Public bug reported:
Samba upgrade from 2:4.7.6+dfsg~ubuntu-0ubuntu2 to
2:4.7.6+dfsg~ubuntu-0ubuntu2.26 breaks fixed user mapping
Environment:
Operating System: Ubuntu 18.04.6 LTS
Kernel: Linux 5.4.0-1058-oracle (Oracle OCI kernel)
apt list -a samba
samba/bionic-updates,bionic-security,now 2:4.7.6+dfsg~ubuntu-0ubuntu2.26 amd64
[installed]
samba/bionic 2:4.7.6+dfsg~ubuntu-0ubuntu2 amd64
/etc/samba/smb.conf (relevant parts):
[global]
workgroup = DOMAIN
security = ADS
realm = DOMAIN.TLD
idmap config * : backend = tdb
idmap config * : range = 3000-99999
idmap config DOMAIN : backend = rid
idmap config DOMAIN : range = 100000-199999
username map = /etc/samba/user.map
winbind refresh tickets = Yes
vfs objects = acl_xattr
map acl inherit = Yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
/etc/samba/user.map:
!root = DOMAIN\Administrator
Expected behaviour (running without problems in 2:4.7.6+dfsg~ubuntu-0ubuntu2)
User DOMAIN\Administrator has access as root to all Samba shares.
Behaviour after (unattended) upgrade to 2:4.7.6+dfsg~ubuntu-0ubuntu2.26:
Changes:
/var/log/unattended-upgrades/unattended-upgrades.log
2021-12-08 06:59:55,179 INFO Packages that will be upgraded: busybox-initramfs
busybox-static libnss-winbind libwbclient0 python-samba samba samba-common
samba-common-bin samba-dsdb-modules samba-libs samba-vfs-modules winbind
Problem:
User DOMAIN\Administrator (mapped as user root on samba server) has no more
access to any Samba shares.
Detailed problem description:
Attempt to access Samba shares from Windows (Server 2016, current patch level).
Errors differ if Client for NFS is installed in Windows or not.
When Client for NFS ist installed, Windows tries to connect with NFS first, so
remove it for testing or results will be false (ERROR_INVALID_TOKEN).
Trying to acces Samba with SMB results in immediate error:
[Window Title]
Network Error
[Main Instruction]
Windows cannot access \\sambaserver
[Content]
Check the spelling of the name. Otherwise, there might be a problem with your
network. To try to identify and resolve network problems, click Diagnose.
[^] Hide details [Diagnose] [Cancel]
[Expanded Information]
Error code: 0x80070035
The network path was not found.
I could not find any corresponding log file entry on Samba server in any
log.
IMPORTANT: Attempt to connect as regular AD domain user from SAME server
(Map network drive using different credentials) works without any
problem.
After rolling back all packages to 2:4.7.6+dfsg~ubuntu-0ubuntu2 everything
works without problems again:
apt install libnss-winbind=2:4.7.6+dfsg~ubuntu-0ubuntu2
libsmbclient=2:4.7.6+dfsg~ubuntu-0ubuntu2
libwbclient0=2:4.7.6+dfsg~ubuntu-0ubuntu2 python-
samba=2:4.7.6+dfsg~ubuntu-0ubuntu2 samba=2:4.7.6+dfsg~ubuntu-0ubuntu2
samba-common=2:4.7.6+dfsg~ubuntu-0ubuntu2 samba-common-
bin=2:4.7.6+dfsg~ubuntu-0ubuntu2 samba-dsdb-
modules=2:4.7.6+dfsg~ubuntu-0ubuntu2 samba-
libs=2:4.7.6+dfsg~ubuntu-0ubuntu2 samba-vfs-
modules=2:4.7.6+dfsg~ubuntu-0ubuntu2
smbclient=2:4.7.6+dfsg~ubuntu-0ubuntu2
winbind=2:4.7.6+dfsg~ubuntu-0ubuntu2
# I hope that prevents from further unattended upgrade till the bug is fixed:
apt-mark hold libnss-winbind libsmbclient libwbclient0 python-samba samba
samba-common samba-common-bin samba-dsdb-modules samba-libs samba-vfs-modules
smbclient winbind
** Affects: ubuntu
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1953729
Title:
Fixed user mapping broken in Samba 2:4.7.6+dfsg~ubuntu-0ubuntu2.26
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+bug/1953729/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
