samba - Oct 2019 - CentOS update broke Samba

On 10/19/19 2:57 PM, Rowland penny via samba wrote:
> On 19/10/2019 20:18, Alex Moen via samba wrote:
>> Running CentOS Linux release 7.7.1908. Have Samba running as our
fileserver on our (mostly) Windows network.?? Ran my "normal" yum
updates today, and Samba was upgraded (last updates were on 8/10/2019).? I was
on 4.8.3 before; now it's 4.9.1:
>>
>> ??? Updated samba-4.8.3-6.el7_6.x86_64 @updates
>> ??? Updated samba-client-4.8.3-6.el7_6.x86_64 @updates
>> ??? Updated samba-client-libs-4.8.3-6.el7_6.x86_64 @updates
>> ??? Updated samba-common-4.8.3-6.el7_6.noarch @updates
>> ??? Updated samba-common-libs-4.8.3-6.el7_6.x86_64 @updates
>> ??? Updated samba-common-tools-4.8.3-6.el7_6.x86_64 @updates
>> ??? Updated samba-libs-4.8.3-6.el7_6.x86_64 @updates
>> ??? Updated samba-winbind-4.8.3-6.el7_6.x86_64 @updates
>> ??? Updated samba-winbind-modules-4.8.3-6.el7_6.x86_64 @updates
>>
>> samba-4.9.1-6.el7.x86_64????????????????????? Sat 19 Oct 2019 09:43:13
AM CDT
>> samba-winbind-4.9.1-6.el7.x86_64????????????? Sat 19 Oct 2019 09:43:00
AM CDT
>> samba-client-4.9.1-6.el7.x86_64?????????????? Sat 19 Oct 2019 09:43:00
AM CDT
>> samba-winbind-modules-4.9.1-6.el7.x86_64????? Sat 19 Oct 2019 09:42:29
AM CDT
>> samba-common-tools-4.9.1-6.el7.x86_64???????? Sat 19 Oct 2019 09:40:54
AM CDT
>> samba-libs-4.9.1-6.el7.x86_64???????????????? Sat 19 Oct 2019 09:40:53
AM CDT
>> samba-client-libs-4.9.1-6.el7.x86_64????????? Sat 19 Oct 2019 09:40:52
AM CDT
>> samba-common-libs-4.9.1-6.el7.x86_64????????? Sat 19 Oct 2019 09:40:51
AM CDT
>> samba-common-4.9.1-6.el7.noarch?????????????? Sat 19 Oct 2019 09:40:51
AM CDT
>>
>> Initially, smbd wouldn't even start.? nmbd and winbind were fine,
but smbd was spouting an error about "nobody is a group name" and
"Failed to create BUILTIN\Guests group NT_STATUS_ACCESS_DENIED! Can Winbind
allocate gids?"
>>
>> After lots of googling, I finally got the process to start properly,
and (from the limited testing I can do on Saturdays) Windows clients can connect
(this is the only Samba/CIFS server on the network). (FFR: I added the
"username map script" and the two "idmap config A36561"
stanzas in the smb.conf file below to get smbd restarted.? I also needed to
create a new guest user, and add "guest account = guest".) However, my
Linux clients are not able to connect using CIFS.? I am encountering the
following errors in the log file for the Linux PC:
>>
>> "gensec_spnego_server_negTokenTarg_step: SPNEGO(ntlmssp) login
failed: NT_STATUS_NO_SUCH_USER"
>> "NT error packet at ../source3/smbd/sesssetup.c(247) cmd=115
(SMBsesssetupX) NT_STATUS_LOGON_FAILURE"
>>
>> even though, earlier in the log file, I have this (encouraging) entry:
>>
>> "Auth: [SMB,(null)] user [A36561]\[alexm] at [Sat, 19 Oct 2019
13:58:12.577574 CDT] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation
[ALEXM-SURFACE-PRO] remote host [ipv4:192.168.254.191:56314] mapped to
[A36561]\[alexm]. local host [ipv4:192.168.255.5:445]"
>>
>> So, my usermap seems to be working, as my login should be alexm.
>>
>> I have been working on this for four hours now, and am completely out
of ideas.
>>
>> smb.conf:
>> # Global parameters
>> [global]
>> ??????? interfaces = lo eno16780032
>> ??????? netbios name = NDTC-FS
>> ??????? server string = NDTC File Server 2017
>> ??????? #server max protocol = SMB2
>> ??????? workgroup = A36561
>> ??????? domain master = Yes
>> ??????? preferred master = yes
>> ??????? local master = yes
>> ??????? ldap admin dn = cn=admin,o=ndtc
>> ??????? ldap passwd sync = yes
>> ??????? ldap ssl = no
>> ??????? ldap suffix = ou=ndtel,o=ndtc
>> ??????? ldap debug level = 1
>> ??????? ldap debug threshold = 5
>> ??????? log file = /var/log/samba/log.%m
>> ??????? log level = 3
>> ??????? max log size = 50000
>> ??????? domain logons = Yes
>> ??????? nt pipe support = No
>> ??????? lanman auth = Yes
>> ??????? passdb backend = ldapsam:"ldap://66.163.128.204"
>> ??????? security = user
>> ??????? guest account = guest
>> ??????? username map = /etc/samba/usermap.txt
>> ??????? username map script = /bin/echo
>> ??????? wins support = Yes
>> ??????? idmap config * : backend = tdb
>> ??????? idmap config * : range = 1000000-1999999
>> ??????? idmap config A36561 : backend = autorib
>> ??????? idmap config A36561 : range = 2000000-4000000
>> ??????? cups options = raw
>> ??????? ntlm auth = yes
>>
>> [homes]
>> ??????? comment = Home Directories
>> ??????? browseable = No
>> ??????? read only = No
>>
>> [groups]
>> ??????? comment = Group Directories
>> ??????? path = /cust/ndtel/groups
>> ??????? blocking locks = No
>> ??????? force create mode = 0660
>> ??????? force directory mode = 0770
>> ??????? read only = No
>>
>> [officeview]
>> ??????? comment = The Office View
>> ??????? path = /cust/ndtel/officeview
>> ??????? force create mode = 0777
>> ??????? force directory mode = 0777
>> ??????? guest ok = Yes
>> ??????? read only = No
>> ??????? write list = +users
>>
>> [docvault]
>> ??????? comment = Document Vault
>> ??????? path = /cust/ndtel/groups/business/docvault
>> ??????? browseable = No
>> ??????? force create mode = 0777
>> ??????? force directory mode = 0777
>> ??????? force group = +business
>> ??????? read only = No
>> ??????? write list = +business
>>
>> [share]
>> ??????? comment = Share space
>> ??????? path = /cust/ndtel/share
>> ??????? force create mode = 0777
>> ??????? force directory mode = 0777
>> ??????? guest ok = Yes
>> ??????? read only = No
>> ??????? write list = +users
>>
>> [archive]
>> ??????? comment = Archive area
>> ??????? path = /archive
>> ??????? force create mode = 0777
>> ??????? force directory mode = 0777
>> ??????? force group = +internet
>> ??????? read only = no
>> ??????? write list = +internet
>>
>> [printers]
>> ??????? comment = All Printers
>> ??????? path = /var/spool/samba
>> ??????? browseable = No
>> ??????? printable = Yes
>>
>>
>>
>>
> First a few comments about your smb.conf:
> 
> nt pipe support = No
> 
> You really shouldn't set the above line.
> 
> Is there a Unix user called 'guest' ?
> 
> Having said that, there isn't much point in having the 'guest
account' and the 'guest ok = yes' lines, because you haven't set
'map to guest = bad user', so you will not have guest access.
> 
> You also seem to have a typo 'backend = autorib' should be
'backend = autorid'
> 
> Finally, to fix your main problem, check if winbind is running.
> 
> Rowland

On 10/19/19 2:57 PM, Rowland penny via samba wrote:
> On 19/10/2019 20:18, Alex Moen via samba wrote:
>> Running CentOS Linux release 7.7.1908. Have Samba running as our
fileserver on our (mostly) Windows network.   Ran my "normal" yum
updates today, and Samba was upgraded (last updates were on 8/10/2019).  I was
on 4.8.3 before; now it's 4.9.1:
>>
>>     Updated samba-4.8.3-6.el7_6.x86_64 @updates
>>     Updated samba-client-4.8.3-6.el7_6.x86_64 @updates
>>     Updated samba-client-libs-4.8.3-6.el7_6.x86_64 @updates
>>     Updated samba-common-4.8.3-6.el7_6.noarch @updates
>>     Updated samba-common-libs-4.8.3-6.el7_6.x86_64 @updates
>>     Updated samba-common-tools-4.8.3-6.el7_6.x86_64 @updates
>>     Updated samba-libs-4.8.3-6.el7_6.x86_64 @updates
>>     Updated samba-winbind-4.8.3-6.el7_6.x86_64 @updates
>>     Updated samba-winbind-modules-4.8.3-6.el7_6.x86_64 @updates
>>
>> samba-4.9.1-6.el7.x86_64                      Sat 19 Oct 2019 09:43:13
AM CDT
>> samba-winbind-4.9.1-6.el7.x86_64              Sat 19 Oct 2019 09:43:00
AM CDT
>> samba-client-4.9.1-6.el7.x86_64               Sat 19 Oct 2019 09:43:00
AM CDT
>> samba-winbind-modules-4.9.1-6.el7.x86_64      Sat 19 Oct 2019 09:42:29
AM CDT
>> samba-common-tools-4.9.1-6.el7.x86_64         Sat 19 Oct 2019 09:40:54
AM CDT
>> samba-libs-4.9.1-6.el7.x86_64                 Sat 19 Oct 2019 09:40:53
AM CDT
>> samba-client-libs-4.9.1-6.el7.x86_64          Sat 19 Oct 2019 09:40:52
AM CDT
>> samba-common-libs-4.9.1-6.el7.x86_64          Sat 19 Oct 2019 09:40:51
AM CDT
>> samba-common-4.9.1-6.el7.noarch               Sat 19 Oct 2019 09:40:51
AM CDT
>>
>> Initially, smbd wouldn't even start.  nmbd and winbind were fine,
but smbd was spouting an error about "nobody is a group name" and
"Failed to create BUILTIN\Guests group NT_STATUS_ACCESS_DENIED! Can Winbind
allocate gids?"
>>
>> After lots of googling, I finally got the process to start properly,
and (from the limited testing I can do on Saturdays) Windows clients can connect
(this is the only Samba/CIFS server on the network). (FFR: I added the
"username map script" and the two "idmap config A36561"
stanzas in the smb.conf file below to get smbd restarted.  I also needed to
create a new guest user, and add "guest account = guest".)  However,
my Linux clients are not able to connect using CIFS.  I am encountering the
following errors in the log file for the Linux PC:
>>
>> "gensec_spnego_server_negTokenTarg_step: SPNEGO(ntlmssp) login
failed: NT_STATUS_NO_SUCH_USER"
>> "NT error packet at ../source3/smbd/sesssetup.c(247) cmd=115
(SMBsesssetupX) NT_STATUS_LOGON_FAILURE"
>>
>> even though, earlier in the log file, I have this (encouraging) entry:
>>
>> "Auth: [SMB,(null)] user [A36561]\[alexm] at [Sat, 19 Oct 2019
13:58:12.577574 CDT] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation
[ALEXM-SURFACE-PRO] remote host [ipv4:192.168.254.191:56314] mapped to
[A36561]\[alexm]. local host [ipv4:192.168.255.5:445]"
>>
>> So, my usermap seems to be working, as my login should be alexm.
>>
>> I have been working on this for four hours now, and am completely out
of ideas.
>>
>> smb.conf:
>> # Global parameters
>> [global]
>>         interfaces = lo eno16780032
>>         netbios name = NDTC-FS
>>         server string = NDTC File Server 2017
>>         #server max protocol = SMB2
>>         workgroup = A36561
>>         domain master = Yes
>>         preferred master = yes
>>         local master = yes
>>         ldap admin dn = cn=admin,o=ndtc
>>         ldap passwd sync = yes
>>         ldap ssl = no
>>         ldap suffix = ou=ndtel,o=ndtc
>>         ldap debug level = 1
>>         ldap debug threshold = 5
>>         log file = /var/log/samba/log.%m
>>         log level = 3
>>         max log size = 50000
>>         domain logons = Yes
>>         nt pipe support = No
>>         lanman auth = Yes
>>         passdb backend = ldapsam:"ldap://66.163.128.204"
>>         security = user
>>         guest account = guest
>>         username map = /etc/samba/usermap.txt
>>         username map script = /bin/echo
>>         wins support = Yes
>>         idmap config * : backend = tdb
>>         idmap config * : range = 1000000-1999999
>>         idmap config A36561 : backend = autorib
>>         idmap config A36561 : range = 2000000-4000000
>>         cups options = raw
>>         ntlm auth = yes
>>
>> [homes]
>>         comment = Home Directories
>>         browseable = No
>>         read only = No
>>
>> [groups]
>>         comment = Group Directories
>>         path = /cust/ndtel/groups
>>         blocking locks = No
>>         force create mode = 0660
>>         force directory mode = 0770
>>         read only = No
>>
>> [officeview]
>>         comment = The Office View
>>         path = /cust/ndtel/officeview
>>         force create mode = 0777
>>         force directory mode = 0777
>>         guest ok = Yes
>>         read only = No
>>         write list = +users
>>
>> [docvault]
>>         comment = Document Vault
>>         path = /cust/ndtel/groups/business/docvault
>>         browseable = No
>>         force create mode = 0777
>>         force directory mode = 0777
>>         force group = +business
>>         read only = No
>>         write list = +business
>>
>> [share]
>>         comment = Share space
>>         path = /cust/ndtel/share
>>         force create mode = 0777
>>         force directory mode = 0777
>>         guest ok = Yes
>>         read only = No
>>         write list = +users
>>
>> [archive]
>>         comment = Archive area
>>         path = /archive
>>         force create mode = 0777
>>         force directory mode = 0777
>>         force group = +internet
>>         read only = no
>>         write list = +internet
>>
>> [printers]
>>         comment = All Printers
>>         path = /var/spool/samba
>>         browseable = No
>>         printable = Yes
>>
>>
>>
>>
> First a few comments about your smb.conf:
>
> nt pipe support = No
>
> You really shouldn't set the above line.
>
> Is there a Unix user called 'guest' ?
>
> Having said that, there isn't much point in having the 'guest
account' and the 'guest ok = yes' lines, because you haven't set
'map to guest = bad user', so you will not have guest access.
>
> You also seem to have a typo 'backend = autorib' should be
'backend = autorid'
>
> Finally, to fix your main problem, check if winbind is running.
>
> Rowland 

This config has been brought forward for around 15 years.  So, I wonder if some
of this isn't legacy stuff.

I took the "nt pipe support" line out.  And, I fixed the typo (though,
it's really strange that it seemed to fix the issue previously...)

Guest account: There isn't a Unix user per se, but there is an LDAP user
named guest that I created for this purpose...  I don't really want guest
access.  Again, something legacy?

As far as I can tell, winbind is running:

[root at ndtc-fs ~]# systemctl status winbind
? winbind.service - Samba Winbind Daemon
    Loaded: loaded (/usr/lib/systemd/system/winbind.service; enabled; vendor
preset: disabled)
    Active: active (running) since Sat 2019-10-19 15:19:55 CDT; 2min 17s ago
      Docs: man:winbindd(8)
            man:samba(7)
            man:smb.conf(5)
  Main PID: 7460 (winbindd)
    Status: "winbindd: ready to serve connections..."
    CGroup: /system.slice/winbind.service
            ??7460 /usr/sbin/winbindd --foreground --no-process-group
            ??7498 /usr/sbin/winbindd --foreground --no-process-group
            ??7499 /usr/sbin/winbindd --foreground --no-process-group
            ??7547 /usr/sbin/winbindd --foreground --no-process-group

Oct 19 15:19:54 ndtc-fs systemd[1]: Stopped Samba Winbind Daemon.
Oct 19 15:19:54 ndtc-fs systemd[1]: Starting Samba Winbind Daemon...
Oct 19 15:19:55 ndtc-fs winbindd[7460]: [2019/10/19 15:19:55.019096,  0]
../source3/winbindd/winbindd_cache.c:3160(init...cache)
Oct 19 15:19:55 ndtc-fs winbindd[7460]:   initialize_winbindd_cache: clearing
cache and re-creating with version number 2
Oct 19 15:19:55 ndtc-fs winbindd[7460]: [2019/10/19 15:19:55.024290,  0]
../lib/util/become_daemon.c:138(daemon_ready)
Oct 19 15:19:55 ndtc-fs systemd[1]: Started Samba Winbind Daemon.
Oct 19 15:19:55 ndtc-fs winbindd[7460]:   daemon_ready: STATUS=daemon
'winbindd' finished starting up and ready to serv...ctions
Oct 19 15:20:23 ndtc-fs winbindd[7499]: [2019/10/19 15:20:23.939396,  0]
../source3/winbindd/idmap_autorid.c:822(idmap_...alize)
Oct 19 15:20:23 ndtc-fs winbindd[7499]:   idmap_autorid_initialize: Error:
autorid configured for domain 'a36561'. But ...ation.
Hint: Some lines were ellipsized, use -l to show in full.

As well as SMB and NMB:

[root at ndtc-fs ~]# systemctl status nmb
? nmb.service - Samba NMB Daemon
    Loaded: loaded (/usr/lib/systemd/system/nmb.service; enabled; vendor preset:
disabled)
    Active: active (running) since Sat 2019-10-19 15:20:19 CDT; 2min 3s ago
      Docs: man:nmbd(8)
            man:samba(7)
            man:smb.conf(5)
  Main PID: 7483 (nmbd)
    Status: "nmbd: ready to serve connections..."
    CGroup: /system.slice/nmb.service
            ??7483 /usr/sbin/nmbd --foreground --no-process-group
            ??7484 /usr/sbin/nmbd --foreground --no-process-group

Oct 19 15:20:27 ndtc-fs nmbd[7483]:
Oct 19 15:20:27 ndtc-fs nmbd[7483]:   Samba server NDTC-FS is now a domain
master browser for workgroup A36561 on subne...8.255.5
Oct 19 15:20:27 ndtc-fs nmbd[7483]:
Oct 19 15:20:27 ndtc-fs nmbd[7483]:   *****
Oct 19 15:20:42 ndtc-fs nmbd[7483]: [2019/10/19 15:20:42.367309,  0]
../source3/nmbd/nmbd_become_lmb.c:397(become_local...stage2)
Oct 19 15:20:42 ndtc-fs nmbd[7483]:   *****
Oct 19 15:20:42 ndtc-fs nmbd[7483]:
Oct 19 15:20:42 ndtc-fs nmbd[7483]:   Samba name server NDTC-FS is now a local
master browser for workgroup A36561 on s...8.255.5
Oct 19 15:20:42 ndtc-fs nmbd[7483]:
Oct 19 15:20:42 ndtc-fs nmbd[7483]:   *****
Hint: Some lines were ellipsized, use -l to show in full.

[root at ndtc-fs ~]# systemctl status sm
? smb.service - Samba SMB Daemon
    Loaded: loaded (/usr/lib/systemd/system/smb.service; enabled; vendor preset:
disabled)
    Active: active (running) since Sat 2019-10-19 15:20:23 CDT; 2min 4s ago
      Docs: man:smbd(8)
            man:samba(7)
            man:smb.conf(5)
  Main PID: 7493 (smbd)
    Status: "smbd: ready to serve connections..."
    CGroup: /system.slice/smb.service
            ??7493 /usr/sbin/smbd --foreground --no-process-group
            ??7495 /usr/sbin/smbd --foreground --no-process-group
            ??7496 /usr/sbin/smbd --foreground --no-process-group
            ??7500 /usr/sbin/smbd --foreground --no-process-group
            ??7502 /usr/sbin/smbd --foreground --no-process-group
            ??7508 /usr/sbin/smbd --foreground --no-process-group
            ??7510 /usr/sbin/smbd --foreground --no-process-group
            ??7512 /usr/sbin/smbd --foreground --no-process-group

Oct 19 15:20:23 ndtc-fs systemd[1]: Stopped Samba SMB Daemon.
Oct 19 15:20:23 ndtc-fs systemd[1]: Starting Samba SMB Daemon...
Oct 19 15:20:23 ndtc-fs smbd[7493]: [2019/10/19 15:20:23.953291,  0]
../lib/util/become_daemon.c:138(daemon_ready)
Oct 19 15:20:23 ndtc-fs systemd[1]: Started Samba SMB Daemon.
Oct 19 15:20:23 ndtc-fs smbd[7493]:   daemon_ready: STATUS=daemon 'smbd'
finished starting up and ready to serve connections

I still cannot connect with Linux machines.  It's really not that big of a
deal (since I can use SSH/SFTP), but I just am concerned that there may be other
issues if it isn't "fully functional", and that other clients may
be affected.

Thanks,

Alex

On 19/10/2019 21:28, Alex Moen via samba wrote:
>
>
> On 10/19/19 2:57 PM, Rowland penny via samba wrote:
>
> Guest account: There isn't a Unix user per se, but there is an LDAP 
> user named guest that I created for this purpose...? I don't really 
> want guest access.? Again, something legacy?
No, the guest user is usually a Unix user (usually
'nobody')
>
> As far as I can tell, winbind is running:
>
> [root at ndtc-fs ~]# systemctl status winbind
> ? winbind.service - Samba Winbind Daemon
> ?? Loaded: loaded (/usr/lib/systemd/system/winbind.service; enabled; 
> vendor preset: disabled)
> ?? Active: active (running) since Sat 2019-10-19 15:19:55 CDT; 2min 
> 17s ago
> ???? Docs: man:winbindd(8)
> ?????????? man:samba(7)
> ?????????? man:smb.conf(5)
> ?Main PID: 7460 (winbindd)
> ?? Status: "winbindd: ready to serve connections..."
> ?? CGroup: /system.slice/winbind.service
> ?????????? ??7460 /usr/sbin/winbindd --foreground --no-process-group
> ?????????? ??7498 /usr/sbin/winbindd --foreground --no-process-group
> ?????????? ??7499 /usr/sbin/winbindd --foreground --no-process-group
> ?????????? ??7547 /usr/sbin/winbindd --foreground --no-process-group
>
> Oct 19 15:19:54 ndtc-fs systemd[1]: Stopped Samba Winbind Daemon.
> Oct 19 15:19:54 ndtc-fs systemd[1]: Starting Samba Winbind Daemon...
> Oct 19 15:19:55 ndtc-fs winbindd[7460]: [2019/10/19 15:19:55.019096,? 
> 0] ../source3/winbindd/winbindd_cache.c:3160(init...cache)
> Oct 19 15:19:55 ndtc-fs winbindd[7460]: initialize_winbindd_cache: 
> clearing cache and re-creating with version number 2
> Oct 19 15:19:55 ndtc-fs winbindd[7460]: [2019/10/19 15:19:55.024290,? 
> 0] ../lib/util/become_daemon.c:138(daemon_ready)
> Oct 19 15:19:55 ndtc-fs systemd[1]: Started Samba Winbind Daemon.
> Oct 19 15:19:55 ndtc-fs winbindd[7460]:?? daemon_ready: STATUS=daemon 
> 'winbindd' finished starting up and ready to serv...ctions
> Oct 19 15:20:23 ndtc-fs winbindd[7499]: [2019/10/19 15:20:23.939396,? 
> 0] ../source3/winbindd/idmap_autorid.c:822(idmap_...alize)
> Oct 19 15:20:23 ndtc-fs winbindd[7499]: idmap_autorid_initialize: 
> Error: autorid configured for domain 'a36561'. But ...ation.
> Hint: Some lines were ellipsized, use -l to show in full.
>
> As well as SMB and NMB:
>
> [root at ndtc-fs ~]# systemctl status nmb
> ? nmb.service - Samba NMB Daemon
> ?? Loaded: loaded (/usr/lib/systemd/system/nmb.service; enabled; 
> vendor preset: disabled)
> ?? Active: active (running) since Sat 2019-10-19 15:20:19 CDT; 2min 3s 
> ago
> ???? Docs: man:nmbd(8)
> ?????????? man:samba(7)
> ?????????? man:smb.conf(5)
> ?Main PID: 7483 (nmbd)
> ?? Status: "nmbd: ready to serve connections..."
> ?? CGroup: /system.slice/nmb.service
> ?????????? ??7483 /usr/sbin/nmbd --foreground --no-process-group
> ?????????? ??7484 /usr/sbin/nmbd --foreground --no-process-group
>
> Oct 19 15:20:27 ndtc-fs nmbd[7483]:
> Oct 19 15:20:27 ndtc-fs nmbd[7483]:?? Samba server NDTC-FS is now a 
> domain master browser for workgroup A36561 on subne...8.255.5
> Oct 19 15:20:27 ndtc-fs nmbd[7483]:
> Oct 19 15:20:27 ndtc-fs nmbd[7483]:?? *****
> Oct 19 15:20:42 ndtc-fs nmbd[7483]: [2019/10/19 15:20:42.367309, 0] 
> ../source3/nmbd/nmbd_become_lmb.c:397(become_local...stage2)
> Oct 19 15:20:42 ndtc-fs nmbd[7483]:?? *****
> Oct 19 15:20:42 ndtc-fs nmbd[7483]:
> Oct 19 15:20:42 ndtc-fs nmbd[7483]:?? Samba name server NDTC-FS is now 
> a local master browser for workgroup A36561 on s...8.255.5
> Oct 19 15:20:42 ndtc-fs nmbd[7483]:
> Oct 19 15:20:42 ndtc-fs nmbd[7483]:?? *****
> Hint: Some lines were ellipsized, use -l to show in full.
>
> [root at ndtc-fs ~]# systemctl status sm
> ? smb.service - Samba SMB Daemon
> ?? Loaded: loaded (/usr/lib/systemd/system/smb.service; enabled; 
> vendor preset: disabled)
> ?? Active: active (running) since Sat 2019-10-19 15:20:23 CDT; 2min 4s 
> ago
> ???? Docs: man:smbd(8)
> ?????????? man:samba(7)
> ?????????? man:smb.conf(5)
> ?Main PID: 7493 (smbd)
> ?? Status: "smbd: ready to serve connections..."
> ?? CGroup: /system.slice/smb.service
> ?????????? ??7493 /usr/sbin/smbd --foreground --no-process-group
> ?????????? ??7495 /usr/sbin/smbd --foreground --no-process-group
> ?????????? ??7496 /usr/sbin/smbd --foreground --no-process-group
> ?????????? ??7500 /usr/sbin/smbd --foreground --no-process-group
> ?????????? ??7502 /usr/sbin/smbd --foreground --no-process-group
> ?????????? ??7508 /usr/sbin/smbd --foreground --no-process-group
> ?????????? ??7510 /usr/sbin/smbd --foreground --no-process-group
> ?????????? ??7512 /usr/sbin/smbd --foreground --no-process-group
>
> Oct 19 15:20:23 ndtc-fs systemd[1]: Stopped Samba SMB Daemon.
> Oct 19 15:20:23 ndtc-fs systemd[1]: Starting Samba SMB Daemon...
> Oct 19 15:20:23 ndtc-fs smbd[7493]: [2019/10/19 15:20:23.953291, 0] 
> ../lib/util/become_daemon.c:138(daemon_ready)
> Oct 19 15:20:23 ndtc-fs systemd[1]: Started Samba SMB Daemon.
> Oct 19 15:20:23 ndtc-fs smbd[7493]:?? daemon_ready: STATUS=daemon 
> 'smbd' finished starting up and ready to serve connections
>
> I still cannot connect with Linux machines.? It's really not that big 
> of a deal (since I can use SSH/SFTP), but I just am concerned that 
> there may be other issues if it isn't "fully functional", and
that
> other clients may be affected.
I think you are running into this bug:

https://bugzilla.samba.org/show_bug.cgi?id=13697

However, can I strongly urge you to upgrade your NT4-style domain to an 
AD domain, Microsoft has broken these twice (and repaired them) to my 
knowledge, perhaps next time they will not fix them. Microsoft is also 
moving away from the protocols that NT4-style domains rely on.

Rowland

On Sat, Oct 19, 2019 at 4:47 PM Rowland penny via samba
<samba at lists.samba.org> wrote:
>
> On 19/10/2019 21:28, Alex Moen via samba wrote:
> >
> >
> > On 10/19/19 2:57 PM, Rowland penny via samba wrote:
> >
> > Guest account: There isn't a Unix user per se, but there is an
LDAP
> > user named guest that I created for this purpose...  I don't
really
> > want guest access.  Again, something legacy?
> No, the guest user is usually a Unix user (usually 'nobody')
I'd start with a pristine, RPM provided smb.conf, put it under source
control, see if it works, then fold in the specific features of your
15 year old smb.conf one at a time to ensure format compatibility and
feature testability. If you decide you want to play with the very
latest greeted bleeding edge Samba, I'm publishing tools to buil dit,
with the domain controller enabled, over at
https://github.com/nkadel/samba4repo .