I have a server which we use for backing up files. Noticed there was an upgrade available to 18.04.1. Now I cannot connect to from my win7 machine to the Ubuntu share. Any thoughts on what would have changed??? Tom
TRvs> I have a server which we use for backing up files. TRvs> Noticed there was an upgrade available to 18.04.1. TRvs> Now I cannot connect to from my win7 machine to the Ubuntu share. TRvs> Any thoughts on what would have changed??? TRvs> Tom It could be a host of things... What is the current configuration? AD server, stand-alone Samba CIFS share, etc? One issue with 18.04 and Samba AD is that Systemd.resolved and the internal samba DNS server conflict with each other. [Just one example.] Knowing a bit more about your configuration will be helpful in giving more useful answers. And have you checked the logs? Any error messages? Descriptions like: "It don't work no more." are not very helpful in general - there's so many ways it could be broken. We can't realistically list them all. -Greg
L.P.H. van Belle
2018-Aug-20 14:12 UTC
[Samba] Can't connect after Ubuntu 18.04.1 Upgrade???
Probely one of these.
Windows removed the smb1 support, but i dont know it thats in Win7 also.
Win10 removes it if you havent used it for a week or so.
Ubuntu, from what version did you upgrade, because smb1 is disabled after
upgrading from 16.04 to 18.04.
So to help out better, send us the folloing, OS, the upgrade From/To, previous
samba version and current version.
And a copy of smb.conf ( if needed sanitized ).
And what is in the logs.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Thomas Rieff via samba
> Verzonden: maandag 20 augustus 2018 15:53
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Can't connect after Ubuntu 18.04.1 Upgrade???
>
> I have a server which we use for backing up files.
> Noticed there was an upgrade available to 18.04.1.
> Now I cannot connect to from my win7 machine to the Ubuntu share.
> Any thoughts on what would have changed???
> Tom
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
On Mon, 20 Aug 2018 13:52:56 +0000 (UTC) Thomas Rieff via samba <samba at lists.samba.org> wrote:> I have a server which we use for backing up files. > Noticed there was an upgrade available to 18.04.1. > Now I cannot connect to from my win7 machine to the Ubuntu share. > Any thoughts on what would have changed??? > Tom > >Haven't a clue, from the info provided, it could be anything. Could you tell us how you are running Samba and post your smb.conf for a start. Rowland
Thanks for the replys... Just a basic samba server...being accessed by windows 7 to the gc and tmr shares with \\10.10.171.9\gc and \\10.10.171.9\tmr This has been running for a year without any issues...till the update yesterday afternoon :-( The file server is Ubuntu 18.04 and there was an update to Ubuntu 18.04.1, which I thought would be a mild step. The current version of samba is... Samba version 4.7.6-Ubuntu, don't know what it was before, thought it was up to date??? Below is the testparm and the dump of configurations. Also, I do see an error in the one log below. Hope all is well. Tom root at gc9:~# testparm Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) WARNING: The "syslog" option is deprecated Processing section "[printers]" Processing section "[print$]" Processing section "[gc9data1]" Processing section "[gc9data2]" Processing section "[gc]" Processing section "[tmr]" Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions # Global parameters [global] dns proxy = No log file = /var/log/samba/log.%m map to guest = Bad User max log size = 1000 obey pam restrictions = Yes pam password change = Yes panic action = /usr/share/samba/panic-action %d passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . passwd program = /usr/bin/passwd %u server role = standalone server server string = %h server (Samba, Ubuntu) syslog = 0 unix password sync = Yes usershare allow guests = Yes wins support = Yes workgroup = CLS idmap config * : backend = tdb [printers] browseable = No comment = All Printers create mask = 0700 path = /var/spool/samba printable = Yes [print$] comment = Printer Drivers path = /var/lib/samba/printers [gc9data1] comment = GreenCare Data Files create mask = 0775 directory mask = 0775 force group = gcdata path = /gc9data1 read only = No valid users = @gcdata [gc9data2] comment = GreenCare Data Files create mask = 0775 directory mask = 0775 force group = gcdata path = /gc9data2 read only = No valid users = @gcdata [gc] comment = GreenCare Data Files create mask = 0775 directory mask = 0775 force group = gc path = /gc9data2/gc read only = No valid users = @gc [tmr] comment = TMR Data Files create mask = 0775 directory mask = 0775 force group = tmr path = /gc9data2/tmr read only = No valid users = @tmr smdb log [2018/08/20 07:29:10.921098, 0] ../lib/util/become_daemon.c:124(daemon_ready) STATUS=daemon 'smbd' finished starting up and ready to serve connections [2018/08/20 08:03:16.243402, 0] ../lib/util/become_daemon.c:124(daemon_ready) STATUS=daemon 'smbd' finished starting up and ready to serve connections nmdb log [2018/08/19 13:00:05.482154, 0] ../source3/nmbd/nmbd_namequery.c:109(query_name_response) query_name_response: Multiple (2) responses received for a query on subnet 10.10.171.9 for name CLS<1d>. This response was from IP 10.10.171.12, reporting an IP address of 10.10.171.12. [2018/08/19 16:07:00.140717, 0] ../source3/nmbd/nmbd_namequery.c:109(query_name_response) query_name_response: Multiple (2) responses received for a query on subnet 10.10.171.9 for name CLS<1d>. This response was from IP 10.10.171.228, reporting an IP address of 10.10.171.228. [2018/08/19 16:17:10.231336, 0] ../source3/nmbd/nmbd_namequery.c:109(query_name_response) query_name_response: Multiple (2) responses received for a query on subnet 10.10.171.9 for name CLS<1d>. This response was from IP 10.10.171.228, reporting an IP address of 10.10.171.228. [2018/08/19 16:32:56.051867, 0] ../source3/nmbd/nmbd_become_lmb.c:397(become_local_master_stage2) ***** Samba name server GC9 is now a local master browser for workgroup CLS on subnet 10.10.171.9 ***** [2018/08/19 16:32:56.052002, 0] ../source3/nmbd/nmbd_browsesync.c:354(find_domain_master_name_query_fail) find_domain_master_name_query_fail: Unable to find the Domain Master Browser name CLS<1b> for the workgroup CLS. Unable to sync browse lists in this workgroup. [2018/08/19 16:35:18.169411, 0] ../source3/nmbd/nmbd_incomingdgrams.c:304(process_local_master_announce) process_local_master_announce: Server GC12 at IP 10.10.171.12 is announcing itself as a local master browser for workgroup CLS and we think we are master. Forcing election. [2018/08/19 16:35:18.169533, 0] ../source3/nmbd/nmbd_become_lmb.c:150(unbecome_local_master_success) ***** Samba name server GC9 has stopped being a local master browser for workgroup CLS on subnet 10.10.171.9 ***** [2018/08/19 17:41:03.206493, 0] ../source3/nmbd/nmbd.c:58(terminate) Got SIGTERM: going down... [2018/08/19 17:41:58.914868, 0] ../lib/util/become_daemon.c:124(daemon_ready) STATUS=daemon 'nmbd' finished starting up and ready to serve connections [2018/08/19 17:54:40.104108, 0] ../source3/nmbd/nmbd.c:58(terminate) Got SIGTERM: going down... [2018/08/19 20:04:46.786763, 0] ../lib/util/become_daemon.c:124(daemon_ready) STATUS=daemon 'nmbd' finished starting up and ready to serve connections [2018/08/19 20:04:47.034165, 0] ../source3/nmbd/nmbd_namequery.c:109(query_name_response) query_name_response: Multiple (2) responses received for a query on subnet 10.10.171.9 for name CLS<1d>. This response was from IP 10.10.171.12, reporting an IP address of 10.10.171.12. [2018/08/20 07:28:21.693110, 0] ../source3/nmbd/nmbd.c:58(terminate) Got SIGTERM: going down... [2018/08/20 07:29:09.223386, 0] ../lib/util/become_daemon.c:124(daemon_ready) STATUS=daemon 'nmbd' finished starting up and ready to serve connections
On Mon, 20 Aug 2018 18:38:53 +0000 (UTC) Thomas Rieff via samba <samba at lists.samba.org> wrote:> > Thanks for the replys... > Just a basic samba server...being accessed by windows 7 to the gc and > tmr shares with \\10.10.171.9\gc and \\10.10.171.9\tmr This has been > running for a year without any issues...till the update yesterday > afternoon :-( The file server is Ubuntu 18.04 and there was an update > to Ubuntu 18.04.1, which I thought would be a mild step. The current > version of samba is... Samba version 4.7.6-Ubuntu, don't know what it > was before, thought it was up to date??? Below is the testparm and > the dump of configurations. Also, I do see an error in the one log > below. Hope all is well. Tom > > root at gc9:~# testparm > Server role: ROLE_STANDALONE > > # Global parameters > [global] > dns proxy = No > log file = /var/log/samba/log.%m > map to guest = Bad User > max log size = 1000 > obey pam restrictions = Yes > pam password change = Yes > panic action = /usr/share/samba/panic-action %d > passwd chat = *Enter\snew\s*\spassword:* %n\n > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . > passwd program = /usr/bin/passwd %u server role = standalone server > server string = %h server (Samba, Ubuntu) > syslog = 0 > unix password sync = Yes > usershare allow guests = Yes > wins support = Yes > workgroup = CLS > idmap config * : backend = tdb >If you check the Ubuntu changelog, you will find this: samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.2) bionic-security; urgency=medium .............. ........ * SECURITY UPDATE: Weak authentication protocol allowed - debian/patches/CVE-2018-1139-*.patch: Do not allow ntlmv1 over SMB1 and add tests. - CVE-2018-1139 The default setting for ntlm auth is ntlmv2-only, but before the update, even though it wasn't really allowed by the default setting, NTLMv1 worked, now it doesn't. I think it is highly likely your clients are using NTLMv1. You can easily test this, add 'ntlm auth = yes' to smb.conf and restart. If this cures your problem, then you have two choices, leave it alone and put up with a possibly insecure server, or fix your clients to only use NTLMv2 and remove the line from smb.conf. Rowland
Rowland
Thanks for the response...
per your comments I added the 'ntlm auth = yes" line to
smb.conf...bingo bango!!! access was granted.
Changed win7 " Set the LAN Manager authentication level to NTLMv2 response
only/refuse LM and NTLM "
and then commented out the 'ntlm auth = yes" line to smb.conf ,
restarted samba and access was granted...
so my quirk seems to be resolved...
Thanks for your help.
Tom
If you check the Ubuntu changelog, you will find this:
samba (2:4.7.6+dfsg~ubuntu-0ubuntu2.2) bionic-security; urgency=medium
..............
........
* SECURITY UPDATE: Weak authentication protocol allowed
- debian/patches/CVE-2018-1139-*.patch: Do not allow ntlmv1 over SMB1
and add tests.
- CVE-2018-1139
The default setting for ntlm auth is ntlmv2-only, but before the
update, even though it wasn't really allowed by the default setting,
NTLMv1 worked, now it doesn't. I think it is highly likely your
clients are using NTLMv1.
You can easily test this, add 'ntlm auth = yes' to smb.conf and
restart. If this cures your problem, then you have two choices, leave
it alone and put up with a possibly insecure server, or fix your
clients to only use NTLMv2 and remove the line from smb.conf.
Rowland