SAMBA broken again

Once again, I mindlessly took the updates, rebooted and now my Samba shares are refusing all connections. This time, the components all seem to have updated correctly, so I shouldn’t need to uninstall and re-install Samba. But this is the second time in not very many weeks. I wish the folks doing this could be more careful. I will uninstall and re-install Samba, just to see if that clears the problem. I also wish I could reach out and whack knuckles, but I don’t think developers hear much from us. :frowning:

I uninstalled and re-installed every package with “Samba” in its name. I had to reconfigure the share, but even doing that did no good. My Linux box is holding all my files but they are inaccessible from my Mac. (Photoshop only runs on Macs and Windows platforms.)

Any suggestions?

For me samba is working, but I’m using the version offered by the samba repo (version 4.13.4). If I understand correctly, you can’t access samba shares from your mac?

  1. From the samba server, are the shares listed with something like
smbclient -L //<server> -U <username>

For example, I get

~> smbclient -L 192.168.1.16 -U dean
Enter WORKGROUP\dean's password: 

        Sharename       Type      Comment
        ---------       ----      -------
        test            Disk      media server
        profiles        Disk      Network Profiles Service
        users           Disk      All users
        print$          Disk      Printer Drivers
        IPC$            IPC       IPC Service (Samba 4.13.4-git.199.be6e11f5ab2lp152.1.1-SUSE-oS15.0-x86_64)
        dean            Disk      Home Directories
        Canon           Printer   Canon
        Lexmark         Printer   Lexmark
        MFCJ3530DW      Printer   MFCJ3530DW
        Brother3        Printer   Brother DCP-7055 2
        DCP7055         Printer   DCP7055
        QL800           Printer   QL800
        HP_HP_LaserJet_Pro_M428f-M429f Printer   HP HP LaserJet Pro M428f-M429f
SMB1 disabled -- no workgroup available

FWIW, I can also use the Avahi hostname ‘smbclient -L linux-4k1z.local -U dean’ without issue.

  1. From the mac (assuming OS X 10.7 or above), open a terminal and run
smbutil view -a //<server-IP>/<share>

*Replace the ‘server-IP’ and ‘share’ names appropriately for your environment.

Something like this should also work…

smbutil view //user@hostname

Report back with the output.

BTW, as per your last thread did you check that your working smb.conf is in tact?

https://www.samba.org/samba/docs/current/man-html/testparm.1.html

Run “smbclient -L” on the server?

**bach:/etc/samba #** smbclient -L localhost -U anonymous
do_connect: Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED)
**bach:/etc/samba #** smbclient -L 172.16.16.102 -U anonymous
do_connect: Connection to 172.16.16.102 failed (Error NT_STATUS_CONNECTION_REFUSE
D)

And, yes, the uninstall/re-install did clobber the smb.conf file, but I used Yast to fix it before I tried to Samba mount from the Mac. Oh, and

smbutil view -a //172.16.16.102/photos

times out.

I’m behind a router that prohibits all but port 80 connections and routes those to a server that only handles HTML – no server side actions aside from serving a page. Consequently, I disable the firewall. Maybe the update “fixed” it for me so I’d need to relearn all the firewall setup stuff again. I wish updates would stop “improving” my configuration. Once you’re retired and not excited about fiddling configurations over and over, reconfiguring stuff gets pretty old. sigh.

P.S. if it helps any:

**bach:/etc/samba #** grep -v -E $'^( 	]*$|#)' smb.conf
[global]
        workgroup = KORBHOME
        passdb backend = tdbsam
        printing = cups
        printcap name = cups
        printcap cache time = 750
        cups options = raw
        map to guest = Bad User
        logon path = \\%L\profiles\.msprofile
        logon home = \\%L\%U\.9xprofile
        logon drive = P:
        usershare allow guests = Yes
[profiles]
        comment = Network Profiles Service
        path = %H
        read only = No
        store dos attributes = Yes
        create mask = 0600
        directory mask = 0700
[printers]
        comment = All Printers
        path = /var/tmp
        printable = Yes
        create mask = 0600
        browseable = No
[print$]
        comment = Printer Drivers
        path = /var/lib/samba/drivers
        write list = @ntadmin root
        force group = ntadmin
        create mask = 0664
        directory mask = 0775
[photos]
        comment = Photographs
        inherit acls = No
        path = /u/Pictures
        read only = No
        vfs objects =

What exactly is “behind a router”? But as you can’t access the samba share from the SAME machine, there is something broken on the server. You opened the samba server in the opensuse firewall?

You have a directory /u in your / ? Really? Could you show the mount option in fstab for the device mounted there?

What is the output of

sudo smbstatus

?

Anything in

cat /var/log/samba/log.smbd

or

cat /var/log/samba/log.nmbd

?

My LAN: Linuxes, Mac, iPads and a quarantined subnet for “smart” devices.

But as you can’t access the samba share from the SAME machine, there is something broken on the server. You opened the samba server in the opensuse firewall?
I disabled the firewall entirely. My Linux box accepts IP packets from anything on the LAN. The router blocks all requests from outside (save port 80).
You have a directory /u in your / ? Really?
I’ve been at this for many years. Several times system upgrades used to clobber the /home directory, so I made /u be a RAID-1 that I explicitly avoid touching during an upgrade. Once it’s all up and running, I migrate my home directory from /home/bkorb to /u/bkorb and /usr/local to /u/local. No problems since (aside from certain apps “knowing” that all home directories always live in /home.)
Could you show the mount option in fstab for the device mounted there?

LABEL=User-home /u ext4 defaults 0 2
$ ls -l /dev/disk/by-label/User-home
lrwxrwxrwx 1 root root 9 May 23 06:16 /dev/disk/by-label/User-home -> ../../md0

What is the output of

sudo smbstatus
 **bach:/etc/samba #** smbstatus

Samba version 4.11.5-git.161.74bc5e6ec8elp152.2.12-SUSE-oS15.0-x86_64
PID     Username     Group        Machine                                   Protocol Version  Encryption           Signing
----------------------------------------------------------------------------------------------------------------------------------------

Service      pid     Machine       Connected at                     Encryption   Signing
---------------------------------------------------------------------------------------------

No locked files

Anything in

cat /var/log/samba/log.smbd

or

cat /var/log/samba/log.nmbd

log.smbd:

[2021/05/12 09:39:12.764010,  0] ../../source3/param/loadparm.c:3092(check_usershare_stat)
  check_usershare_stat: file /var/lib/samba/usershares/ owned by uid 0 is not a regular file
[2021/05/23 06:57:23.069121,  0] ../../source3/smbd/server.c:1775(main)
  smbd version 4.11.5-git.161.74bc5e6ec8elp152.2.12-SUSE-oS15.0-x86_64 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2019
[2021/05/23 06:57:23.473597,  0] ../../lib/util/become_daemon.c:136(daemon_ready)
  daemon_ready: daemon 'smbd' finished starting up and ready to serve connections=

Hmmm. It looks like it didn’t auto-start and only started a couple hours ago. I’ll go back into Yast and see if there is some clickbox I missed. [edit: yep. Forgot the “startup” tab in Yast.]

I just tried it and the Mac sees it now, but I cannot connect either as “Guest” or as myself (“bkorb”). I’ll have to run that down, too. Thank you for your pointers!

Message on the Mac:

The operation can't be completed because the original item for "photos" can't be found.
$ smbclient -L localhost -U anonymous
Enter KORBHOME\anonymous's password:

        Sharename       Type      Comment
        ---------       ----      -------
        profiles        Disk      Network Profiles Service
        print$          Disk      Printer Drivers
        photos          Disk      Photographs
        IPC$            IPC       IPC Service (Samba 4.11.5-git.161.74bc5e6ec8elp152.2.12-SUSE-oS15.0-x86_64)
        fax             Printer   fax
        HP              Printer   M1217 nfw mfp
SMB1 disabled -- no workgroup available

I don’t know what “SMB1 disabled” is supposed to mean, but it doesn’t look good. Yast says /u/Pictures is enabled and exported as “photos”.

The SMB1 protocol has been deprecated and disabled by default. SMB2 and above is supported.
https://www.samba.org/samba/history/samba-4.11.0.html

Now we can see the shares as advertised by your samba server.

Have you been able to list the available shares from the Mac?

smbutil view //<username>@<hostname or IP>

Again from the Mac, is the server at least discovered via DNS-SD (DNS Service Discovery)…

dns-sd -B _smb._tcp

From the Mac, smbutil returns authorization failures with or without the “-a” option. “Finder” shows the photos and profile folders, but trying to open the folders leads to authentication problems, too. I’m going to guess Samba has its own idea about user names and passwords.

<time passes>

Yep. Anonymous access to the SMB share got disabled. Now, I’ve added my login id as a Samba id and I can see the shares from the Mac via my “bkorb@172.16.16.102” credential. Looks like someone improved security and neglected to inform users so we have to spend a couple of days futzing around figuring out what went wrong. I surely wish folks who do stuff like this would learn a simple lesson:

Fixing security problems is completely fine and actually necessary. When they have to do this, it would be very kind and thoughtful to leave around bread crumbs so that the hapless aren’t cut off at the knees. I’ve been unable to edit photos for TWO DAYS because I got no warning. Grr.

Anyway, Deano, I must thank you for helping me through this. I am, finally, up and running again.

Edit: the “bread crumb” was /etc/samba/smb.conf.rpmnew. Of course, I’d set up Samba so long ago, …

I’m going to guess Samba has its own idea about user names and passwords.

It does. For a standalone samba server, the following is relevant…

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server#Creating_a_Local_User_Account

Yep. Anonymous access to the SMB share got disabled. Now, I’ve added my login id as a Samba id and I can see the shares from the Mac via my “bkorb@172.16.16.102” credential.

That proves samba is working anyway.

Anyway, Deano, I must thank you for helping me through this. I am, finally, up and running again.

Edit: the “bread crumb” was /etc/samba/smb.conf.rpmnew. Of course, I’d set up Samba so long ago, …

Glad to have been of guidance.