Rowland Penny
2023-Jun-12 21:27 UTC
[Samba] [EXTERNAL]Re: SMB1 Domain stopped working after updates quick solution needed
On 12/06/2023 21:51, Mark Bannister via samba wrote:>> > Ok, so I need to search for info on a "NT4-sytle PDC"?? Everything I > find is about AD.? Do you think this error is the reason for Winbind > exiting "idmap backend rid not found"? ? > > --Okay, after digging in some very old files, try this as the '[global]' part of your smb.conf [global] workgroup = LINGROUP server string = APP Samba %v %h wins support = Yes dns proxy = No log file = /var/log/samba/log.%m max log size = 1000 panic action = /usr/share/samba/panic-action %d server role = classic primary domain controller obey pam restrictions = Yes unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = Yes map to guest = Bad User domain logons = Yes logon drive = H: logon home logon path logon script = logon.bat add machine script = sudo /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u domain master = Yes load printers = No name resolve order = wins lmhosts host bcast ntlm auth = ntlmv1-permitted preferred master = Yes server max protocol = NT1 client max protocol = NT1 template homedir = /home/%U template shell = /bin/bash admin users = sysadmin hosts allow = 127.0.0.1 192.168.1. 192.168.0.0/26 hosts deny = 0.0.0.0/0 use client driver = Yes veto oplock files = /*.TV/*.FAM/*.dat/*.DAT/*.db/*.DB/*.X??/*.x??/*.Y??/*.y??/*.MB/*.mb/*.VAL/*.val/*.PX/*.px/*.mdb/*.MDB/*.lck/*.LCK/ Rowland
Mark Bannister
2023-Jun-13 13:03 UTC
[Samba] [EXTERNAL]Re: SMB1 Domain stopped working after updates quick solution needed
On 6/12/2023 4:27 PM, Rowland Penny via samba wrote:> > > On 12/06/2023 21:51, Mark Bannister via samba wrote: > >>> >> Ok, so I need to search for info on a "NT4-sytle PDC"? Everything I >> find is about AD.? Do you think this error is the reason for Winbind >> exiting "idmap backend rid not found"? ? >> >> -- > > > Okay, after digging in some very old files, try this as the '[global]' > part of your smb.conf > > [global] > ??????? workgroup = LINGROUP > ??????? server string = APP Samba %v %h > ??????? wins support = Yes > ??????? dns proxy = No > ??????? log file = /var/log/samba/log.%m > ??????? max log size = 1000 > ??????? panic action = /usr/share/samba/panic-action %d > ??????? server role = classic primary domain controller > ??????? obey pam restrictions = Yes > ??????? unix password sync = Yes > ??????? passwd program = /usr/bin/passwd %u > ??????? passwd chat = *Enter\snew\s*\spassword:* %n\n > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . > ??????? pam password change = Yes > ??????? map to guest = Bad User > ??????? domain logons = Yes > ??????? logon drive = H: > ??????? logon home > ??????? logon path > ??????? logon script = logon.bat > ??????? add machine script = sudo /usr/sbin/useradd -g machines -c "%u > machine account" -d /var/lib/samba -s /bin/false %u > ??????? add user script = /usr/sbin/adduser --quiet > --disabled-password --gecos "" %u > ??????? domain master = Yes > ??????? load printers = No > ??????? name resolve order = wins lmhosts host bcast > ??????? ntlm auth = ntlmv1-permitted > ??????? preferred master = Yes > ??????? server max protocol = NT1 > ??????? client max protocol = NT1 > ??????? template homedir = /home/%U > ??????? template shell = /bin/bash > ??????? admin users = sysadmin > ??????? hosts allow = 127.0.0.1 192.168.1. 192.168.0.0/26 > ??????? hosts deny = 0.0.0.0/0 > ??????? use client driver = Yes > ??????? veto oplock files = > /*.TV/*.FAM/*.dat/*.DAT/*.db/*.DB/*.X??/*.x??/*.Y??/*.y??/*.MB/*.mb/*.VAL/*.val/*.PX/*.px/*.mdb/*.MDB/*.lck/*.LCK/ > > Rowland > > >OK, I got winbind to run. smbd messages: :?? Samba name server APPSERVER1 is now a local master browser for workgroup LINGROUP on subnet 172.17.0.1 Jun 13 07:46:56 APPServer1 nmbd[2996]: Jun 13 07:46:56 APPServer1 nmbd[2996]:?? ***** Jun 13 07:46:56 APPServer1 nmbd[2996]: [2023/06/13 07:46:56.141436,? 0] ../../source3/nmbd/nmbd_become_lmb.c:398(become_local_master_stage2) Jun 13 07:46:56 APPServer1 nmbd[2996]:?? ***** Jun 13 07:46:56 APPServer1 nmbd[2996]: Jun 13 07:46:56 APPServer1 nmbd[2996]:?? Samba name server APPSERVER1 is now a local master browser for workgroup LINGROUP on subnet 192.168.1.1> Jun 13 07:46:56 APPServer1 nmbd[2996]: Jun 13 07:46:56 APPServer1 nmbd[2996]:?? ***** nmbd messages: Jun 13 07:46:34 APPServer1 smbd[3006]: [2023/06/13 07:46:34.944377,? 0] ../../source3/smbd/server.c:1746(main) Jun 13 07:46:34 APPServer1 smbd[3006]:?? smbd version 4.18.3 started. Jun 13 07:46:34 APPServer1 smbd[3006]:?? Copyright Andrew Tridgell and the Samba Team 1992-2023 Jun 13 07:46:34 APPServer1 smbd[3006]: [2023/06/13 07:46:34.945894,? 0] ../../source3/param/loadparm.c:4143(lp_load_ex) Jun 13 07:46:34 APPServer1 smbd[3006]:?? lp_load_ex: Max protocol NT1 is less than min protocol SMB2_ winbind: Jun 13 07:46:32 APPServer1 winbind[2956]:? * Starting the Winbind daemon winbind Jun 13 07:46:32 APPServer1 winbindd[2966]: [2023/06/13 07:46:32.772850,? 0] ../../source3/winbindd/winbindd.c:1441(main) Jun 13 07:46:32 APPServer1 winbindd[2966]:?? winbindd version 4.18.3 started. Jun 13 07:46:32 APPServer1 winbindd[2966]:?? Copyright Andrew Tridgell and the Samba Team 1992-2023 Jun 13 07:46:32 APPServer1 winbindd[2966]: [2023/06/13 07:46:32.774251,? 0] ../../source3/param/loadparm.c:4143(lp_load_ex) Jun 13 07:46:32 APPServer1 winbindd[2966]:?? lp_load_ex: Max protocol NT1 is less than min protocol SMB2_02. Jun 13 07:46:32 APPServer1 winbindd[2968]: [2023/06/13 07:46:32.780494,? 0] ../../source3/winbindd/winbindd_cache.c:3116(initialize_winbindd_cac> Jun 13 07:46:32 APPServer1 winbindd[2968]: initialize_winbindd_cache: clearing cache and re-creating with version number 2 Jun 13 07:46:32 APPServer1 winbind[2956]:??? ...done. Jun 13 07:46:32 APPServer1 systemd[1]: Started LSB: start Winbind daemon. Current global config: ?add machine script = sudo /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u ??????? add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u ??????? client max protocol = NT1 ??????? dns proxy = No ??????? domain logons = Yes ??????? domain master = Yes ??????? load printers = No ??????? log file = /var/log/samba/log.%m ??????? logon drive = H: ??????? logon home ??????? logon path ??????? logon script = logon.bat ??????? map to guest = Bad User ??????? max log size = 1000 ??????? name resolve order = wins lmhosts host bcast ??????? ntlm auth = ntlmv1-permitted ??????? obey pam restrictions = Yes ??????? pam password change = Yes ??????? panic action = /usr/share/samba/panic-action %d ??????? passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . ??????? passwd program = /usr/bin/passwd %u ??????? preferred master = Yes ??????? server max protocol = NT1 ??????? server role = classic primary domain controller ??????? server string = APP Samba %v %h ??????? template homedir = /home/%U ??????? template shell = /bin/bash ??????? unix password sync = Yes ??????? username map = /usr/local/samba/etc/username.map ??????? wins support = Yes ??????? workgroup = LINGROUP ??????? idmap config lingroup : range = 10000-999999 ??????? idmap config lingroup : backend = rid ??????? idmap config * : range = 3000-7999 ??????? idmap config * : backend = tdb ??????? admin users = sysadmin ??????? hosts allow = 127.0.0.1 192.168.1. 192.168.0.0/26 ??????? hosts deny = 0.0.0.0/0 ??????? use client driver = Yes ??????? veto oplock files = /*.TV/*.FAM/*.dat/*.DAT/*.db/*.DB/*.X??/*.x??/*.Y??/*.y??/*.MB/*.mb/*.VAL/*.val/*.PX/*.px/*.mdb/*.MDB/*.lck/*.LCK/ I had to add back some things to get smbd to run.? Windows computers can't see the Samba network (two other Ubuntu servers are running samba and windows does not see any of them).? Samba has no log files for the Win10 IP's or names. TLDR: winbind is running now, but nothing else has changed. -- Mark B