Running CentOS Linux release 7.7.1908. Have Samba running as our fileserver on
our (mostly) Windows network. Ran my "normal" yum updates today, and
Samba was upgraded (last updates were on 8/10/2019). I was on 4.8.3 before; now
it's 4.9.1:
Updated samba-4.8.3-6.el7_6.x86_64
@updates
Updated samba-client-4.8.3-6.el7_6.x86_64
@updates
Updated samba-client-libs-4.8.3-6.el7_6.x86_64
@updates
Updated samba-common-4.8.3-6.el7_6.noarch
@updates
Updated samba-common-libs-4.8.3-6.el7_6.x86_64
@updates
Updated samba-common-tools-4.8.3-6.el7_6.x86_64
@updates
Updated samba-libs-4.8.3-6.el7_6.x86_64
@updates
Updated samba-winbind-4.8.3-6.el7_6.x86_64
@updates
Updated samba-winbind-modules-4.8.3-6.el7_6.x86_64
@updates
samba-4.9.1-6.el7.x86_64 Sat 19 Oct 2019 09:43:13 AM CDT
samba-winbind-4.9.1-6.el7.x86_64 Sat 19 Oct 2019 09:43:00 AM CDT
samba-client-4.9.1-6.el7.x86_64 Sat 19 Oct 2019 09:43:00 AM CDT
samba-winbind-modules-4.9.1-6.el7.x86_64 Sat 19 Oct 2019 09:42:29 AM CDT
samba-common-tools-4.9.1-6.el7.x86_64 Sat 19 Oct 2019 09:40:54 AM CDT
samba-libs-4.9.1-6.el7.x86_64 Sat 19 Oct 2019 09:40:53 AM CDT
samba-client-libs-4.9.1-6.el7.x86_64 Sat 19 Oct 2019 09:40:52 AM CDT
samba-common-libs-4.9.1-6.el7.x86_64 Sat 19 Oct 2019 09:40:51 AM CDT
samba-common-4.9.1-6.el7.noarch Sat 19 Oct 2019 09:40:51 AM CDT
Initially, smbd wouldn't even start. nmbd and winbind were fine, but smbd
was spouting an error about "nobody is a group name" and "Failed
to create BUILTIN\Guests group NT_STATUS_ACCESS_DENIED! Can Winbind allocate
gids?"
After lots of googling, I finally got the process to start properly, and (from
the limited testing I can do on Saturdays) Windows clients can connect (this is
the only Samba/CIFS server on the network). (FFR: I added the "username map
script" and the two "idmap config A36561" stanzas in the smb.conf
file below to get smbd restarted. I also needed to create a new guest user, and
add "guest account = guest".) However, my Linux clients are not able
to connect using CIFS. I am encountering the following errors in the log file
for the Linux PC:
"gensec_spnego_server_negTokenTarg_step: SPNEGO(ntlmssp) login failed:
NT_STATUS_NO_SUCH_USER"
"NT error packet at ../source3/smbd/sesssetup.c(247) cmd=115
(SMBsesssetupX) NT_STATUS_LOGON_FAILURE"
even though, earlier in the log file, I have this (encouraging) entry:
"Auth: [SMB,(null)] user [A36561]\[alexm] at [Sat, 19 Oct 2019
13:58:12.577574 CDT] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation
[ALEXM-SURFACE-PRO] remote host [ipv4:192.168.254.191:56314] mapped to
[A36561]\[alexm]. local host [ipv4:192.168.255.5:445]"
So, my usermap seems to be working, as my login should be alexm.
I have been working on this for four hours now, and am completely out of ideas.
smb.conf:
# Global parameters
[global]
interfaces = lo eno16780032
netbios name = NDTC-FS
server string = NDTC File Server 2017
#server max protocol = SMB2
workgroup = A36561
domain master = Yes
preferred master = yes
local master = yes
ldap admin dn = cn=admin,o=ndtc
ldap passwd sync = yes
ldap ssl = no
ldap suffix = ou=ndtel,o=ndtc
ldap debug level = 1
ldap debug threshold = 5
log file = /var/log/samba/log.%m
log level = 3
max log size = 50000
domain logons = Yes
nt pipe support = No
lanman auth = Yes
passdb backend = ldapsam:"ldap://66.163.128.204"
security = user
guest account = guest
username map = /etc/samba/usermap.txt
username map script = /bin/echo
wins support = Yes
idmap config * : backend = tdb
idmap config * : range = 1000000-1999999
idmap config A36561 : backend = autorib
idmap config A36561 : range = 2000000-4000000
cups options = raw
ntlm auth = yes
[homes]
comment = Home Directories
browseable = No
read only = No
[groups]
comment = Group Directories
path = /cust/ndtel/groups
blocking locks = No
force create mode = 0660
force directory mode = 0770
read only = No
[officeview]
comment = The Office View
path = /cust/ndtel/officeview
force create mode = 0777
force directory mode = 0777
guest ok = Yes
read only = No
write list = +users
[docvault]
comment = Document Vault
path = /cust/ndtel/groups/business/docvault
browseable = No
force create mode = 0777
force directory mode = 0777
force group = +business
read only = No
write list = +business
[share]
comment = Share space
path = /cust/ndtel/share
force create mode = 0777
force directory mode = 0777
guest ok = Yes
read only = No
write list = +users
[archive]
comment = Archive area
path = /archive
force create mode = 0777
force directory mode = 0777
force group = +internet
read only = no
write list = +internet
[printers]
comment = All Printers
path = /var/spool/samba
browseable = No
printable = Yes
Output of testparm:
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
ldap_url_parse_ext(ldap://localhost/)
ldap_init: trying /etc/openldap/ldap.conf
ldap_init: using /etc/openldap/ldap.conf
ldap_url_parse_ext(ldap://66.163.128.204)
ldap_init: HOME env is /root
ldap_init: trying /root/ldaprc
ldap_init: trying /root/.ldaprc
ldap_init: LDAPCONF env is NULL
ldap_init: LDAPRC env is NULL
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[groups]"
Processing section "[officeview]"
Processing section "[docvault]"
Processing section "[share]"
Processing section "[archive]"
Processing section "[printers]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
Any advice would be very greatly appreciated.
TIA,
Alex
On 19/10/2019 20:18, Alex Moen via samba wrote:> Running CentOS Linux release 7.7.1908. Have Samba running as our > fileserver on our (mostly) Windows network.?? Ran my "normal" yum > updates today, and Samba was upgraded (last updates were on > 8/10/2019).? I was on 4.8.3 before; now it's 4.9.1: > > ??? Updated samba-4.8.3-6.el7_6.x86_64 @updates > ??? Updated samba-client-4.8.3-6.el7_6.x86_64 @updates > ??? Updated samba-client-libs-4.8.3-6.el7_6.x86_64 @updates > ??? Updated samba-common-4.8.3-6.el7_6.noarch @updates > ??? Updated samba-common-libs-4.8.3-6.el7_6.x86_64 @updates > ??? Updated samba-common-tools-4.8.3-6.el7_6.x86_64 @updates > ??? Updated samba-libs-4.8.3-6.el7_6.x86_64 @updates > ??? Updated samba-winbind-4.8.3-6.el7_6.x86_64 @updates > ??? Updated samba-winbind-modules-4.8.3-6.el7_6.x86_64 @updates > > samba-4.9.1-6.el7.x86_64????????????????????? Sat 19 Oct 2019 09:43:13 > AM CDT > samba-winbind-4.9.1-6.el7.x86_64????????????? Sat 19 Oct 2019 09:43:00 > AM CDT > samba-client-4.9.1-6.el7.x86_64?????????????? Sat 19 Oct 2019 09:43:00 > AM CDT > samba-winbind-modules-4.9.1-6.el7.x86_64????? Sat 19 Oct 2019 09:42:29 > AM CDT > samba-common-tools-4.9.1-6.el7.x86_64???????? Sat 19 Oct 2019 09:40:54 > AM CDT > samba-libs-4.9.1-6.el7.x86_64???????????????? Sat 19 Oct 2019 09:40:53 > AM CDT > samba-client-libs-4.9.1-6.el7.x86_64????????? Sat 19 Oct 2019 09:40:52 > AM CDT > samba-common-libs-4.9.1-6.el7.x86_64????????? Sat 19 Oct 2019 09:40:51 > AM CDT > samba-common-4.9.1-6.el7.noarch?????????????? Sat 19 Oct 2019 09:40:51 > AM CDT > > Initially, smbd wouldn't even start.? nmbd and winbind were fine, but > smbd was spouting an error about "nobody is a group name" and "Failed > to create BUILTIN\Guests group NT_STATUS_ACCESS_DENIED! Can Winbind > allocate gids?" > > After lots of googling, I finally got the process to start properly, > and (from the limited testing I can do on Saturdays) Windows clients > can connect (this is the only Samba/CIFS server on the network). (FFR: > I added the "username map script" and the two "idmap config A36561" > stanzas in the smb.conf file below to get smbd restarted.? I also > needed to create a new guest user, and add "guest account = guest".)? > However, my Linux clients are not able to connect using CIFS.? I am > encountering the following errors in the log file for the Linux PC: > > "gensec_spnego_server_negTokenTarg_step: SPNEGO(ntlmssp) login failed: > NT_STATUS_NO_SUCH_USER" > "NT error packet at ../source3/smbd/sesssetup.c(247) cmd=115 > (SMBsesssetupX) NT_STATUS_LOGON_FAILURE" > > even though, earlier in the log file, I have this (encouraging) entry: > > "Auth: [SMB,(null)] user [A36561]\[alexm] at [Sat, 19 Oct 2019 > 13:58:12.577574 CDT] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] > workstation [ALEXM-SURFACE-PRO] remote host > [ipv4:192.168.254.191:56314] mapped to [A36561]\[alexm]. local host > [ipv4:192.168.255.5:445]" > > So, my usermap seems to be working, as my login should be alexm. > > I have been working on this for four hours now, and am completely out > of ideas. > > smb.conf: > # Global parameters > [global] > ??????? interfaces = lo eno16780032 > ??????? netbios name = NDTC-FS > ??????? server string = NDTC File Server 2017 > ??????? #server max protocol = SMB2 > ??????? workgroup = A36561 > ??????? domain master = Yes > ??????? preferred master = yes > ??????? local master = yes > ??????? ldap admin dn = cn=admin,o=ndtc > ??????? ldap passwd sync = yes > ??????? ldap ssl = no > ??????? ldap suffix = ou=ndtel,o=ndtc > ??????? ldap debug level = 1 > ??????? ldap debug threshold = 5 > ??????? log file = /var/log/samba/log.%m > ??????? log level = 3 > ??????? max log size = 50000 > ??????? domain logons = Yes > ??????? nt pipe support = No > ??????? lanman auth = Yes > ??????? passdb backend = ldapsam:"ldap://66.163.128.204" > ??????? security = user > ??????? guest account = guest > ??????? username map = /etc/samba/usermap.txt > ??????? username map script = /bin/echo > ??????? wins support = Yes > ??????? idmap config * : backend = tdb > ??????? idmap config * : range = 1000000-1999999 > ??????? idmap config A36561 : backend = autorib > ??????? idmap config A36561 : range = 2000000-4000000 > ??????? cups options = raw > ??????? ntlm auth = yes > > [homes] > ??????? comment = Home Directories > ??????? browseable = No > ??????? read only = No > > [groups] > ??????? comment = Group Directories > ??????? path = /cust/ndtel/groups > ??????? blocking locks = No > ??????? force create mode = 0660 > ??????? force directory mode = 0770 > ??????? read only = No > > [officeview] > ??????? comment = The Office View > ??????? path = /cust/ndtel/officeview > ??????? force create mode = 0777 > ??????? force directory mode = 0777 > ??????? guest ok = Yes > ??????? read only = No > ??????? write list = +users > > [docvault] > ??????? comment = Document Vault > ??????? path = /cust/ndtel/groups/business/docvault > ??????? browseable = No > ??????? force create mode = 0777 > ??????? force directory mode = 0777 > ??????? force group = +business > ??????? read only = No > ??????? write list = +business > > [share] > ??????? comment = Share space > ??????? path = /cust/ndtel/share > ??????? force create mode = 0777 > ??????? force directory mode = 0777 > ??????? guest ok = Yes > ??????? read only = No > ??????? write list = +users > > [archive] > ??????? comment = Archive area > ??????? path = /archive > ??????? force create mode = 0777 > ??????? force directory mode = 0777 > ??????? force group = +internet > ??????? read only = no > ??????? write list = +internet > > [printers] > ??????? comment = All Printers > ??????? path = /var/spool/samba > ??????? browseable = No > ??????? printable = Yes > > > >First a few comments about your smb.conf: nt pipe support = No You really shouldn't set the above line. Is there a Unix user called 'guest' ? Having said that, there isn't much point in having the 'guest account' and the 'guest ok = yes' lines, because you haven't set 'map to guest = bad user', so you will not have guest access. You also seem to have a typo 'backend = autorib' should be 'backend = autorid' Finally, to fix your main problem, check if winbind is running. Rowland
On 10/19/19 2:57 PM, Rowland penny via samba wrote:> On 19/10/2019 20:18, Alex Moen via samba wrote: >> Running CentOS Linux release 7.7.1908. Have Samba running as our fileserver on our (mostly) Windows network.?? Ran my "normal" yum updates today, and Samba was upgraded (last updates were on 8/10/2019).? I was on 4.8.3 before; now it's 4.9.1: >> >> ??? Updated samba-4.8.3-6.el7_6.x86_64 @updates >> ??? Updated samba-client-4.8.3-6.el7_6.x86_64 @updates >> ??? Updated samba-client-libs-4.8.3-6.el7_6.x86_64 @updates >> ??? Updated samba-common-4.8.3-6.el7_6.noarch @updates >> ??? Updated samba-common-libs-4.8.3-6.el7_6.x86_64 @updates >> ??? Updated samba-common-tools-4.8.3-6.el7_6.x86_64 @updates >> ??? Updated samba-libs-4.8.3-6.el7_6.x86_64 @updates >> ??? Updated samba-winbind-4.8.3-6.el7_6.x86_64 @updates >> ??? Updated samba-winbind-modules-4.8.3-6.el7_6.x86_64 @updates >> >> samba-4.9.1-6.el7.x86_64????????????????????? Sat 19 Oct 2019 09:43:13 AM CDT >> samba-winbind-4.9.1-6.el7.x86_64????????????? Sat 19 Oct 2019 09:43:00 AM CDT >> samba-client-4.9.1-6.el7.x86_64?????????????? Sat 19 Oct 2019 09:43:00 AM CDT >> samba-winbind-modules-4.9.1-6.el7.x86_64????? Sat 19 Oct 2019 09:42:29 AM CDT >> samba-common-tools-4.9.1-6.el7.x86_64???????? Sat 19 Oct 2019 09:40:54 AM CDT >> samba-libs-4.9.1-6.el7.x86_64???????????????? Sat 19 Oct 2019 09:40:53 AM CDT >> samba-client-libs-4.9.1-6.el7.x86_64????????? Sat 19 Oct 2019 09:40:52 AM CDT >> samba-common-libs-4.9.1-6.el7.x86_64????????? Sat 19 Oct 2019 09:40:51 AM CDT >> samba-common-4.9.1-6.el7.noarch?????????????? Sat 19 Oct 2019 09:40:51 AM CDT >> >> Initially, smbd wouldn't even start.? nmbd and winbind were fine, but smbd was spouting an error about "nobody is a group name" and "Failed to create BUILTIN\Guests group NT_STATUS_ACCESS_DENIED! Can Winbind allocate gids?" >> >> After lots of googling, I finally got the process to start properly, and (from the limited testing I can do on Saturdays) Windows clients can connect (this is the only Samba/CIFS server on the network). (FFR: I added the "username map script" and the two "idmap config A36561" stanzas in the smb.conf file below to get smbd restarted.? I also needed to create a new guest user, and add "guest account = guest".) However, my Linux clients are not able to connect using CIFS.? I am encountering the following errors in the log file for the Linux PC: >> >> "gensec_spnego_server_negTokenTarg_step: SPNEGO(ntlmssp) login failed: NT_STATUS_NO_SUCH_USER" >> "NT error packet at ../source3/smbd/sesssetup.c(247) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE" >> >> even though, earlier in the log file, I have this (encouraging) entry: >> >> "Auth: [SMB,(null)] user [A36561]\[alexm] at [Sat, 19 Oct 2019 13:58:12.577574 CDT] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [ALEXM-SURFACE-PRO] remote host [ipv4:192.168.254.191:56314] mapped to [A36561]\[alexm]. local host [ipv4:192.168.255.5:445]" >> >> So, my usermap seems to be working, as my login should be alexm. >> >> I have been working on this for four hours now, and am completely out of ideas. >> >> smb.conf: >> # Global parameters >> [global] >> ??????? interfaces = lo eno16780032 >> ??????? netbios name = NDTC-FS >> ??????? server string = NDTC File Server 2017 >> ??????? #server max protocol = SMB2 >> ??????? workgroup = A36561 >> ??????? domain master = Yes >> ??????? preferred master = yes >> ??????? local master = yes >> ??????? ldap admin dn = cn=admin,o=ndtc >> ??????? ldap passwd sync = yes >> ??????? ldap ssl = no >> ??????? ldap suffix = ou=ndtel,o=ndtc >> ??????? ldap debug level = 1 >> ??????? ldap debug threshold = 5 >> ??????? log file = /var/log/samba/log.%m >> ??????? log level = 3 >> ??????? max log size = 50000 >> ??????? domain logons = Yes >> ??????? nt pipe support = No >> ??????? lanman auth = Yes >> ??????? passdb backend = ldapsam:"ldap://66.163.128.204" >> ??????? security = user >> ??????? guest account = guest >> ??????? username map = /etc/samba/usermap.txt >> ??????? username map script = /bin/echo >> ??????? wins support = Yes >> ??????? idmap config * : backend = tdb >> ??????? idmap config * : range = 1000000-1999999 >> ??????? idmap config A36561 : backend = autorib >> ??????? idmap config A36561 : range = 2000000-4000000 >> ??????? cups options = raw >> ??????? ntlm auth = yes >> >> [homes] >> ??????? comment = Home Directories >> ??????? browseable = No >> ??????? read only = No >> >> [groups] >> ??????? comment = Group Directories >> ??????? path = /cust/ndtel/groups >> ??????? blocking locks = No >> ??????? force create mode = 0660 >> ??????? force directory mode = 0770 >> ??????? read only = No >> >> [officeview] >> ??????? comment = The Office View >> ??????? path = /cust/ndtel/officeview >> ??????? force create mode = 0777 >> ??????? force directory mode = 0777 >> ??????? guest ok = Yes >> ??????? read only = No >> ??????? write list = +users >> >> [docvault] >> ??????? comment = Document Vault >> ??????? path = /cust/ndtel/groups/business/docvault >> ??????? browseable = No >> ??????? force create mode = 0777 >> ??????? force directory mode = 0777 >> ??????? force group = +business >> ??????? read only = No >> ??????? write list = +business >> >> [share] >> ??????? comment = Share space >> ??????? path = /cust/ndtel/share >> ??????? force create mode = 0777 >> ??????? force directory mode = 0777 >> ??????? guest ok = Yes >> ??????? read only = No >> ??????? write list = +users >> >> [archive] >> ??????? comment = Archive area >> ??????? path = /archive >> ??????? force create mode = 0777 >> ??????? force directory mode = 0777 >> ??????? force group = +internet >> ??????? read only = no >> ??????? write list = +internet >> >> [printers] >> ??????? comment = All Printers >> ??????? path = /var/spool/samba >> ??????? browseable = No >> ??????? printable = Yes >> >> >> >> > First a few comments about your smb.conf: > > nt pipe support = No > > You really shouldn't set the above line. > > Is there a Unix user called 'guest' ? > > Having said that, there isn't much point in having the 'guest account' and the 'guest ok = yes' lines, because you haven't set 'map to guest = bad user', so you will not have guest access. > > You also seem to have a typo 'backend = autorib' should be 'backend = autorid' > > Finally, to fix your main problem, check if winbind is running. > > RowlandOn 10/19/19 2:57 PM, Rowland penny via samba wrote:> On 19/10/2019 20:18, Alex Moen via samba wrote: >> Running CentOS Linux release 7.7.1908. Have Samba running as our fileserver on our (mostly) Windows network. Ran my "normal" yum updates today, and Samba was upgraded (last updates were on 8/10/2019). I was on 4.8.3 before; now it's 4.9.1: >> >> Updated samba-4.8.3-6.el7_6.x86_64 @updates >> Updated samba-client-4.8.3-6.el7_6.x86_64 @updates >> Updated samba-client-libs-4.8.3-6.el7_6.x86_64 @updates >> Updated samba-common-4.8.3-6.el7_6.noarch @updates >> Updated samba-common-libs-4.8.3-6.el7_6.x86_64 @updates >> Updated samba-common-tools-4.8.3-6.el7_6.x86_64 @updates >> Updated samba-libs-4.8.3-6.el7_6.x86_64 @updates >> Updated samba-winbind-4.8.3-6.el7_6.x86_64 @updates >> Updated samba-winbind-modules-4.8.3-6.el7_6.x86_64 @updates >> >> samba-4.9.1-6.el7.x86_64 Sat 19 Oct 2019 09:43:13 AM CDT >> samba-winbind-4.9.1-6.el7.x86_64 Sat 19 Oct 2019 09:43:00 AM CDT >> samba-client-4.9.1-6.el7.x86_64 Sat 19 Oct 2019 09:43:00 AM CDT >> samba-winbind-modules-4.9.1-6.el7.x86_64 Sat 19 Oct 2019 09:42:29 AM CDT >> samba-common-tools-4.9.1-6.el7.x86_64 Sat 19 Oct 2019 09:40:54 AM CDT >> samba-libs-4.9.1-6.el7.x86_64 Sat 19 Oct 2019 09:40:53 AM CDT >> samba-client-libs-4.9.1-6.el7.x86_64 Sat 19 Oct 2019 09:40:52 AM CDT >> samba-common-libs-4.9.1-6.el7.x86_64 Sat 19 Oct 2019 09:40:51 AM CDT >> samba-common-4.9.1-6.el7.noarch Sat 19 Oct 2019 09:40:51 AM CDT >> >> Initially, smbd wouldn't even start. nmbd and winbind were fine, but smbd was spouting an error about "nobody is a group name" and "Failed to create BUILTIN\Guests group NT_STATUS_ACCESS_DENIED! Can Winbind allocate gids?" >> >> After lots of googling, I finally got the process to start properly, and (from the limited testing I can do on Saturdays) Windows clients can connect (this is the only Samba/CIFS server on the network). (FFR: I added the "username map script" and the two "idmap config A36561" stanzas in the smb.conf file below to get smbd restarted. I also needed to create a new guest user, and add "guest account = guest".) However, my Linux clients are not able to connect using CIFS. I am encountering the following errors in the log file for the Linux PC: >> >> "gensec_spnego_server_negTokenTarg_step: SPNEGO(ntlmssp) login failed: NT_STATUS_NO_SUCH_USER" >> "NT error packet at ../source3/smbd/sesssetup.c(247) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE" >> >> even though, earlier in the log file, I have this (encouraging) entry: >> >> "Auth: [SMB,(null)] user [A36561]\[alexm] at [Sat, 19 Oct 2019 13:58:12.577574 CDT] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [ALEXM-SURFACE-PRO] remote host [ipv4:192.168.254.191:56314] mapped to [A36561]\[alexm]. local host [ipv4:192.168.255.5:445]" >> >> So, my usermap seems to be working, as my login should be alexm. >> >> I have been working on this for four hours now, and am completely out of ideas. >> >> smb.conf: >> # Global parameters >> [global] >> interfaces = lo eno16780032 >> netbios name = NDTC-FS >> server string = NDTC File Server 2017 >> #server max protocol = SMB2 >> workgroup = A36561 >> domain master = Yes >> preferred master = yes >> local master = yes >> ldap admin dn = cn=admin,o=ndtc >> ldap passwd sync = yes >> ldap ssl = no >> ldap suffix = ou=ndtel,o=ndtc >> ldap debug level = 1 >> ldap debug threshold = 5 >> log file = /var/log/samba/log.%m >> log level = 3 >> max log size = 50000 >> domain logons = Yes >> nt pipe support = No >> lanman auth = Yes >> passdb backend = ldapsam:"ldap://66.163.128.204" >> security = user >> guest account = guest >> username map = /etc/samba/usermap.txt >> username map script = /bin/echo >> wins support = Yes >> idmap config * : backend = tdb >> idmap config * : range = 1000000-1999999 >> idmap config A36561 : backend = autorib >> idmap config A36561 : range = 2000000-4000000 >> cups options = raw >> ntlm auth = yes >> >> [homes] >> comment = Home Directories >> browseable = No >> read only = No >> >> [groups] >> comment = Group Directories >> path = /cust/ndtel/groups >> blocking locks = No >> force create mode = 0660 >> force directory mode = 0770 >> read only = No >> >> [officeview] >> comment = The Office View >> path = /cust/ndtel/officeview >> force create mode = 0777 >> force directory mode = 0777 >> guest ok = Yes >> read only = No >> write list = +users >> >> [docvault] >> comment = Document Vault >> path = /cust/ndtel/groups/business/docvault >> browseable = No >> force create mode = 0777 >> force directory mode = 0777 >> force group = +business >> read only = No >> write list = +business >> >> [share] >> comment = Share space >> path = /cust/ndtel/share >> force create mode = 0777 >> force directory mode = 0777 >> guest ok = Yes >> read only = No >> write list = +users >> >> [archive] >> comment = Archive area >> path = /archive >> force create mode = 0777 >> force directory mode = 0777 >> force group = +internet >> read only = no >> write list = +internet >> >> [printers] >> comment = All Printers >> path = /var/spool/samba >> browseable = No >> printable = Yes >> >> >> >> > First a few comments about your smb.conf: > > nt pipe support = No > > You really shouldn't set the above line. > > Is there a Unix user called 'guest' ? > > Having said that, there isn't much point in having the 'guest account' and the 'guest ok = yes' lines, because you haven't set 'map to guest = bad user', so you will not have guest access. > > You also seem to have a typo 'backend = autorib' should be 'backend = autorid' > > Finally, to fix your main problem, check if winbind is running. > > RowlandThis config has been brought forward for around 15 years. So, I wonder if some of this isn't legacy stuff. I took the "nt pipe support" line out. And, I fixed the typo (though, it's really strange that it seemed to fix the issue previously...) Guest account: There isn't a Unix user per se, but there is an LDAP user named guest that I created for this purpose... I don't really want guest access. Again, something legacy? As far as I can tell, winbind is running: [root at ndtc-fs ~]# systemctl status winbind ? winbind.service - Samba Winbind Daemon Loaded: loaded (/usr/lib/systemd/system/winbind.service; enabled; vendor preset: disabled) Active: active (running) since Sat 2019-10-19 15:19:55 CDT; 2min 17s ago Docs: man:winbindd(8) man:samba(7) man:smb.conf(5) Main PID: 7460 (winbindd) Status: "winbindd: ready to serve connections..." CGroup: /system.slice/winbind.service ??7460 /usr/sbin/winbindd --foreground --no-process-group ??7498 /usr/sbin/winbindd --foreground --no-process-group ??7499 /usr/sbin/winbindd --foreground --no-process-group ??7547 /usr/sbin/winbindd --foreground --no-process-group Oct 19 15:19:54 ndtc-fs systemd[1]: Stopped Samba Winbind Daemon. Oct 19 15:19:54 ndtc-fs systemd[1]: Starting Samba Winbind Daemon... Oct 19 15:19:55 ndtc-fs winbindd[7460]: [2019/10/19 15:19:55.019096, 0] ../source3/winbindd/winbindd_cache.c:3160(init...cache) Oct 19 15:19:55 ndtc-fs winbindd[7460]: initialize_winbindd_cache: clearing cache and re-creating with version number 2 Oct 19 15:19:55 ndtc-fs winbindd[7460]: [2019/10/19 15:19:55.024290, 0] ../lib/util/become_daemon.c:138(daemon_ready) Oct 19 15:19:55 ndtc-fs systemd[1]: Started Samba Winbind Daemon. Oct 19 15:19:55 ndtc-fs winbindd[7460]: daemon_ready: STATUS=daemon 'winbindd' finished starting up and ready to serv...ctions Oct 19 15:20:23 ndtc-fs winbindd[7499]: [2019/10/19 15:20:23.939396, 0] ../source3/winbindd/idmap_autorid.c:822(idmap_...alize) Oct 19 15:20:23 ndtc-fs winbindd[7499]: idmap_autorid_initialize: Error: autorid configured for domain 'a36561'. But ...ation. Hint: Some lines were ellipsized, use -l to show in full. As well as SMB and NMB: [root at ndtc-fs ~]# systemctl status nmb ? nmb.service - Samba NMB Daemon Loaded: loaded (/usr/lib/systemd/system/nmb.service; enabled; vendor preset: disabled) Active: active (running) since Sat 2019-10-19 15:20:19 CDT; 2min 3s ago Docs: man:nmbd(8) man:samba(7) man:smb.conf(5) Main PID: 7483 (nmbd) Status: "nmbd: ready to serve connections..." CGroup: /system.slice/nmb.service ??7483 /usr/sbin/nmbd --foreground --no-process-group ??7484 /usr/sbin/nmbd --foreground --no-process-group Oct 19 15:20:27 ndtc-fs nmbd[7483]: Oct 19 15:20:27 ndtc-fs nmbd[7483]: Samba server NDTC-FS is now a domain master browser for workgroup A36561 on subne...8.255.5 Oct 19 15:20:27 ndtc-fs nmbd[7483]: Oct 19 15:20:27 ndtc-fs nmbd[7483]: ***** Oct 19 15:20:42 ndtc-fs nmbd[7483]: [2019/10/19 15:20:42.367309, 0] ../source3/nmbd/nmbd_become_lmb.c:397(become_local...stage2) Oct 19 15:20:42 ndtc-fs nmbd[7483]: ***** Oct 19 15:20:42 ndtc-fs nmbd[7483]: Oct 19 15:20:42 ndtc-fs nmbd[7483]: Samba name server NDTC-FS is now a local master browser for workgroup A36561 on s...8.255.5 Oct 19 15:20:42 ndtc-fs nmbd[7483]: Oct 19 15:20:42 ndtc-fs nmbd[7483]: ***** Hint: Some lines were ellipsized, use -l to show in full. [root at ndtc-fs ~]# systemctl status sm ? smb.service - Samba SMB Daemon Loaded: loaded (/usr/lib/systemd/system/smb.service; enabled; vendor preset: disabled) Active: active (running) since Sat 2019-10-19 15:20:23 CDT; 2min 4s ago Docs: man:smbd(8) man:samba(7) man:smb.conf(5) Main PID: 7493 (smbd) Status: "smbd: ready to serve connections..." CGroup: /system.slice/smb.service ??7493 /usr/sbin/smbd --foreground --no-process-group ??7495 /usr/sbin/smbd --foreground --no-process-group ??7496 /usr/sbin/smbd --foreground --no-process-group ??7500 /usr/sbin/smbd --foreground --no-process-group ??7502 /usr/sbin/smbd --foreground --no-process-group ??7508 /usr/sbin/smbd --foreground --no-process-group ??7510 /usr/sbin/smbd --foreground --no-process-group ??7512 /usr/sbin/smbd --foreground --no-process-group Oct 19 15:20:23 ndtc-fs systemd[1]: Stopped Samba SMB Daemon. Oct 19 15:20:23 ndtc-fs systemd[1]: Starting Samba SMB Daemon... Oct 19 15:20:23 ndtc-fs smbd[7493]: [2019/10/19 15:20:23.953291, 0] ../lib/util/become_daemon.c:138(daemon_ready) Oct 19 15:20:23 ndtc-fs systemd[1]: Started Samba SMB Daemon. Oct 19 15:20:23 ndtc-fs smbd[7493]: daemon_ready: STATUS=daemon 'smbd' finished starting up and ready to serve connections I still cannot connect with Linux machines. It's really not that big of a deal (since I can use SSH/SFTP), but I just am concerned that there may be other issues if it isn't "fully functional", and that other clients may be affected. Thanks, Alex
On Saturday, 19 October 2019 21:18:39 CEST Alex Moen via samba wrote:> Running CentOS Linux release 7.7.1908. Have Samba running as our fileserver > on our (mostly) Windows network. Ran my "normal" yum updates today, and > Samba was upgraded (last updates were on 8/10/2019). I was on 4.8.3 > before; now it's 4.9.1: > > Updated samba-4.8.3-6.el7_6.x86_64 > @updates Updated samba-client-4.8.3-6.el7_6.x86_64 > @updates Updated samba-client-libs-4.8.3-6.el7_6.x86_64 > @updates Updated samba-common-4.8.3-6.el7_6.noarch > @updates Updated samba-common-libs-4.8.3-6.el7_6.x86_64 > @updates Updated > samba-common-tools-4.8.3-6.el7_6.x86_64 @updates > Updated samba-libs-4.8.3-6.el7_6.x86_64 > @updates Updated samba-winbind-4.8.3-6.el7_6.x86_64 > @updates Updated samba-winbind-modules-4.8.3-6.el7_6.x86_64 > @updates > > samba-4.9.1-6.el7.x86_64 Sat 19 Oct 2019 09:43:13 AM > CDT samba-winbind-4.9.1-6.el7.x86_64 Sat 19 Oct 2019 09:43:00 > AM CDT samba-client-4.9.1-6.el7.x86_64 Sat 19 Oct 2019 > 09:43:00 AM CDT samba-winbind-modules-4.9.1-6.el7.x86_64 Sat 19 Oct > 2019 09:42:29 AM CDT samba-common-tools-4.9.1-6.el7.x86_64 Sat 19 > Oct 2019 09:40:54 AM CDT samba-libs-4.9.1-6.el7.x86_64 Sat > 19 Oct 2019 09:40:53 AM CDT samba-client-libs-4.9.1-6.el7.x86_64 > Sat 19 Oct 2019 09:40:52 AM CDT samba-common-libs-4.9.1-6.el7.x86_64 > Sat 19 Oct 2019 09:40:51 AM CDT samba-common-4.9.1-6.el7.noarch > Sat 19 Oct 2019 09:40:51 AM CDT > > Initially, smbd wouldn't even start. nmbd and winbind were fine, but smbd > was spouting an error about "nobody is a group name" and "Failed to create > BUILTIN\Guests group NT_STATUS_ACCESS_DENIED! Can Winbind allocate gids?" > > After lots of googling, I finally got the process to start properly, and > (from the limited testing I can do on Saturdays) Windows clients can > connect (this is the only Samba/CIFS server on the network). (FFR: I added > the "username map script" and the two "idmap config A36561" stanzas in the > smb.conf file below to get smbd restarted. I also needed to create a new > guest user, and add "guest account = guest".) However, my Linux clients > are not able to connect using CIFS. I am encountering the following errors > in the log file for the Linux PC: > > "gensec_spnego_server_negTokenTarg_step: SPNEGO(ntlmssp) login failed: > NT_STATUS_NO_SUCH_USER" "NT error packet at > ../source3/smbd/sesssetup.c(247) cmd=115 (SMBsesssetupX) > NT_STATUS_LOGON_FAILURE" > > even though, earlier in the log file, I have this (encouraging) entry: > > "Auth: [SMB,(null)] user [A36561]\[alexm] at [Sat, 19 Oct 2019 > 13:58:12.577574 CDT] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] > workstation [ALEXM-SURFACE-PRO] remote host [ipv4:192.168.254.191:56314] > mapped to [A36561]\[alexm]. local host [ipv4:192.168.255.5:445]" > > So, my usermap seems to be working, as my login should be alexm. > > I have been working on this for four hours now, and am completely out of > ideas. > > smb.conf: > # Global parameters > [global] > interfaces = lo eno16780032 > netbios name = NDTC-FS > server string = NDTC File Server 2017 > #server max protocol = SMB2 > workgroup = A36561 > domain master = Yes > preferred master = yes > local master = yes > ldap admin dn = cn=admin,o=ndtc > ldap passwd sync = yes > ldap ssl = no > ldap suffix = ou=ndtel,o=ndtc > ldap debug level = 1 > ldap debug threshold = 5 > log file = /var/log/samba/log.%m > log level = 3 > max log size = 50000 > domain logons = Yes > nt pipe support = No > lanman auth = Yes > passdb backend = ldapsam:"ldap://66.163.128.204" > security = user > guest account = guest > username map = /etc/samba/usermap.txt > username map script = /bin/echo > wins support = Yes > idmap config * : backend = tdb > idmap config * : range = 1000000-1999999 > idmap config A36561 : backend = autorib > idmap config A36561 : range = 2000000-4000000 > cups options = raw > ntlm auth = yes > > [homes] > comment = Home Directories > browseable = No > read only = No > > [groups] > comment = Group Directories > path = /cust/ndtel/groups > blocking locks = No > force create mode = 0660 > force directory mode = 0770 > read only = No > > [officeview] > comment = The Office View > path = /cust/ndtel/officeview > force create mode = 0777 > force directory mode = 0777 > guest ok = Yes > read only = No > write list = +users > > [docvault] > comment = Document Vault > path = /cust/ndtel/groups/business/docvault > browseable = No > force create mode = 0777 > force directory mode = 0777 > force group = +business > read only = No > write list = +business > > [share] > comment = Share space > path = /cust/ndtel/share > force create mode = 0777 > force directory mode = 0777 > guest ok = Yes > read only = No > write list = +users > > [archive] > comment = Archive area > path = /archive > force create mode = 0777 > force directory mode = 0777 > force group = +internet > read only = no > write list = +internet > > [printers] > comment = All Printers > path = /var/spool/samba > browseable = No > printable = Yes > > > > > > Output of testparm: > > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) > ldap_url_parse_ext(ldap://localhost/) > ldap_init: trying /etc/openldap/ldap.conf > ldap_init: using /etc/openldap/ldap.conf > ldap_url_parse_ext(ldap://66.163.128.204) > ldap_init: HOME env is /root > ldap_init: trying /root/ldaprc > ldap_init: trying /root/.ldaprc > ldap_init: LDAPCONF env is NULL > ldap_init: LDAPRC env is NULL > Registered MSG_REQ_POOL_USAGE > Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED > Load smb config files from /etc/samba/smb.conf > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) > Processing section "[homes]" > Processing section "[groups]" > Processing section "[officeview]" > Processing section "[docvault]" > Processing section "[share]" > Processing section "[archive]" > Processing section "[printers]" > Loaded services file OK. > Server role: ROLE_DOMAIN_PDC > > Press enter to see a dump of your service definitions > > > Any advice would be very greatly appreciated.I think this is the following bug: https://bugzilla.samba.org/show_bug.cgi?id=14106