So, after I upgrade from 15.2 to 15.3 it seems I somehow not able to get samba working again.
I installed yast2-samba-server - used it to set up smb share - but not able to connect with correct credentials provided. No matter if using workgroup-name as prefix or just username on its own. Is the current 15.3 smb server somehow broken or am I missing something?
Hi
Likely the smb version… if you use the client to connect with verbosity it will show more details…
smbclient -d 3 -L //<your_smb_ip_address>
Then can make some tweaks to /etc/samba/smb.conf file.
Well - I don’t see how that could be an issue but I tried it anyway.
It’s not like not showing up at all - so when it type \ip into my windows box explorer I do get the list “groups”, “profiles” and “users” as well as I can also access the user private home with \ip\username - but no matter what I provide as credentials I get an error back that the provided login credentials are not correct.
Am I doing something wrong or do I miss something? Even trying to local mount the share fails. Do I have to add the user to some group? Or somehow set a password specific for smb user authentication? I’m lost …
D’OH
Ok, I don’t know WHY, but it seems something has changed between 15.2 and 15.3: I had to manually add the user to the smb-pass-db with sudo smbpasswd -a user. It’s not auto-synch’ed to the /etc/passwd / /etc/shadow files. Just another entry in my list “somehow suse makes something different” - like for some reason using the mariadb from suse repo doesn’T work with my apache james mail server, but using the “official” version does, and noone is able to tell me what’s different between these two.
So, I got it working - just took me the whole weekend to figure this out.
Are the netbios ports enabled - 137, 138 have to be enabled for smb to work.
Issue solved - for some reason smb user/pass db isn’t auto-sync with local system users but has to be seperately. Tried to find some note in the 15.3 changelog but found none.
Anyway - for me as a home user with only one account that’s a simple solution - but what about businesses with thousands of employees? Guess SuSE won’t be used in such environments anyway due to all its weird quirks.
I wasn’t aware that it could at any time. Samba users != Unix users unless LDAP is employed?
Were you perhaps referring to password synchronization?
Using the following directive in the [global] section of smb.conf…
unix password sync = yes
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server#Creating_a_Basic_authenticated_access_smb.conf_File
https://www.linuxtopia.org/online_books/network_administration_guides/using_samba_book/ch06_04_05.html
https://www.suse.com/support/kb/doc/?id=000016742
Well, as a 90s kid grew up with windows I used to “a minor patch schuldn’t change such fundamentals”.
It seems in 15.2 it’s default that smb users sync to - but not in 15.3. Question is: Does this change come from upstream source or is it some suse specific change? As 15.3 is only a minor it may come with updated packages include fixes - but that change out of the sudden without any obvious note is kind of a “hard fork” like when bitcoin split.
This topic wouldn’t exist otherwise.
To be honest I’m not clear about what you think has changed here (hence my question to you about whether you were referring to password synchronization).
Perhaps examine the changelog between samba Version 4.11.14 (used in openSUSE Leap 15.2) and your version?
rpm -q --changelog samba | more
What to me it looks like has changed is synchronization between local users in /etc/passwd and samba users in /var/lib/samba/private/passdb.tdb. In 15.2 the default was that it’s sync’ed so I just had to install samba and was able to access the user home right away without the need of manual tinker with the samba users (pretty much like it works on windows with its one central SAM db). After upgrading to 15.3 I had to manually add the user with its own password before I was able to access the user home. So whatever has changed between 15.2 and 15.3 or the used versions respectively has also chamged this behaviour.
I’m aware about how it works on linux: samba is an independent project with its own upstream repo. suse is just one of many distributions maintaining its own repos with forks of the upstream repos.
I don’t know, and honestly I don’t care, where the change was made - in the upstream repos of samba or in the forks of suse - but it’s quite a change not to be expected from a minor release which is somewhat like windows service packs.
suse always aimed for simple use and friendly to windows users - but in this regard seen with windows eyes installing a servicepack causing such a change surely is not to be expected by the target audience of mainly-windows users.
I had my fair share of issues with each update since about 12.x or whatever was most recent back in 2014/1015 - even with lts and evergreen ones - like this change or the other issue I had as the firewall was changed from iptables to firewallD (something that should be done only with major releases). MySQL/MariaDB doesn’t correctly work for several majors in a row now when used with apache james 3.x yet nobody is able to tell me what’s the difference between them causing it. This list goes on for quite some time and in the end I always find myself here again because some was changed in a not so obvious way and some of the nerds here has to point it out and explain it to me until it clicks like “aaaaahhhh … so THAT’s what changed” - I can only imagine the years of pain …
Ok, this starts to get a bit off-topic - but my point still is: I as a windows user who comparing minor releases with servicepacks just haven’t expected all what has changed between 15.2 and 15.3 it overwhelmed like back when I switched between major windows versions. This already led me to switch distro for my desktop - let’s see if 15.4 get’s me to also move on on my servers.
I’ve never had this (at least for a standalone samba server). Are you referring to a domain environment perhaps?
I had my fair share of issues with each update since about 12.x or whatever was most recent back in 2014/1015 - even with lts and evergreen ones - like this change or the other issue I had as the firewall was changed from iptables to firewallD (something that should be done only with major releases).
Your confusing the firewall UI with the backend. Firewalld supports iptables and nftables. (There was a move away from SuSEfirewall2 to Firewalld back with openSUSE Lweap 15.0 IIRC, but both worked with iptables. Of course you’re free to disable firewalld and use iptables CLI directly if desired. However, best discussed in a dedicated thread.