Re: [Samba] problems after upgrade from 3.3.2 to 3.4.0
On 28/05/2010 3:14 AM, Dale Schroeder wrote: > Quoting Thomas Gutzler (thomas.gutz...@gmail.com): > >> After upgrading one of my samba servers from ubuntu jaunty (3.3.2) >> to karmic (3.4.0) I cannot access the shares any more. > > I recall you saying that you had accounted for the default passdb > backend change in 3.4.0. > That leaves the authentications changes as the other big difference with > 3.4.0. > I don't recall you saying whether or not KRIKKIT is in the domain. If > KRIKKIT is not in the domain, try setting > > map untrusted to domain = Yes > > on the box that is giving you problems. That fixed it. And I really don't know why I didn't spot that from the output I posted. I must have been assuming identical behaviour for PDC and domain member, which isn't the case for map untrusted to domain. Thanks for your help! Tom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] problems after upgrade from 3.3.2 to 3.4.0
On 05/26/2010 9:00 PM, Thomas Gutzler wrote: On 27/05/2010 4:19 AM, Harry Jede wrote: On Mittwoch, 26. Mai 2010 wrote Thomas Gutzler: On 26/05/2010 4:44 PM, Christian PERRIER wrote: Quoting Thomas Gutzler (thomas.gutz...@gmail.com): After upgrading one of my samba servers from ubuntu jaunty (3.3.2) to karmic (3.4.0) I cannot access the shares any more. Or my favorite upgrade path: # testparm -v -s /dev/null> smb.conf.default-$(smbd -V|cut -f2 -d' ') Run this before and after upgrading samba To get a small host specific file without the services: # testparm -s --section-name=global> smb.conf.$HOSTNAME-$(smbd -V| cut -f2 -d' ') It's a bit late to run it before the upgrade now but I found another machine running jaunty (enjoy), so I installed samba and ran testparm with the smb.conf from the updated machine (fintlewoodlewix). Here's the diff between the two defaults (without the line numbers): # diff smb.conf.default-3.3.2 smb.conf.default-3.4.0
Re: [Samba] problems after upgrade from 3.3.2 to 3.4.0
On 27/05/2010 4:19 AM, Harry Jede wrote: > On Mittwoch, 26. Mai 2010 wrote Thomas Gutzler: >> >> On 26/05/2010 4:44 PM, Christian PERRIER wrote: >>> Quoting Thomas Gutzler (thomas.gutz...@gmail.com): After upgrading one of my samba servers from ubuntu jaunty (3.3.2) to karmic (3.4.0) I cannot access the shares any more. >>> > > Or my favorite upgrade path: > # testparm -v -s /dev/null > smb.conf.default-$(smbd -V|cut -f2 -d' ') > Run this before and after upgrading samba > > To get a small host specific file without the services: > # testparm -s --section-name=global > smb.conf.$HOSTNAME-$(smbd -V| > cut -f2 -d' ') It's a bit late to run it before the upgrade now but I found another machine running jaunty (enjoy), so I installed samba and ran testparm with the smb.conf from the updated machine (fintlewoodlewix). Here's the diff between the two defaults (without the line numbers): # diff smb.conf.default-3.3.2 smb.conf.default-3.4.0 < netbios name = ENJOY > netbios name = FINTLEWOODLEWIX < server string = Samba 3.3.2 > server string = Samba 3.4.0 < config backend = file < passdb backend = smbpasswd > passdb backend = tdbsam < use kerberos keytab = No > dedicated keytab file = > kerberos method = default > map untrusted to domain = No < max open files = 1 > max open files = 16384 < config file = < lock directory = > lock directory = /var/run/samba > state directory = /var/lib/samba > cache directory = /var/cache/samba > perfcount module = > access based share enum = No > browsable = Yes < include = And the host specific ones. The only thing I changed there was to get rid of the PAM stuff and change the password server from name to IP. # diff smb.conf.enjoy-3.3.2 smb.conf.fintlewoodlewix-3.4.0 < obey pam restrictions = Yes < password server = io > password server = 130.95.136.177 < passdb backend = tdbsam < pam password change = Yes I also deleted all .tdb files in /var/lib/samba, the machine account on the PDC and rejoined the domain but authentication still doesn't work. Neither does the mapping to guest for invalid users. While I had samba running on the jaunty machine, I joined it to the domain and tried if I could connect to it using the same machine and credentials as before; and I could. Even the guest account seems to work alright with no change in the configuration other than the path in the share. I might follow Christians suggestion and upgrade to 10.04 unless there are any other suggestions. Maybe a second upgrade fixes it. Tom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] problems after upgrade from 3.3.2 to 3.4.0
On Mittwoch, 26. Mai 2010 wrote Thomas Gutzler: > Hi Christian, > > On 26/05/2010 4:44 PM, Christian PERRIER wrote: > > Quoting Thomas Gutzler (thomas.gutz...@gmail.com): > >> Hi, > >> > >> After upgrading one of my samba servers from ubuntu jaunty (3.3.2) > >> to karmic (3.4.0) I cannot access the shares any more. > > > > The default for "passdb backend" changed between these versions > > (from "smbpasswd" to "tdbsam") and, as you don't explicitly set it > > in smb.conf, I'd gues this might be the reason for this. > > > > Try adding: > > > > passdb backend = smbpasswd > > Thanks for your reply. I am aware of this change but thought I wasn't > affected because both smb.conf (PDC and other samba server) had > passdb backend = tdbsam > already set. Yet another setting not listed by testparm. Mmmh, testparm is not so bad ;-) Try this: # testparm -v -s /dev/null |grep passdb Or my favorite upgrade path: # testparm -v -s /dev/null > smb.conf.default-$(smbd -V|cut -f2 -d' ') Run this before and after upgrading samba To get a small host specific file without the services: # testparm -s --section-name=global > smb.conf.$HOSTNAME-$(smbd -V| cut -f2 -d' ') So you may end up with 4 files: # ls smb.conf.* smb.conf.myserver-3.0.22 smb.conf.myserver-3.4.7 smb.conf.default-3.0.22 smb.conf.default-3.4.7 Run a diff against the default files and you may see which config params has changed their default values. -- Regards Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] problems after upgrade from 3.3.2 to 3.4.0
Quoting Thomas Gutzler (thomas.gutz...@gmail.com): >passdb backend = tdbsam > already set. Yet another setting not listed by testparm. Ah, because this is the default so it's trimmed by testparm. 3.3.2 testparm would probably have it shown. So, sorry for the wrong answer. Are you in position to upgrade your Ubuntu box again to "whatever funky name used by Ubuntu 10.04" so that you bump to samba 3.4.7? (sorry, there are too many codenames in Ubuntu and I can never remember all of them...this is why I like to see us, Debian, release every 2 year..:-)) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] problems after upgrade from 3.3.2 to 3.4.0
Hi Christian, On 26/05/2010 4:44 PM, Christian PERRIER wrote: > Quoting Thomas Gutzler (thomas.gutz...@gmail.com): >> Hi, >> >> After upgrading one of my samba servers from ubuntu jaunty (3.3.2) to >> karmic (3.4.0) I cannot access the shares any more. > > The default for "passdb backend" changed between these versions (from > "smbpasswd" to "tdbsam") and, as you don't explicitly set it in > smb.conf, I'd gues this might be the reason for this. > > Try adding: > > passdb backend = smbpasswd Thanks for your reply. I am aware of this change but thought I wasn't affected because both smb.conf (PDC and other samba server) had passdb backend = tdbsam already set. Yet another setting not listed by testparm. Out of curiosity I tried setting it to smbpasswd on fintlewoodlewix; didn't make a difference. Here is the full smb.conf: [global] workgroup = OBEL server string = %h file server dns proxy = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = domain password server = 130.95.136.177 encrypt passwords = true passdb backend = tdbsam invalid users = root unix password sync = no passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . map to guest = bad uid guest account = nobody socket options = TCP_NODELAY [data] comment = valuable not backed up research data writeable = yes path = /home/fintlewoodlewix/data create mode = 0644 force create mode = 0644 force directory mode = 0755 directory mode = 0755 guest ok = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] problems after upgrade from 3.3.2 to 3.4.0
Quoting Thomas Gutzler (thomas.gutz...@gmail.com): > Hi, > > After upgrading one of my samba servers from ubuntu jaunty (3.3.2) to > karmic (3.4.0) I cannot access the shares any more. The default for "passdb backend" changed between these versions (from "smbpasswd" to "tdbsam") and, as you don't explicitly set it in smb.conf, I'd gues this might be the reason for this. Try adding: passdb backend = smbpasswd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] problems after upgrade from 3.3.2 to 3.4.0
Hi, After upgrading one of my samba servers from ubuntu jaunty (3.3.2) to karmic (3.4.0) I cannot access the shares any more. The server (FINTLEWOODLEWIX) is set up to check authentication via a PDC (IO), which is also running 3.4.0 (and has been before). Guest access is allowed so that any users without a local unix account will be granted read access. Valid users are allowed read/write. After the upgrade I'm not able to connect to the share any more unless I specifically use the guest account (nobody) and its password. When trying to connect from a windows box (KRIKKIT), the logfile says the following (smbd runs in -d3). It doesn't seem to matter if the user (tom) has a local unix account or not: [2010/05/26 11:00:17, 3] libsmb/namequery_dc.c:199(rpc_dc_name) rpc_dc_name: Returning DC IO (130.95.136.177) for domain OBEL [2010/05/26 11:00:17, 3] libsmb/cliconnect.c:2031(cli_start_connection) Connecting to host=IO [2010/05/26 11:00:17, 3] lib/util_sock.c:1025(open_socket_out_send) Connecting to 130.95.136.177 at port 445 [2010/05/26 11:00:17, 3] lib/util_sock.c:1025(open_socket_out_send) Connecting to 130.95.136.177 at port 139 [2010/05/26 11:00:17, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [krikkit]\[t...@[krikkit] with the new password interface [2010/05/26 11:00:17, 3] auth/auth.c:225(check_ntlm_password) check_ntlm_password: mapped user is: [fintlewoodlewix]\[t...@[krikkit] [2010/05/26 11:00:17, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/05/26 11:00:17, 3] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/05/26 11:00:17, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/05/26 11:00:17, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/05/26 11:00:17, 3] auth/auth_sam.c:282(check_sam_security) check_sam_security: Couldn't find user 'tom' in passdb. [2010/05/26 11:00:17, 3] auth/auth_winbind.c:54(check_winbind_security) check_winbind_security: Not using winbind, requested domain [FINTLEWOODLEWIX] was for this SAM. [2010/05/26 11:00:17, 2] auth/auth.c:320(check_ntlm_password) check_ntlm_password: Authentication for user [tom] -> [tom] FAILED with error NT_STATUS_NO_SUCH_USER [2010/05/26 11:00:17, 3] smbd/error.c:60(error_packet_set) error packet at smbd/sesssetup.c(122) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE The same user can directly connect to IO with not problems. Sending "OBEL\tom" as user instead gives the following error: [2010/05/26 11:08:17, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [obel]\[t...@[krikkit] with the new password interface [2010/05/26 11:08:17, 3] auth/auth.c:225(check_ntlm_password) check_ntlm_password: mapped user is: [fintlewoodlewix]\[t...@[krikkit] [2010/05/26 11:08:17, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2010/05/26 11:08:17, 3] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2010/05/26 11:08:17, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2010/05/26 11:08:17, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2010/05/26 11:08:17, 3] auth/auth_sam.c:282(check_sam_security) check_sam_security: Couldn't find user 'tom' in passdb. [2010/05/26 11:08:17, 3] auth/auth_winbind.c:54(check_winbind_security) check_winbind_security: Not using winbind, requested domain [FINTLEWOODLEWIX] was for this SAM. [2010/05/26 11:08:17, 2] auth/auth.c:320(check_ntlm_password) check_ntlm_password: Authentication for user [tom] -> [tom] FAILED with error NT_STATUS_NO_SUCH_USER [2010/05/26 11:08:17, 3] smbd/error.c:60(error_packet_set) error packet at smbd/sesssetup.c(122) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE Here is the output from testparm: Load smb config files from /etc/samba/smb.conf rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) Processing section "[data]" Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = OBEL server string = %h file server security = DOMAIN map to guest = Bad Uid password server = 130.95.136.177 passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 dns proxy = No panic action = /usr/share/samba/panic-action %d invalid users = root [data] comment = valuable not backed up research data path = /home/fintlewoodlewix/data read only = No create mask = 0644 force create mode = 0644 force directory
