Rick Hollinbeck
2025-Mar-27 18:42 UTC
[Samba] Missing Policies folder in AD and /var/lib/samba/sysvol
>> Somehow sysvolcheck is using a LOWER CASE 'f' in the GUID folder name >> for the default GPO! >> >> Where is this coming from? Of course, in Windows this doesn't matter. >>> But in linux it is a showstopper.> I think it is coming from AD.> You will probably have to rename the GPO in AD, possibly along with the > 'name' attribute.> RowlandBingo! Yes, I discovered the lowercase 'f' in Group Policy Management and I was able to rename it, changing the lowercase 'f' to 'F' using ADSI Edit. Now, sysvolreset runs without error and folder permissions look the same as yours. SOLVED... Thanks for your help, Rowland and Michael. I still am wondering where that lowercase 'f' came from in AD. (I doubt that I ever typed that long GUID in by hand!)
Hi Rowland I'm back With your forensic smb.conf I get a different behaviour, but please notice I never used -N on my own before - I reread about it and I guess it is useful to see if basic prerequisites are achieved. Just to let know, and also that my laptop smbclient is smbclient -V Version 4.15.13-Ubuntu that is lower than server's 4.16.11 From the beginning I was puzzled by the message "Unable to connect with SMB1 -- no workgroup available" which thought was the no go error for netbios name resolution, as the camera setup asks for a workgroup. Here are what I get, whatever is the user I connect with, either the termux-builtin=OS-default-user that installed the termux & samba-termux packages, or a user I added with smbpasswd -a and list with: pdbedit -L Unknown parameter encounterd: "smb1 unix extensions" Ignoring unknown parameter "smb1 unix extensions" myaddeduser:0:root defaultandroid_user:0:root The error above is thrown by every program from the samba suite that reads smb.conf. I don't know if that is wanted by you as a non-blocking reminder but I guess this new parameter equivalence to the legacy "unix extensions" was introduced between 4.16.11 and latest release. Whatever I let is as is, hoping that re-enabling "disable netbios = yes" which default(ed?) to "no" is enough to efficiently run the tests you advise. BTW, I installed tcpdump in the termux if this can help to know the version of the smb in the camera. I dug a bit an found the firmware was (c)2007 The Khronos Group Inc but can't know if they used The Samba Team job. Here are the outputs. In the first ones I had not yet (or forgot) to remove NT1 from my server (or client) conf. These ones are surely before I swapped my smb.conf with yours (to keep track of how this behaved): Please don't be worry with these logs, and jump all in the end to see yours with "-N" smbclient -I=192.168.1.5 -p4445 -U=MYPHONE/myaddeduser%password -L 192.168.1.5 ?? ?Sharename?????? Type????? Comment ?? ?---------?????? ----????? ------- ?? ?tz70??????????? Disk????? Internal storage ?? ?IPC$??????????? IPC?????? IPC Service (MYPHONE) SMB1 disabled -- no workgroup available smbclient -I=192.168.1.5 -p4445 -U=MYPHONE/myaddeduser%password -L 192.168.1.5 -m NT1 lp_load_ex: Max protocol NT1 is less than min protocol SMB2_02. protocol negotiation failed: NT_STATUS_INVALID_PARAMETER_MIX smbclient -I=192.168.1.5 -p4445 -U=MYPHONE/myaddeduser%password -L 192.168.1.5 -m NT1 ?? ?Sharename?????? Type????? Comment ?? ?---------?????? ----????? ------- ?? ?tz70??????????? Disk????? Internal storage ?? ?IPC$??????????? IPC?????? IPC Service (MYPHONE) Reconnecting with SMB1 for workgroup listing. do_connect: Connection to 192.168.1.5 failed (Error NT_STATUS_CONNECTION_REFUSED) Unable to connect with SMB1 -- no workgroup available smbclient -I=192.168.1.5 -p4445 -U=MYPHONE/myaddeduser%password -L 192.168.1.5 ?? ?Sharename?????? Type????? Comment ?? ?---------?????? ----????? ------- ?? ?tz70??????????? Disk????? Internal storage ?? ?IPC$??????????? IPC?????? IPC Service (MYPHONE) Reconnecting with SMB1 for workgroup listing. do_connect: Connection to 192.168.1.5 failed (Error NT_STATUS_CONNECTION_REFUSED) Unable to connect with SMB1 -- no workgroup available retried this way: smbclient -I=192.168.1.5 -p4445 -U=MYPHONE/myaddeduser%password -L 192.168.1.5 -m NT1 ?? ?Sharename?????? Type????? Comment ?? ?---------?????? ----????? ------- ?? ?tz70??????????? Disk????? Internal storage ?? ?IPC$??????????? IPC?????? IPC Service (MYPHONE) Reconnecting with SMB1 for workgroup listing. do_connect: Connection to 192.168.1.5 failed (Error NT_STATUS_CONNECTION_REFUSED) Unable to connect with SMB1 -- no workgroup available ...later: smbclient -I=192.168.1.5 -p4445 -U=MYPHONE/myaddeduser%password -L 192.168.1.5 ?? ?Sharename?????? Type????? Comment ?? ?---------?????? ----????? ------- ?? ?tz70??????????? Disk????? Internal storage ?? ?IPC$??????????? IPC?????? IPC Service (MYPHONE) SMB1 disabled -- no workgroup available ...worse: smbclient -I=192.168.1.5 -p4445 -U=MYPHONE/myaddeduser%password -L=192.168.1.5 ?? ?Sharename?????? Type????? Comment ?? ?---------?????? ----????? ------- cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe srvsvc failed with error NT_STATUS_CONNECTION_DISCONNECTED Reconnecting with SMB1 for workgroup listing. do_connect: Connection to 192.168.1.5 failed (Error NT_STATUS_CONNECTION_REFUSED) Unable to connect with SMB1 -- no workgroup available ... repaired! :'( smbclient -I=192.168.1.5 -p4445 -U=MYPHONE/myaddeduser%password -L=192.168.1.5 ?? ?Sharename?????? Type????? Comment ?? ?---------?????? ----????? ------- ?? ?tz70??????????? Disk????? Internal storage ?? ?IPC$??????????? IPC?????? IPC Service (MYPHONE) Reconnecting with SMB1 for workgroup listing. do_connect: Connection to 192.168.1.5 failed (Error NT_STATUS_CONNECTION_REFUSED) Unable to connect with SMB1 -- no workgroup available ...Later again, different user, don't know what I did in client/server: smbclient -I=192.168.1.5 -p4445 -U=MYPHONE/defaultandroid_user%password -L 192.168.1.5 ?? ?Sharename?????? Type????? Comment ?? ?---------?????? ----????? ------- ?? ?IPC$??????????? IPC?????? IPC Service (Samba on Termux) Reconnecting with SMB1 for workgroup listing. smbXcli_negprot_smb1_done: No compatible protocol selected by server. protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE Unable to connect with SMB1 -- no workgroup available my user: smbclient -I=192.168.1.5 -p4445 -U=MYPHONE/myaddeduser%password -L 192.168.1.5 ?? ?Sharename?????? Type????? Comment ?? ?---------?????? ----????? ------- ?? ?IPC$??????????? IPC?????? IPC Service (Samba on Termux) Reconnecting with SMB1 for workgroup listing. smbXcli_negprot_smb1_done: No compatible protocol selected by server. protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE Unable to connect with SMB1 -- no workgroup available several trials later with "-d3 --debug-stdout": smbclient -I=192.168.1.5 -p4445 -U=MYPHONE/myaddeduser%password -L 192.168.1.5 -d3 --debug-stdout ... lp_load_ex: refreshing parameters ... Connecting to 192.168.1.5 at port 4445 ... NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088215 ?? ?Sharename?????? Type????? Comment ?? ?---------?????? ----????? ------- ?? ?IPC$??????????? IPC?????? IPC Service (Samba on Termux) Reconnecting with SMB1 for workgroup listing. Connecting to 192.168.1.5 at port 139 smbXcli_negprot_smb1_done: No compatible protocol selected by server. protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE Unable to connect with SMB1 -- no workgroup available smbclient -I=192.168.1.5 -p4445 -U=MYPHONE/myaddeduser%password -L 192.168.1.5 -d3 --debug-stdout ... Connecting to 192.168.1.5 at port 4445 ... GENSEC backend 'fake_gssapi_krb5' registered Cannot do GSE to an IP address Got challenge flags: Got NTLMSSP neg_flags=0x628a8215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x62088215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088215 ?? ?Sharename?????? Type????? Comment ?? ?---------?????? ----????? ------- ?? ?IPC$??????????? IPC?????? IPC Service (Samba on Termux) Reconnecting with SMB1 for workgroup listing. Connecting to 192.168.1.5 at port 139 Cannot do GSE to an IP address Got challenge flags: Got NTLMSSP neg_flags=0x628a8215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x62088215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088215 ?? ?Server?????????????? Comment ?? ?---------??????????? ------- cli_status_to_errno: 0x0 -> 0 ?? ?Workgroup??????????? Master ?? ?---------??????????? ------- cli_status_to_errno: 0x0 -> 0 smbclient -I=192.168.1.5 -p4445 -U=MYPHONE/myaddeduser%password -L 192.168.1.5 ?? ?Sharename?????? Type????? Comment ?? ?---------?????? ----????? ------- ?? ?IPC$??????????? IPC?????? IPC Service (Samba on Termux) Reconnecting with SMB1 for workgroup listing. ?? ?Server?????????????? Comment ?? ?---------??????????? ------- ?? ?Workgroup??????????? Master ?? ?---------??????????? ------- got the list back: smbclient -I 192.168.1.5 -p4445 -U=MYPHONE/defaultandroid_user%password -L 192.168.1.5 ?? ?Sharename?????? Type????? Comment ?? ?---------?????? ----????? ------- ?? ?tz70??????????? Disk????? Internal storage ?? ?IPC$??????????? IPC?????? IPC Service (Samba on Termux) Reconnecting with SMB1 for workgroup listing. ?? ?Server?????????????? Comment ?? ?---------??????????? ------- ?? ?Workgroup??????????? Master ?? ?---------??????????? ------- smbclient //192.168.1.5/tz70 -p4445 -U=defaultandroid_user%password tree connect failed: NT_STATUS_BAD_NETWORK_NAME later: smbclient //192.168.1.5/tz70 -p4445 -U=WORKGROUP/defaultandroid_user%password -d2 --debug-stdout rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) added interface wlan0 ip=reda:cted:reda:cted:reda:cted:reda:cted bcast= netmask=ffff:ffff:ffff:ffff:: added interface wlan0 ip=reda:cted:reda:cted:reda:cted:reda:cted bcast= netmask=ffff:ffff:ffff:ffff:: added interface wlan0 ip=192.168.1.29 bcast=192.168.1.255 netmask=255.255.255.0 Cannot do GSE to an IP address Try "help" to get a list of possible commands. smb: \> ls ? .?????????????????????????????????? D??????? 0? Wed Feb? 5 09:07:06 2025 ? ..????????????????????????????????? D??????? 0? Mon Mar 24 18:27:15 2025 ? TZ70.jpg??????????????????????????? N? 1518813? Mon Jan 20 11:34:57 2025 ?? ???? 237195068 blocks of size 1024. 184957292 blocks available smb: \> touch toto touch: command not found smb: \> help *************************************************************************** Then yours advice:> I suggest you start by trying to connect to your phone (with termux and > the smbd deamon running) from a Linux computer and try to connect with > 'smbclient -NL <YOUR_PHONES_IP_ADDRESS>'smbclient -NL 192.168.1.5 Anonymous login successful tree connect failed: NT_STATUS_ACCESS_DENIED> If this works, you should get back a list of the shares available > (which in this case should be 'IPC$' and 'tz70'.So it doesn't work as stated: to show the tree with -L I have to remove -N and supply "-U SomeRemoteUser" smbclient -L 192.168.1.5 -U=defaultandroid_user Password for [WORKGROUP\defaultandroid_user]: ?? ?Sharename?????? Type????? Comment ?? ?---------?????? ----????? ------- ?? ?tz70??????????? Disk????? Internal storage ?? ?IPC$??????????? IPC?????? IPC Service (Samba on Termux) SMB1 disabled -- no workgroup available smbclient -L 192.168.1.5 -U=myaddeduser Password for [WORKGROUP\myaddeduser]: ?? ?Sharename?????? Type????? Comment ?? ?---------?????? ----????? ------- ?? ?tz70??????????? Disk????? Internal storage ?? ?IPC$??????????? IPC?????? IPC Service (Samba on Termux) SMB1 disabled -- no workgroup available> If it does work, Ensure that you have created a Samba user with > 'smbpasswd -a <VALID_LOCAL_USERNAME>' and then try to connect to the > 'tz70' share with: > smbclient //<YOUR_PHONES_IP_ADDRESS/tz70 -U <VALID_LOCAL_USERNAME>> You should be prompted for the password for your user (the one you > created with smbpasswd) and then logged in.Well it didn't smbclient //192.168.1.5/tz70 -U=myaddeduser%password Try "help" to get a list of possible commands. smb: \> ls ? .?????????????????????????????????? D??????? 0? Sat Mar 29 10:41:51 2025 ? ..????????????????????????????????? D??????? 0? Thu Mar 27 20:52:57 2025 ? log.nmbd??????????????????????????? N???? 2028? Thu Mar 27 09:03:34 2025 ? testparm.txt??????????????????????? N???? 2048? Tue Mar 25 11:44:50 2025 ? termux-info.txt???????????????????? N???? 1027? Tue Mar 25 11:27:23 2025 ? TZ70.jpg??????????????????????????? N? 1518813? Mon Jan 20 11:34:57 2025 ? 20250328??????????????????????????? D??????? 0? Fri Mar 28 17:37:24 2025 ? Chien.png?????????????????????????? N?? 163563? Wed Dec 13 20:44:14 2023 ? testparm-v(redacted).txt??????????? N??? 13009? Tue Mar 25 09:36:29 2025 ? log.nmbd.old??????????????????????? N???? 8881? Tue Mar 25 09:17:06 2025 ?? ???? 237195068 blocks of size 1024. 185203504 blocks available smb: \> As you see I can connect with IP address from the linux PC and I can do the same from the camera My issue is name to IP resolution : smbclient //MYPHONE/tz70 -U=myaddeduser%password do_connect: Connection to?MYPHONE failed (Error NT_STATUS_NOT_FOUND)
Seemingly Similar Threads
- nmbd don't start but gives no error (termux)
- nmbd don't start but gives no error (termux)
- Error in `[[<-.data.frame`(`*tmp*`, alt.name, value = integer(0)) with mlogit
- Error in `[[<-.data.frame`(`*tmp*`, alt.name, value = integer(0)) with mlogit
- Compiling tinc for android.