[Bug 1292548] Re: Standalone Server: Update from Samba 2:3.6.18-1ubuntu3.1 (saucy) to 2:4.1.3+dfsg-2ubuntu3 (trusty) breaks access to the server
Raoul Bhatia
raoul at bhatia.at
Tue Apr 1 16:26:50 UTC 2014
Hi Robie,
Yes, there is a "valid users = %S" line present in the smb.conf file.
When I comment it out, smbclient -L works as expected.
What i did:
1) Comment out "valid users = %S", see the diff:
> root at ubuntu:/etc/samba# diff -u ~/smb.conf.old smb.conf
> --- /root/smb.conf.old 2014-04-01 18:19:16.880909594 +0200
> +++ smb.conf 2014-04-01 18:19:40.065312095 +0200
> @@ -211,7 +211,7 @@
> # The following parameter makes sure that only "username" can connect
> # to \\server\username
> # This might need tweaking when using external authentication schemes
> - valid users = %S
> +; valid users = %S
>
> # Un-comment the following and create the netlogon directory for Domain Logons
> # (you need to configure Samba to act as a domain controller too.)
2) Restart samba:
> root at ubuntu:/etc/samba# service samba restart
3) Test the connectivity:
> root at ubuntu:/etc/samba# smbclient -L \\localhost -U ubuntu
> Enter ubuntu's password:
> Domain=[WORKGROUP] OS=[Unix] Server=[Samba 4.1.3-Ubuntu]
>
> Sharename Type Comment
> --------- ---- -------
> IPC$ IPC IPC Service (ubuntu server (Samba, Ubuntu))
> print$ Disk Printer Drivers
> Domain=[WORKGROUP] OS=[Unix] Server=[Samba 4.1.3-Ubuntu]
>
> Server Comment
> --------- -------
> UBUNTU ubuntu server (Samba, Ubuntu)
>
> Workgroup Master
> --------- -------
> WORKGROUP UBUNTU
There are a number of other options which IMHO are placed under [homes]
but are commented in:
Here the full, unchanged default smb.conf file (read only, create mask, directory mask, valid users):
---------------------------- c u t ----------------------------
#======================= Share Definitions =======================
# Un-comment the following (and tweak the other settings below to suit)
# to enable the default home directory shares. This will share each
# user's home directory as \\server\username
;[homes]
; comment = Home Directories
; browseable = no
# By default, the home directories are exported read-only. Change the
# next parameter to 'no' if you want to be able to write to them.
read only = yes
# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
create mask = 0700
# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
directory mask = 0700
# By default, \\server\username shares can be connected to by anyone
# with access to the samba server.
# The following parameter makes sure that only "username" can connect
# to \\server\username
# This might need tweaking when using external authentication schemes
valid users = %S
# Un-comment the following and create the netlogon directory for Domain Logons
# (you need to configure Samba to act as a domain controller too.)
;[netlogon]
; comment = Network Logon Service
; path = /home/samba/netlogon
; guest ok = yes
; read only = yes
# Un-comment the following and create the profiles directory to store
# users profiles (see the "logon path" option above)
# (you need to configure Samba to act as a domain controller too.)
# The path below should be writable by all users so that their
# profile directory may be created the first time they log on
;[profiles]
; comment = Users profiles
; path = /home/samba/profiles
; guest ok = no
; browseable = no
; create mask = 0600
; directory mask = 0700
[printers]
comment = All Printers
---------------------------- c u t ----------------------------
Also, i compared this with to the smb.conf from samba 2:4.1.6+dfsg-1
which i took from Debian Jessie and applied on my Ubuntu 14.04 "Ubuntu
Trusty Tahr (development branch)". In this configuration, everything
below "[homes]" is commented out.
Cheers,
Raoul
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1292548
Title:
Standalone Server: Update from Samba 2:3.6.18-1ubuntu3.1 (saucy) to
2:4.1.3+dfsg-2ubuntu3 (trusty) breaks access to the server
Status in “samba” package in Ubuntu:
New
Status in “samba” source package in Trusty:
New
Bug description:
I have been using Samba as a standalone server since many years and
have successfully gone through multiple Samba upgrades.
This week, I upgraded from Ubuntu 13.10 (saucy) to Ubuntu 14.04 (trusty).
This came with an upgrade from Samba 2:3.6.18-1ubuntu3.1 (saucy) to 2:4.1.3+dfsg-2ubuntu3 (trusty).
(NOTE: I did not use the samba4 package but was still sticking to Samba 3 in Ubuntu saucy)
After the update, I wasn't able to access the shares any more.
"smbclient -L localhost -U%" / "smbclient -L localhost -U user" resulted in various errors, including
* tree connect failed: NT_STATUS_ACCESS_DENIED
* (from session setup) not permitted to access this share (IPC$)
* NT_STATUS_LOGON_FAILURE
* string_to_sid: SID IPC_ is not in a valid format
I was neither able to properly browse the server/shares via smbclient nor via Windows 7 Ultimate nor Windows 8.1.
However, I was able to directly access a share from a Linux shell
using "smbclient -U user //server/share-c ls".
Not even purging samba, all related configuration, all folders,
including /etc/samba, /var/cache/samba, /var/spool/samba,
/var/lib/samba, and re-installing samba (Version 2:4.1.3+dfsg-
2ubuntu3 from trusty) did the trick.
Only after installing all related packages from Debian jessie (Version 2:4.1.5+dfsg-1), everything worked out of the box again.
Thus, I think that something in the most recent Ubuntu Samba package
might be broken and kindly ask you to investigate, as there will be
several users who will upgrade and stick to this LTS release.
Thanks,
Raoul
PS. I did not try Samba 4.0 (Package samba4*) on Ubuntu saucy and
therefore cannot tell if these are working as expected.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1292548/+subscriptions
More information about the foundations-bugs
mailing list