Once again, I mindlessly took the updates, rebooted and now my Samba shares are refusing all connections. This time, the components all seem to have updated correctly, so I shouldn’t need to uninstall and re-install Samba. But this is the second time in not very many weeks. I wish the folks doing this could be more careful. I will uninstall and re-install Samba, just to see if that clears the problem. I also wish I could reach out and whack knuckles, but I don’t think developers hear much from us.
I uninstalled and re-installed every package with “Samba” in its name. I had to reconfigure the share, but even doing that did no good. My Linux box is holding all my files but they are inaccessible from my Mac. (Photoshop only runs on Macs and Windows platforms.)
Any suggestions?
For me samba is working, but I’m using the version offered by the samba repo (version 4.13.4). If I understand correctly, you can’t access samba shares from your mac?
- From the samba server, are the shares listed with something like
smbclient -L //<server> -U <username>
For example, I get
~> smbclient -L 192.168.1.16 -U dean
Enter WORKGROUP\dean's password:
Sharename Type Comment
--------- ---- -------
test Disk media server
profiles Disk Network Profiles Service
users Disk All users
print$ Disk Printer Drivers
IPC$ IPC IPC Service (Samba 4.13.4-git.199.be6e11f5ab2lp152.1.1-SUSE-oS15.0-x86_64)
dean Disk Home Directories
Canon Printer Canon
Lexmark Printer Lexmark
MFCJ3530DW Printer MFCJ3530DW
Brother3 Printer Brother DCP-7055 2
DCP7055 Printer DCP7055
QL800 Printer QL800
HP_HP_LaserJet_Pro_M428f-M429f Printer HP HP LaserJet Pro M428f-M429f
SMB1 disabled -- no workgroup available
FWIW, I can also use the Avahi hostname ‘smbclient -L linux-4k1z.local -U dean’ without issue.
- From the mac (assuming OS X 10.7 or above), open a terminal and run
smbutil view -a //<server-IP>/<share>
*Replace the ‘server-IP’ and ‘share’ names appropriately for your environment.
Something like this should also work…
smbutil view //user@hostname
Report back with the output.
BTW, as per your last thread did you check that your working smb.conf is in tact?
Run “smbclient -L” on the server?
**bach:/etc/samba #** smbclient -L localhost -U anonymous
do_connect: Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED)
**bach:/etc/samba #** smbclient -L 172.16.16.102 -U anonymous
do_connect: Connection to 172.16.16.102 failed (Error NT_STATUS_CONNECTION_REFUSE
D)
And, yes, the uninstall/re-install did clobber the smb.conf file, but I used Yast to fix it before I tried to Samba mount from the Mac. Oh, and
smbutil view -a //172.16.16.102/photos
times out.
I’m behind a router that prohibits all but port 80 connections and routes those to a server that only handles HTML – no server side actions aside from serving a page. Consequently, I disable the firewall. Maybe the update “fixed” it for me so I’d need to relearn all the firewall setup stuff again. I wish updates would stop “improving” my configuration. Once you’re retired and not excited about fiddling configurations over and over, reconfiguring stuff gets pretty old. sigh.
P.S. if it helps any:
**bach:/etc/samba #** grep -v -E $'^( ]*$|#)' smb.conf
[global]
workgroup = KORBHOME
passdb backend = tdbsam
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare allow guests = Yes
[profiles]
comment = Network Profiles Service
path = %H
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin root
force group = ntadmin
create mask = 0664
directory mask = 0775
[photos]
comment = Photographs
inherit acls = No
path = /u/Pictures
read only = No
vfs objects =
What exactly is “behind a router”? But as you can’t access the samba share from the SAME machine, there is something broken on the server. You opened the samba server in the opensuse firewall?
You have a directory /u in your / ? Really? Could you show the mount option in fstab for the device mounted there?
What is the output of
sudo smbstatus
?
Anything in
cat /var/log/samba/log.smbd
or
cat /var/log/samba/log.nmbd
?
My LAN: Linuxes, Mac, iPads and a quarantined subnet for “smart” devices.
But as you can’t access the samba share from the SAME machine, there is something broken on the server. You opened the samba server in the opensuse firewall?
I disabled the firewall entirely. My Linux box accepts IP packets from anything on the LAN. The router blocks all requests from outside (save port 80).
You have a directory /u in your / ? Really?
I’ve been at this for many years. Several times system upgrades used to clobber the /home directory, so I made /u be a RAID-1 that I explicitly avoid touching during an upgrade. Once it’s all up and running, I migrate my home directory from /home/bkorb to /u/bkorb and /usr/local to /u/local. No problems since (aside from certain apps “knowing” that all home directories always live in /home.)
Could you show the mount option in fstab for the device mounted there?
LABEL=User-home /u ext4 defaults 0 2
$ ls -l /dev/disk/by-label/User-home
lrwxrwxrwx 1 root root 9 May 23 06:16 /dev/disk/by-label/User-home -> ../../md0
What is the output of
sudo smbstatus
**bach:/etc/samba #** smbstatus
Samba version 4.11.5-git.161.74bc5e6ec8elp152.2.12-SUSE-oS15.0-x86_64
PID Username Group Machine Protocol Version Encryption Signing
----------------------------------------------------------------------------------------------------------------------------------------
Service pid Machine Connected at Encryption Signing
---------------------------------------------------------------------------------------------
No locked files
Anything in
cat /var/log/samba/log.smbd
or
cat /var/log/samba/log.nmbd
log.smbd:
[2021/05/12 09:39:12.764010, 0] ../../source3/param/loadparm.c:3092(check_usershare_stat)
check_usershare_stat: file /var/lib/samba/usershares/ owned by uid 0 is not a regular file
[2021/05/23 06:57:23.069121, 0] ../../source3/smbd/server.c:1775(main)
smbd version 4.11.5-git.161.74bc5e6ec8elp152.2.12-SUSE-oS15.0-x86_64 started.
Copyright Andrew Tridgell and the Samba Team 1992-2019
[2021/05/23 06:57:23.473597, 0] ../../lib/util/become_daemon.c:136(daemon_ready)
daemon_ready: daemon 'smbd' finished starting up and ready to serve connections=
Hmmm. It looks like it didn’t auto-start and only started a couple hours ago. I’ll go back into Yast and see if there is some clickbox I missed. [edit: yep. Forgot the “startup” tab in Yast.]
I just tried it and the Mac sees it now, but I cannot connect either as “Guest” or as myself (“bkorb”). I’ll have to run that down, too. Thank you for your pointers!
Message on the Mac:
The operation can't be completed because the original item for "photos" can't be found.
$ smbclient -L localhost -U anonymous
Enter KORBHOME\anonymous's password:
Sharename Type Comment
--------- ---- -------
profiles Disk Network Profiles Service
print$ Disk Printer Drivers
photos Disk Photographs
IPC$ IPC IPC Service (Samba 4.11.5-git.161.74bc5e6ec8elp152.2.12-SUSE-oS15.0-x86_64)
fax Printer fax
HP Printer M1217 nfw mfp
SMB1 disabled -- no workgroup available
I don’t know what “SMB1 disabled” is supposed to mean, but it doesn’t look good. Yast says /u/Pictures is enabled and exported as “photos”.
The SMB1 protocol has been deprecated and disabled by default. SMB2 and above is supported.
https://www.samba.org/samba/history/samba-4.11.0.html
Now we can see the shares as advertised by your samba server.
Have you been able to list the available shares from the Mac?
smbutil view //<username>@<hostname or IP>
Again from the Mac, is the server at least discovered via DNS-SD (DNS Service Discovery)…
dns-sd -B _smb._tcp
From the Mac, smbutil returns authorization failures with or without the “-a” option. “Finder” shows the photos and profile folders, but trying to open the folders leads to authentication problems, too. I’m going to guess Samba has its own idea about user names and passwords.
<time passes>
Yep. Anonymous access to the SMB share got disabled. Now, I’ve added my login id as a Samba id and I can see the shares from the Mac via my “bkorb@172.16.16.102” credential. Looks like someone improved security and neglected to inform users so we have to spend a couple of days futzing around figuring out what went wrong. I surely wish folks who do stuff like this would learn a simple lesson:
Fixing security problems is completely fine and actually necessary. When they have to do this, it would be very kind and thoughtful to leave around bread crumbs so that the hapless aren’t cut off at the knees. I’ve been unable to edit photos for TWO DAYS because I got no warning. Grr.
Anyway, Deano, I must thank you for helping me through this. I am, finally, up and running again.
Edit: the “bread crumb” was /etc/samba/smb.conf.rpmnew. Of course, I’d set up Samba so long ago, …
I’m going to guess Samba has its own idea about user names and passwords.
It does. For a standalone samba server, the following is relevant…
Yep. Anonymous access to the SMB share got disabled. Now, I’ve added my login id as a Samba id and I can see the shares from the Mac via my “bkorb@172.16.16.102” credential.
That proves samba is working anyway.
Anyway, Deano, I must thank you for helping me through this. I am, finally, up and running again.
Edit: the “bread crumb” was /etc/samba/smb.conf.rpmnew. Of course, I’d set up Samba so long ago, …
Glad to have been of guidance.