samba - Mar 2023 - clients not connecting to samba shares

On 2023-03-28 12:46, Rowland Penny via samba wrote:
>
>
> On 28/03/2023 17:30, Gary Dale via samba wrote:
>> It reports an error and samba doesn't start.
>>>
>>>>
>>>> So now I'm at the point that the samba service refuses to
start.
>>>
>>> I cannot see why removing the lines I suggested would stop Samba 
>>> starting, I take it that you are starting Samba with 'systemctl
>>> start samba-ad-dc'. Is there anything in the logs that shows
why it
>>> no longer starts ?
>> It seems to think it isn't a DC. 
>
> Very strange, a typical Samba AD DC smb.conf would look like this:
>
> [global]
> ????bind interfaces only = Yes
> ????dns forwarder = 8.8.8.8
> ????interfaces = lo eth0
> ????netbios name = RPIDC2
> ????realm = SAMDOM.EXAMPLE.COM
> ????server role = active directory domain controller
> ????workgroup = SAMDOM
> ????idmap_ldb:use rfc2307 = yes
>
> [sysvol]
> ????path = /var/lib/samba/sysvol
> ????read only = No
>
> [netlogon]
> ????path = /var/lib/samba/sysvol/samdom.example.com/scripts
> ????read only = No
>
>> I tried removing the current smb.conf and re-provisioning the domain 
>> but that has failed.
>
> Did it give a reason, such as the smb.conf existed for instance ?
>
>>>
>>>>
>>>> I'm loath to upgrade the samba version from the Debian
version
>>>> without a clear benefit, It doesn't look like it would fix
the
>>>> problem I'm having. 
>>>
>>> The benefit is that you would be running a Samba supported version.
>> And losing the Debian/Stable one....
>
> Which is maintained by the same guy that maintains the Debian 
> backports Samba package.
>
>>>
>>>> Nor does this look like it's related in any way to using
the DC as
>>>> a file server - something I've been doing for two decades
without
>>>> problems. 
>>>
>>> I do not think you could have been running a Samba AD DC for two 
>>> decades, you probably ran A PDC at the start and you could use
those
>>> as fileservers. Right from the start, Samba (like Windows) has 
>>> always recommended just using a DC for authentication, but hey, it 
>>> is your computer, use it as you like, but just be aware of the 
>>> limitations.
>> It wasn't an AD DC but it was the DC for my Domain.
>
> Win 2k or 2003 ??
>
>>>
>>>> The Samba Wiki caveats seem more related to organizational
issues
>>>> than technical ones.
>>>
>>> The main technical one is that, because of the ACL's setup
required
>>> for Sysvol, you must set any share permissions from Windows.
>> And that's not organizational?
>
> No, not really, I would have said using multiple DC's or Sites was 
> organisational, setting permissions from Windows is technical in my book.
>
>>>
>>>>
>>>> I'm considering tearing down everything and starting fresh.
Decades
>>>> of accumulated crud could be real problem, since virtually 
>>>> everything I've read suggests that a simple setup like mine
should
>>>> just work.
>>>
>>> It should just work, in the main it should be easier than a PDC,
but
>>> when used as a fileserver it can get a little bit harder.
>>>
>>> Rowland
>>
>> Something is seriously wrong now. I had some memory go bad on the 
>> server not too long ago. Possibly that screwed up something.? I
don't
>> think I've got any real choice now but to purge.
>
> This could be anything, HDD failing, power supply, just about 
> anything, but it does sound like starting again might be a good idea. 
> If you are starting again, then I would urge you to consider having 
> multiple DC's and a separate fileserver.
>
> Rowland
>
I tried as best I could to remove the old installation with apt purge 
samba? && apt autoremove followed by a reboot. When that didn't
quite do
the job, I tried apt purge python3-samba && apt autoremove, That seemed 
to be a little more thorough. For good measure I also removed smbclient.

That left me with an apt install samba failing to --configure. It seemed 
to want an smb.conf file that didn't exist yet. Running samba-tool 
domain provision --use-rfc2307 --interactive created one but I noted 
that it was picking up the previous values from somewhere... Anyway, I 
could then dpkg --configure samba.

So now I should have a working samba - except I don't.

The /var/log/samba/log.samba shows:
[2023/03/28 14:56:10.498342,? 0] 
../../source4/smbd/server.c:644(binary_smbd_main)
 ? samba version 4.13.13-Debian started.
 ? Copyright Andrew Tridgell and the Samba Team 1992-2020
[2023/03/28 14:56:10.498471,? 0] 
../../lib/util/become_daemon.c:147(daemon_status)
 ? daemon_status: daemon 'samba' : Starting process...
[2023/03/28 14:56:10.596364,? 0] 
../../source4/smbd/server.c:920(binary_smbd_main)
 ? binary_smbd_main: samba: using 'prefork' process model
[2023/03/28 14:56:10.632970,? 0] 
../../source4/smbd/service_task.c:36(task_server_terminate)
 ? task_server_terminate: task_server_terminate: [kdc: 
hdb_samba4_create_kdc (setup KDC database) failed]
[2023/03/28 14:56:10.641278,? 0] 
../../source4/smbd/service_task.c:36(task_server_terminate)
 ? task_server_terminate: task_server_terminate: [kdc: 
hdb_samba4_create_kdc (setup KDC database) failed]
[2023/03/28 14:56:10.641744,? 0] 
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
 ? /usr/sbin/winbindd: Failed to exec child - No such file or directory
[2023/03/28 14:56:10.646204,? 0] 
../../source4/winbind/winbindd.c:46(winbindd_done)
 ? winbindd daemon died with exit status 255
[2023/03/28 14:56:10.646289,? 0] 
../../source4/smbd/service_task.c:36(task_server_terminate)
 ? task_server_terminate: task_server_terminate: [winbindd child process 
exited]
[2023/03/28 14:56:10.648218,? 0] 
../../source4/smbd/service_task.c:36(task_server_terminate)
 ? task_server_terminate: task_server_terminate: [kdc: 
hdb_samba4_create_kdc (setup KDC database) failed]
[2023/03/28 14:56:10.654829,? 0] 
../../source4/smbd/service_task.c:36(task_server_terminate)
 ? task_server_terminate: task_server_terminate: [kdc: 
hdb_samba4_create_kdc (setup KDC database) failed]
[2023/03/28 14:56:10.655864,? 0] 
../../lib/util/become_daemon.c:135(daemon_ready)
 ? daemon_ready: daemon 'samba' finished starting up and ready to serve 
connections
[2023/03/28 14:56:10.656084,? 0] 
../../source4/smbd/server.c:391(samba_terminate)
 ? samba_terminate: samba_terminate of samba 3918: kdc: 
hdb_samba4_create_kdc (setup KDC database) failed


Anyway, I purged again and tried reinstalling after removing the 
/etc/samba directory - on the theory that it may have been preventing 
apt from seeing this as a clean install. However I got the same errors 
again. Either there is a flaw in the samba package or there is something 
that is making it think it's a reinstall.

Any idea on how I can completely purge samba from the server?

In Debian try:

rm /run/samba/*.tdb \
/run/samba/*.ldb \
/var/lib/samba/*.tdb \
/var/lib/samba/*.ldb \
/var/cache/samba/*.tdb \
/var/cache/samba/*.ldb \
/var/lib/samba/private/*.tdb \
/var/lib/samba/private/*.ldb


Regards.

LP
On 28 Mar 2023 at 20:35 +0100, Gary Dale via samba <samba at
lists.samba.org>, wrote:
> On 2023-03-28 12:46, Rowland Penny via samba wrote:
> >
> >
> > On 28/03/2023 17:30, Gary Dale via samba wrote:
> > > It reports an error and samba doesn't start.
> > > >
> > > > >
> > > > > So now I'm at the point that the samba service
refuses to start.
> > > >
> > > > I cannot see why removing the lines I suggested would stop
Samba
> > > > starting, I take it that you are starting Samba with
'systemctl
> > > > start samba-ad-dc'. Is there anything in the logs that
shows why it
> > > > no longer starts ?
> > > It seems to think it isn't a DC.
> >
> > Very strange, a typical Samba AD DC smb.conf would look like this:
> >
> > [global]
> > ????bind interfaces only = Yes
> > ????dns forwarder = 8.8.8.8
> > ????interfaces = lo eth0
> > ????netbios name = RPIDC2
> > ????realm = SAMDOM.EXAMPLE.COM
> > ????server role = active directory domain controller
> > ????workgroup = SAMDOM
> > ????idmap_ldb:use rfc2307 = yes
> >
> > [sysvol]
> > ????path = /var/lib/samba/sysvol
> > ????read only = No
> >
> > [netlogon]
> > ????path = /var/lib/samba/sysvol/samdom.example.com/scripts
> > ????read only = No
> >
> > > I tried removing the current smb.conf and re-provisioning the
domain
> > > but that has failed.
> >
> > Did it give a reason, such as the smb.conf existed for instance ?
> >
> > > >
> > > > >
> > > > > I'm loath to upgrade the samba version from the
Debian version
> > > > > without a clear benefit, It doesn't look like it
would fix the
> > > > > problem I'm having.
> > > >
> > > > The benefit is that you would be running a Samba supported
version.
> > > And losing the Debian/Stable one....
> >
> > Which is maintained by the same guy that maintains the Debian
> > backports Samba package.
> >
> > > >
> > > > > Nor does this look like it's related in any way to
using the DC as
> > > > > a file server - something I've been doing for two
decades without
> > > > > problems.
> > > >
> > > > I do not think you could have been running a Samba AD DC for
two
> > > > decades, you probably ran A PDC at the start and you could
use those
> > > > as fileservers. Right from the start, Samba (like Windows)
has
> > > > always recommended just using a DC for authentication, but
hey, it
> > > > is your computer, use it as you like, but just be aware of
the
> > > > limitations.
> > > It wasn't an AD DC but it was the DC for my Domain.
> >
> > Win 2k or 2003 ??
> >
> > > >
> > > > > The Samba Wiki caveats seem more related to
organizational issues
> > > > > than technical ones.
> > > >
> > > > The main technical one is that, because of the ACL's
setup required
> > > > for Sysvol, you must set any share permissions from Windows.
> > > And that's not organizational?
> >
> > No, not really, I would have said using multiple DC's or Sites was
> > organisational, setting permissions from Windows is technical in my
book.
> >
> > > >
> > > > >
> > > > > I'm considering tearing down everything and
starting fresh. Decades
> > > > > of accumulated crud could be real problem, since
virtually
> > > > > everything I've read suggests that a simple setup
like mine should
> > > > > just work.
> > > >
> > > > It should just work, in the main it should be easier than a
PDC, but
> > > > when used as a fileserver it can get a little bit harder.
> > > >
> > > > Rowland
> > >
> > > Something is seriously wrong now. I had some memory go bad on the
> > > server not too long ago. Possibly that screwed up something.? I
don't
> > > think I've got any real choice now but to purge.
> >
> > This could be anything, HDD failing, power supply, just about
> > anything, but it does sound like starting again might be a good idea.
> > If you are starting again, then I would urge you to consider having
> > multiple DC's and a separate fileserver.
> >
> > Rowland
> >
> I tried as best I could to remove the old installation with apt purge
> samba? && apt autoremove followed by a reboot. When that didn't
quite do
> the job, I tried apt purge python3-samba && apt autoremove, That
seemed
> to be a little more thorough. For good measure I also removed smbclient.
>
> That left me with an apt install samba failing to --configure. It seemed
> to want an smb.conf file that didn't exist yet. Running samba-tool
> domain provision --use-rfc2307 --interactive created one but I noted
> that it was picking up the previous values from somewhere... Anyway, I
> could then dpkg --configure samba.
>
> So now I should have a working samba - except I don't.
>
> The /var/log/samba/log.samba shows:
> [2023/03/28 14:56:10.498342,? 0]
> ../../source4/smbd/server.c:644(binary_smbd_main)
> ? samba version 4.13.13-Debian started.
> ? Copyright Andrew Tridgell and the Samba Team 1992-2020
> [2023/03/28 14:56:10.498471,? 0]
> ../../lib/util/become_daemon.c:147(daemon_status)
> ? daemon_status: daemon 'samba' : Starting process...
> [2023/03/28 14:56:10.596364,? 0]
> ../../source4/smbd/server.c:920(binary_smbd_main)
> ? binary_smbd_main: samba: using 'prefork' process model
> [2023/03/28 14:56:10.632970,? 0]
> ../../source4/smbd/service_task.c:36(task_server_terminate)
> ? task_server_terminate: task_server_terminate: [kdc:
> hdb_samba4_create_kdc (setup KDC database) failed]
> [2023/03/28 14:56:10.641278,? 0]
> ../../source4/smbd/service_task.c:36(task_server_terminate)
> ? task_server_terminate: task_server_terminate: [kdc:
> hdb_samba4_create_kdc (setup KDC database) failed]
> [2023/03/28 14:56:10.641744,? 0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> ? /usr/sbin/winbindd: Failed to exec child - No such file or directory
> [2023/03/28 14:56:10.646204,? 0]
> ../../source4/winbind/winbindd.c:46(winbindd_done)
> ? winbindd daemon died with exit status 255
> [2023/03/28 14:56:10.646289,? 0]
> ../../source4/smbd/service_task.c:36(task_server_terminate)
> ? task_server_terminate: task_server_terminate: [winbindd child process
> exited]
> [2023/03/28 14:56:10.648218,? 0]
> ../../source4/smbd/service_task.c:36(task_server_terminate)
> ? task_server_terminate: task_server_terminate: [kdc:
> hdb_samba4_create_kdc (setup KDC database) failed]
> [2023/03/28 14:56:10.654829,? 0]
> ../../source4/smbd/service_task.c:36(task_server_terminate)
> ? task_server_terminate: task_server_terminate: [kdc:
> hdb_samba4_create_kdc (setup KDC database) failed]
> [2023/03/28 14:56:10.655864,? 0]
> ../../lib/util/become_daemon.c:135(daemon_ready)
> ? daemon_ready: daemon 'samba' finished starting up and ready to
serve
> connections
> [2023/03/28 14:56:10.656084,? 0]
> ../../source4/smbd/server.c:391(samba_terminate)
> ? samba_terminate: samba_terminate of samba 3918: kdc:
> hdb_samba4_create_kdc (setup KDC database) failed
>
>
> Anyway, I purged again and tried reinstalling after removing the
> /etc/samba directory - on the theory that it may have been preventing
> apt from seeing this as a clean install. However I got the same errors
> again. Either there is a flaw in the samba package or there is something
> that is making it think it's a reinstall.
>
> Any idea on how I can completely purge samba from the server?
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba

On 28/03/2023 20:34, Gary Dale via samba wrote:
>>
> I tried as best I could to remove the old installation with apt purge 
> samba? && apt autoremove followed by a reboot. When that didn't
quite do
> the job, I tried apt purge python3-samba && apt autoremove, That
seemed
> to be a little more thorough. For good measure I also removed smbclient.
Well that is strange, I normally just remove the smb.conf and run the 
samba-tool provision command, this should create a new database and smb.conf
> 
> That left me with an apt install samba failing to --configure.
What exactly do you mean by '--configure', I normally connect that with 
compiling Samba, not with provisioning a new domain.

  It seemed
> to want an smb.conf file that didn't exist yet. 
If you removed the smb.conf, there wouldn't be one, unless you had 
re-installed the Samba packages and you would then probably have one for 
a standalone server, but you say it wanted a smb.conf ????

Running samba-tool
> domain provision --use-rfc2307 --interactive created one but I noted 
> that it was picking up the previous values from somewhere... Anyway, I 
> could then dpkg --configure samba.
Ah, that is where '--configure' is coming from.
Never run that command, what does it do ?
> 
> So now I should have a working samba - except I don't.
> 
> The /var/log/samba/log.samba shows:
> [2023/03/28 14:56:10.498342,? 0] 
> ../../source4/smbd/server.c:644(binary_smbd_main)
>  ? samba version 4.13.13-Debian started.
>  ? Copyright Andrew Tridgell and the Samba Team 1992-2020
> [2023/03/28 14:56:10.498471,? 0] 
> ../../lib/util/become_daemon.c:147(daemon_status)
>  ? daemon_status: daemon 'samba' : Starting process...
> [2023/03/28 14:56:10.596364,? 0] 
> ../../source4/smbd/server.c:920(binary_smbd_main)
>  ? binary_smbd_main: samba: using 'prefork' process model
> [2023/03/28 14:56:10.632970,? 0] 
> ../../source4/smbd/service_task.c:36(task_server_terminate)
>  ? task_server_terminate: task_server_terminate: [kdc: 
> hdb_samba4_create_kdc (setup KDC database) failed]
> [2023/03/28 14:56:10.641278,? 0] 
> ../../source4/smbd/service_task.c:36(task_server_terminate)
>  ? task_server_terminate: task_server_terminate: [kdc: 
> hdb_samba4_create_kdc (setup KDC database) failed]
> [2023/03/28 14:56:10.641744,? 0] 
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
>  ? /usr/sbin/winbindd: Failed to exec child - No such file or directory
> [2023/03/28 14:56:10.646204,? 0] 
> ../../source4/winbind/winbindd.c:46(winbindd_done)
>  ? winbindd daemon died with exit status 255
> [2023/03/28 14:56:10.646289,? 0] 
> ../../source4/smbd/service_task.c:36(task_server_terminate)
>  ? task_server_terminate: task_server_terminate: [winbindd child process 
> exited]
> [2023/03/28 14:56:10.648218,? 0] 
> ../../source4/smbd/service_task.c:36(task_server_terminate)
>  ? task_server_terminate: task_server_terminate: [kdc: 
> hdb_samba4_create_kdc (setup KDC database) failed]
> [2023/03/28 14:56:10.654829,? 0] 
> ../../source4/smbd/service_task.c:36(task_server_terminate)
>  ? task_server_terminate: task_server_terminate: [kdc: 
> hdb_samba4_create_kdc (setup KDC database) failed]
> [2023/03/28 14:56:10.655864,? 0] 
> ../../lib/util/become_daemon.c:135(daemon_ready)
>  ? daemon_ready: daemon 'samba' finished starting up and ready to
serve
> connections
> [2023/03/28 14:56:10.656084,? 0] 
> ../../source4/smbd/server.c:391(samba_terminate)
>  ? samba_terminate: samba_terminate of samba 3918: kdc: 
> hdb_samba4_create_kdc (setup KDC database) failed
Did you re-install winbind ?
> 
> 
> Anyway, I purged again and tried reinstalling after removing the 
> /etc/samba directory - on the theory that it may have been preventing 
> apt from seeing this as a clean install. However I got the same errors 
> again. Either there is a flaw in the samba package or there is something 
> that is making it think it's a reinstall.
 From the sound of it, you are re-installing Samba.
> 
> Any idea on how I can completely purge samba from the server?
> 
> 
I see that someone has already posted the 'recipe' whilst I was writing 
this.

I would ensure that you have these packages installed:

acl attr samba smbclient winbind libnss-winbind libpam-winbind ntp 
ldb-tools krb5-user python3-setproctitle

Ensure that there is no smb.conf

Then provision Samba with:

samba-tool domain provision --use-rfc2307 --interactive

Answer the questions, if unsure of the answers, please ask.

Rowland