Hi, After upgrading one of my samba servers from ubuntu jaunty (3.3.2) to karmic (3.4.0) I cannot access the shares any more. The server (FINTLEWOODLEWIX) is set up to check authentication via a PDC (IO), which is also running 3.4.0 (and has been before). Guest access is allowed so that any users without a local unix account will be granted read access. Valid users are allowed read/write. After the upgrade I'm not able to connect to the share any more unless I specifically use the guest account (nobody) and its password. When trying to connect from a windows box (KRIKKIT), the logfile says the following (smbd runs in -d3). It doesn't seem to matter if the user (tom) has a local unix account or not: [2010/05/26 11:00:17, 3] libsmb/namequery_dc.c:199(rpc_dc_name) rpc_dc_name: Returning DC IO (130.95.136.177) for domain OBEL [2010/05/26 11:00:17, 3] libsmb/cliconnect.c:2031(cli_start_connection) Connecting to host=IO [2010/05/26 11:00:17, 3] lib/util_sock.c:1025(open_socket_out_send) Connecting to 130.95.136.177 at port 445 [2010/05/26 11:00:17, 3] lib/util_sock.c:1025(open_socket_out_send) Connecting to 130.95.136.177 at port 139 [2010/05/26 11:00:17, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [KRIKKIT]\[tom]@[KRIKKIT] with the new password interface [2010/05/26 11:00:17, 3] auth/auth.c:225(check_ntlm_password) check_ntlm_password: mapped user is: [FINTLEWOODLEWIX]\[tom]@[KRIKKIT] [2010/05/26 11:00:17, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/05/26 11:00:17, 3] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/05/26 11:00:17, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/05/26 11:00:17, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/05/26 11:00:17, 3] auth/auth_sam.c:282(check_sam_security) check_sam_security: Couldn't find user 'tom' in passdb. [2010/05/26 11:00:17, 3] auth/auth_winbind.c:54(check_winbind_security) check_winbind_security: Not using winbind, requested domain [FINTLEWOODLEWIX] was for this SAM. [2010/05/26 11:00:17, 2] auth/auth.c:320(check_ntlm_password) check_ntlm_password: Authentication for user [tom] -> [tom] FAILED with error NT_STATUS_NO_SUCH_USER [2010/05/26 11:00:17, 3] smbd/error.c:60(error_packet_set) error packet at smbd/sesssetup.c(122) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE The same user can directly connect to IO with not problems. Sending "OBEL\tom" as user instead gives the following error: [2010/05/26 11:08:17, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [OBEL]\[tom]@[KRIKKIT] with the new password interface [2010/05/26 11:08:17, 3] auth/auth.c:225(check_ntlm_password) check_ntlm_password: mapped user is: [FINTLEWOODLEWIX]\[tom]@[KRIKKIT] [2010/05/26 11:08:17, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/05/26 11:08:17, 3] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/05/26 11:08:17, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/05/26 11:08:17, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/05/26 11:08:17, 3] auth/auth_sam.c:282(check_sam_security) check_sam_security: Couldn't find user 'tom' in passdb. [2010/05/26 11:08:17, 3] auth/auth_winbind.c:54(check_winbind_security) check_winbind_security: Not using winbind, requested domain [FINTLEWOODLEWIX] was for this SAM. [2010/05/26 11:08:17, 2] auth/auth.c:320(check_ntlm_password) check_ntlm_password: Authentication for user [tom] -> [tom] FAILED with error NT_STATUS_NO_SUCH_USER [2010/05/26 11:08:17, 3] smbd/error.c:60(error_packet_set) error packet at smbd/sesssetup.c(122) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE Here is the output from testparm: Load smb config files from /etc/samba/smb.conf rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) Processing section "[data]" Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = OBEL server string = %h file server security = DOMAIN map to guest = Bad Uid password server = 130.95.136.177 passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 dns proxy = No panic action = /usr/share/samba/panic-action %d invalid users = root [data] comment = valuable not backed up research data path = /home/fintlewoodlewix/data read only = No create mask = 0644 force create mode = 0644 force directory mode = 0755 guest ok = Yes I also set guest account = nobody in the global section which isn't listed by testparm; maybe because it's the default. net rpc testjoin reports: Join to 'OBEL' is OK pdbedit -L only shows the 'nobody' account Any suggestions how to fix this? Cheers, Tom
Christian PERRIER
2010-May-26 08:44 UTC
[Samba] problems after upgrade from 3.3.2 to 3.4.0
Quoting Thomas Gutzler (thomas.gutzler at gmail.com):> Hi, > > After upgrading one of my samba servers from ubuntu jaunty (3.3.2) to > karmic (3.4.0) I cannot access the shares any more.The default for "passdb backend" changed between these versions (from "smbpasswd" to "tdbsam") and, as you don't explicitly set it in smb.conf, I'd gues this might be the reason for this. Try adding: passdb backend = smbpasswd