 'user' in passdb.
[2025/03/20 16:51:28.382589,  2] ../../source3/auth/auth.c:353(auth_check_ntlm_password)
  check_ntlm_password:  Authentication for user [user] -> [user] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1
[2025/03/20 16:51:28.382624,  2] ../../auth/auth_log.c:858(log_authentication_event_human_readable)
  Auth: [SMB2,(null)] user [TESTDOMAIN]\[user] at [Thu, 20 Mar 2025 16:51:28.382612 CET] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [PC] remote host [ipv4:1.2.3.4:57706] mapped to [TESTDOMAIN]\[user]. local host [ipv4:1.2.3.4:445]
  {"timestamp": "2025-03-20T16:51:28.382665+0100", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 3}, "eventId": 4625, "logonId": "0", "logonType": 3, "status": "NT_STATUS_NO_SUCH_USER", "localAddress": "ipv4:1.2.3.1:445", "remoteAddress": "ipv4:1.2.3.4:57706", "serviceDescription": "SMB2", "authDescription": null, "clientDomain": "TESTDOMAIN", "clientAccount": "user", "workstation": "PC", "becameAccount": null, "becameDomain": null, "becameSid": null, "mappedAccount": "user", "mappedDomain": "TESTDOMAIN", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "NTLMv2", "clientPolicyAccessCheck": null, "serverPolicyAccessCheck": null, "duration": 1659}}
[2025/03/20 16:51:28.382693,  3] ../../source3/auth/auth_util.c:2327(do_map_to_guest_server_info)
  No such user user [TESTDOMAIN] - using guest account
[2025/03/20 16:51:28.382711,  3] ../../source3/param/loadparm.c:3982(lp_load_ex)
  lp_load_ex: refreshing parameters
[2025/03/20 16:51:28.382750,  3] ../../source3/param/loadparm.c:560(loadparm_s3_init_globals)
  Initialising global parameters
[2025/03/20 16:51:28.382825,  3] ../../source3/param/loadparm.c:2884(lp_do_section)
  Processing section "[global]"
[2025/03/20 16:51:28.382954,  2] ../../source3/param/loadparm.c:2547(lp_include)
  Can't find include file /etc/samba/client_based_cfg/1.2.3.4.conf (used a different client for this test which does not have any ip-based config)

More information about the samba mailing list