samba - Mar 2023 - clients not connecting to samba shares

On 28/03/2023 17:30, Gary Dale via samba wrote:
> It reports an error and samba doesn't start.
>>
>>>
>>> So now I'm at the point that the samba service refuses to
start.
>>
>> I cannot see why removing the lines I suggested would stop Samba 
>> starting, I take it that you are starting Samba with 'systemctl
start
>> samba-ad-dc'. Is there anything in the logs that shows why it no 
>> longer starts ?
> It seems to think it isn't a DC. 
Very strange, a typical Samba AD DC smb.conf would look like this:

[global]
	bind interfaces only = Yes
	dns forwarder = 8.8.8.8
	interfaces = lo eth0
	netbios name = RPIDC2
	realm = SAMDOM.EXAMPLE.COM
	server role = active directory domain controller
	workgroup = SAMDOM
	idmap_ldb:use rfc2307 = yes

[sysvol]
	path = /var/lib/samba/sysvol
	read only = No

[netlogon]
	path = /var/lib/samba/sysvol/samdom.example.com/scripts
	read only = No
> I tried removing the current smb.conf 
> and re-provisioning the domain but that has failed.
Did it give a reason, such as the smb.conf existed for instance ?
>>
>>>
>>> I'm loath to upgrade the samba version from the Debian version 
>>> without a clear benefit, It doesn't look like it would fix the 
>>> problem I'm having. 
>>
>> The benefit is that you would be running a Samba supported version.
> And losing the Debian/Stable one....
Which is maintained by the same guy that maintains the Debian backports 
Samba package.
>>
>>> Nor does this look like it's related in any way to using the DC
as a
>>> file server - something I've been doing for two decades without
>>> problems. 
>>
>> I do not think you could have been running a Samba AD DC for two 
>> decades, you probably ran A PDC at the start and you could use those 
>> as fileservers. Right from the start, Samba (like Windows) has always 
>> recommended just using a DC for authentication, but hey, it is your 
>> computer, use it as you like, but just be aware of the limitations.
> It wasn't an AD DC but it was the DC for my Domain.
Win 2k or 2003 ??
>>
>>> The Samba Wiki caveats seem more related to organizational issues 
>>> than technical ones.
>>
>> The main technical one is that, because of the ACL's setup required
>> for Sysvol, you must set any share permissions from Windows.
> And that's not organizational?
No, not really, I would have said using multiple DC's or Sites was 
organisational, setting permissions from Windows is technical in my book.
>>
>>>
>>> I'm considering tearing down everything and starting fresh.
Decades
>>> of accumulated crud could be real problem, since virtually
everything
>>> I've read suggests that a simple setup like mine should just
work.
>>
>> It should just work, in the main it should be easier than a PDC, but 
>> when used as a fileserver it can get a little bit harder.
>>
>> Rowland
> 
> Something is seriously wrong now. I had some memory go bad on the server 
> not too long ago. Possibly that screwed up something.? I don't think 
> I've got any real choice now but to purge.
This could be anything, HDD failing, power supply, just about anything, 
but it does sound like starting again might be a good idea. If you are 
starting again, then I would urge you to consider having multiple DC's 
and a separate fileserver.

Rowland

On 2023-03-28 12:46, Rowland Penny via samba wrote:
>
>
> On 28/03/2023 17:30, Gary Dale via samba wrote:
>> It reports an error and samba doesn't start.
>>>
>>>>
>>>> So now I'm at the point that the samba service refuses to
start.
>>>
>>> I cannot see why removing the lines I suggested would stop Samba 
>>> starting, I take it that you are starting Samba with 'systemctl
>>> start samba-ad-dc'. Is there anything in the logs that shows
why it
>>> no longer starts ?
>> It seems to think it isn't a DC. 
>
> Very strange, a typical Samba AD DC smb.conf would look like this:
>
> [global]
> ????bind interfaces only = Yes
> ????dns forwarder = 8.8.8.8
> ????interfaces = lo eth0
> ????netbios name = RPIDC2
> ????realm = SAMDOM.EXAMPLE.COM
> ????server role = active directory domain controller
> ????workgroup = SAMDOM
> ????idmap_ldb:use rfc2307 = yes
>
> [sysvol]
> ????path = /var/lib/samba/sysvol
> ????read only = No
>
> [netlogon]
> ????path = /var/lib/samba/sysvol/samdom.example.com/scripts
> ????read only = No
>
>> I tried removing the current smb.conf and re-provisioning the domain 
>> but that has failed.
>
> Did it give a reason, such as the smb.conf existed for instance ?
>
>>>
>>>>
>>>> I'm loath to upgrade the samba version from the Debian
version
>>>> without a clear benefit, It doesn't look like it would fix
the
>>>> problem I'm having. 
>>>
>>> The benefit is that you would be running a Samba supported version.
>> And losing the Debian/Stable one....
>
> Which is maintained by the same guy that maintains the Debian 
> backports Samba package.
>
>>>
>>>> Nor does this look like it's related in any way to using
the DC as
>>>> a file server - something I've been doing for two decades
without
>>>> problems. 
>>>
>>> I do not think you could have been running a Samba AD DC for two 
>>> decades, you probably ran A PDC at the start and you could use
those
>>> as fileservers. Right from the start, Samba (like Windows) has 
>>> always recommended just using a DC for authentication, but hey, it 
>>> is your computer, use it as you like, but just be aware of the 
>>> limitations.
>> It wasn't an AD DC but it was the DC for my Domain.
>
> Win 2k or 2003 ??
>
>>>
>>>> The Samba Wiki caveats seem more related to organizational
issues
>>>> than technical ones.
>>>
>>> The main technical one is that, because of the ACL's setup
required
>>> for Sysvol, you must set any share permissions from Windows.
>> And that's not organizational?
>
> No, not really, I would have said using multiple DC's or Sites was 
> organisational, setting permissions from Windows is technical in my book.
>
>>>
>>>>
>>>> I'm considering tearing down everything and starting fresh.
Decades
>>>> of accumulated crud could be real problem, since virtually 
>>>> everything I've read suggests that a simple setup like mine
should
>>>> just work.
>>>
>>> It should just work, in the main it should be easier than a PDC,
but
>>> when used as a fileserver it can get a little bit harder.
>>>
>>> Rowland
>>
>> Something is seriously wrong now. I had some memory go bad on the 
>> server not too long ago. Possibly that screwed up something.? I
don't
>> think I've got any real choice now but to purge.
>
> This could be anything, HDD failing, power supply, just about 
> anything, but it does sound like starting again might be a good idea. 
> If you are starting again, then I would urge you to consider having 
> multiple DC's and a separate fileserver.
>
> Rowland
>
I tried as best I could to remove the old installation with apt purge 
samba? && apt autoremove followed by a reboot. When that didn't
quite do
the job, I tried apt purge python3-samba && apt autoremove, That seemed 
to be a little more thorough. For good measure I also removed smbclient.

That left me with an apt install samba failing to --configure. It seemed 
to want an smb.conf file that didn't exist yet. Running samba-tool 
domain provision --use-rfc2307 --interactive created one but I noted 
that it was picking up the previous values from somewhere... Anyway, I 
could then dpkg --configure samba.

So now I should have a working samba - except I don't.

The /var/log/samba/log.samba shows:
[2023/03/28 14:56:10.498342,? 0] 
../../source4/smbd/server.c:644(binary_smbd_main)
 ? samba version 4.13.13-Debian started.
 ? Copyright Andrew Tridgell and the Samba Team 1992-2020
[2023/03/28 14:56:10.498471,? 0] 
../../lib/util/become_daemon.c:147(daemon_status)
 ? daemon_status: daemon 'samba' : Starting process...
[2023/03/28 14:56:10.596364,? 0] 
../../source4/smbd/server.c:920(binary_smbd_main)
 ? binary_smbd_main: samba: using 'prefork' process model
[2023/03/28 14:56:10.632970,? 0] 
../../source4/smbd/service_task.c:36(task_server_terminate)
 ? task_server_terminate: task_server_terminate: [kdc: 
hdb_samba4_create_kdc (setup KDC database) failed]
[2023/03/28 14:56:10.641278,? 0] 
../../source4/smbd/service_task.c:36(task_server_terminate)
 ? task_server_terminate: task_server_terminate: [kdc: 
hdb_samba4_create_kdc (setup KDC database) failed]
[2023/03/28 14:56:10.641744,? 0] 
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
 ? /usr/sbin/winbindd: Failed to exec child - No such file or directory
[2023/03/28 14:56:10.646204,? 0] 
../../source4/winbind/winbindd.c:46(winbindd_done)
 ? winbindd daemon died with exit status 255
[2023/03/28 14:56:10.646289,? 0] 
../../source4/smbd/service_task.c:36(task_server_terminate)
 ? task_server_terminate: task_server_terminate: [winbindd child process 
exited]
[2023/03/28 14:56:10.648218,? 0] 
../../source4/smbd/service_task.c:36(task_server_terminate)
 ? task_server_terminate: task_server_terminate: [kdc: 
hdb_samba4_create_kdc (setup KDC database) failed]
[2023/03/28 14:56:10.654829,? 0] 
../../source4/smbd/service_task.c:36(task_server_terminate)
 ? task_server_terminate: task_server_terminate: [kdc: 
hdb_samba4_create_kdc (setup KDC database) failed]
[2023/03/28 14:56:10.655864,? 0] 
../../lib/util/become_daemon.c:135(daemon_ready)
 ? daemon_ready: daemon 'samba' finished starting up and ready to serve 
connections
[2023/03/28 14:56:10.656084,? 0] 
../../source4/smbd/server.c:391(samba_terminate)
 ? samba_terminate: samba_terminate of samba 3918: kdc: 
hdb_samba4_create_kdc (setup KDC database) failed


Anyway, I purged again and tried reinstalling after removing the 
/etc/samba directory - on the theory that it may have been preventing 
apt from seeing this as a clean install. However I got the same errors 
again. Either there is a flaw in the samba package or there is something 
that is making it think it's a reinstall.

Any idea on how I can completely purge samba from the server?