Samba fails at boot since upgrade from 42.3

English Network/Internet
1

Since upgrading from 42.3 there is no network, and I cannot connect to the Windows 10 box my wife uses. Initially I tried the fixes in an earlier thread, https://forums.opensuse.org/showthread.php/531463-unable-to-browse-to-smb-shares-using-dolphin, to no effect. I have left the changes to smb.conf in place.
The journal shows no errors, but /var/log/samba/smdb does, before the journal entries start:

# Last good connection to Win 10 box

[2018/11/06 10:03:49.077328,  0] ../lib/util/become_daemon.c:124(daemon_ready)
  STATUS=daemon 'smbd' finished starting up and ready to serve connections

# Current output

[2018/11/12 16:14:10.846181,  0] ../source3/auth/auth_util.c:1399(make_new_session_info_guest)
  create_local_token failed: NT_STATUS_NO_MEMORY
[2018/11/12 16:14:10.881047,  0] ../source3/smbd/server.c:2011(main)
  ERROR: failed to setup guest info.

Although the nmb.service is running, /var/log/samba/nmdb has different entries since the upgrade:

# last successful connection to Win 10 box

[2018/11/05 14:35:21.422632,  0] ../lib/util/become_daemon.c:135(daemon_status)
  STATUS=daemon 'nmbd' : No local IPv4 non-loopback interfaces available, waiting for interface ...NOTE: NetBIOS name resolution is not supported for Internet Protocol Version 6 (IPv6).
[2018/11/05 14:35:26.451965,  0] ../lib/util/become_daemon.c:124(daemon_ready)
  STATUS=daemon 'nmbd' finished starting up and ready to serve connections
[2018/11/06 10:03:34.428486,  0] ../lib/util/become_daemon.c:135(daemon_status)
  STATUS=daemon 'nmbd' : No local IPv4 non-loopback interfaces available, waiting for interface ...NOTE: NetBIOS name resolution is not supported for Internet Protocol Version 6 (IPv6).
[2018/11/06 10:03:44.471010,  0] ../lib/util/become_daemon.c:124(daemon_ready)
  STATUS=daemon 'nmbd' finished starting up and ready to serve connections
[2018/11/06 23:11:12.937684,  0] ../lib/util/become_daemon.c:135(daemon_status)
  STATUS=daemon 'nmbd' : No local IPv4 non-loopback interfaces available, waiting for interface ...NOTE: NetBIOS name resolution is not supported for Internet Protocol Version 6 (IPv6).
[2018/11/06 23:11:22.946506,  0] ../lib/util/become_daemon.c:124(daemon_ready)
  STATUS=daemon 'nmbd' finished starting up and ready to serve connections
[2018/11/06 23:12:08.679615,  0] ../source3/nmbd/nmbd_become_lmb.c:397(become_local_master_stage2)
  *****
  
  Samba name server LINUX-86AZ is now a local master browser for workgroup WORKGROUP on subnet 192.168.178.20
  
  *****

# current output

2018/11/12 00:56:06.925836,  0] ../source3/nmbd/nmbd.c:58(terminate)
  Got SIGTERM: going down...
[2018/11/12 16:14:04.372046,  0] ../lib/util/become_daemon.c:135(daemon_status)
  STATUS=daemon 'nmbd' : No local IPv4 non-loopback interfaces available, waiting for interface ...NOTE: NetBIOS name resolution is not supported for Internet Protocol Version 6 (IPv6).

# logged off, logged on

[2018/11/12 16:14:09.466127,  0] ../lib/util/become_daemon.c:124(daemon_ready)
  STATUS=daemon 'nmbd' finished starting up and ready to serve connections
[2018/11/12 16:14:34.455011,  0] ../source3/nmbd/nmbd_become_lmb.c:397(become_local_master_stage2)
  *****
  
  Samba name server OURNETBIOS is now a local master browser for workgroup WORKGROUP on subnet 192.168.178.20
  
  *****

smb.conf:


# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
[global]
    workgroup = WORKGROUP
    netbios name = ournetbios
    server string = ""
    local master = yes
    preferred master = yes
    os level = 65
    passdb backend = tdbsam
    client max protocol = NT1
    printing = cups
    printcap name = cups
    printcap cache time = 750
    cups options = raw
    map to guest = Bad User
    include = /etc/samba/dhcp.conf
    logon path = \\%L\profiles\.msprofile
    logon home = \\%L\%U\.9xprofile
    logon drive = P:
    usershare allow guests = Yes
    idmap gid = 10000-20000
    idmap uid = 10000-20000
    security = domain
    usershare max shares = 100
[homes]
    comment = Home Directories
    valid users = %S, %D%w%S
    browseable = No
    read only = No
    inherit acls = Yes
[profiles]
    comment = Network Profiles Service
    path = %H
    read only = No
    store dos attributes = Yes
    create mask = 0600
    directory mask = 0700
[users]
    comment = All users
    path = /home
    read only = No
    inherit acls = Yes
    veto files = /aquota.user/groups/shares/
[groups]
    comment = All groups
    path = /home/groups
    read only = No
    inherit acls = Yes
[printers]
    comment = All Printers
    path = /var/tmp
    printable = Yes
    create mask = 0600
    browseable = No
[print$]
    comment = Printer Drivers
    path = /var/lib/samba/drivers
    write list = @ntadmin root
    force group = ntadmin
    create mask = 0664
    directory mask = 0775

How do I get samba running again?

2

Just to clarify that thread was about network discovery, and not actually about accessing samba shares, so I doubt that it’s relevant to your situation. I note that you have

client max protocol = NT1

in smb.conf. I recommend removing that entry as it enables an insecure (and largely deprecated) samba protocol.

I’ll leave others to advise further with respect to the errors you’re reporting here.

3

I’ve removed that line. It was a suggested “ugly” work-round, but had no effect.

It took me a while to realise that the lack of a network was down to samba not running, so I tried a few things that were probably fairly pointless.

4

Yes, it was mentioned in that thread as a means to allow legacy network discovery (from NetBIOS broadcasts). It’s largely been disabled in Windows and Linux environments for well-known security reasons. Your issue reads differently anyway, so not applicable

It took me a while to realise that the lack of a network was down to samba not running, so I tried a few things that were probably fairly pointless.

Does

testparm

show any errors (that might stop smbd from starting)?

FYI…

testparm is a very simple test program to check an smbd(8) configuration file for internal correctness. If this program reports no problems, you can use the configuration file with confidence that smbd will successfully load the configuration file.

5 
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Can't find include file /etc/samba/dhcp.conf 
WARNING: The "idmap gid" option is deprecated
WARNING: The "idmap uid" option is deprecated
Processing section "[homes]"
Processing section "[profiles]"
Processing section "[users]"
Processing section "[groups]"
Processing section "[printers]"
Processing section "[print$]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER

Press enter to see a dump of your service definitions

# Global parameters
[global]
        idmap gid = 10000-20000
        idmap uid = 10000-20000
        logon drive = P:
        logon home = \\%L\%U\.9xprofile
        logon path = \\%L\profiles\.msprofile
        map to guest = Bad User
        netbios name = OURNETBIOS
        os level = 65
        preferred master = Yes
        printcap name = cups
        security = DOMAIN
        server string = ""
        usershare allow guests = Yes
        usershare max shares = 100
        idmap config * : range = 10000-20000
        idmap config * : backend = tdb
        cups options = raw
        include = /etc/samba/dhcp.conf

I did a search on “Can’t find include file /etc/samba/dhcp.conf” and it looks like this is not really a problem.

Does this shed any light on the matter?

andy@linux-86az:~> systemctl status smb.service
● smb.service - Samba SMB Daemon
   Loaded: loaded (/usr/lib/systemd/system/smb.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Fri 2018-11-16 14:42:12 AEDT; 1h 26min ago
  Process: 1850 ExecStart=/usr/sbin/smbd --foreground --no-process-group $SMBDOPTIONS (code=exited, status=255)
  Process: 1834 ExecStartPre=/usr/share/samba/update-apparmor-samba-profile (code=exited, status=0/SUCCESS)
 Main PID: 1850 (code=exited, status=255)
6

I have found a post on the German forum: https://www.opensuse-forum.de/thread/41320-samba-server-startet-nicht-unter-leap-15/ which suggests (thanks Mr Google) that in smb.conf:

security = domain

Should be:

security = user

I have a couple of old installs. Maui does not have that entry at all, and Mageia has it set to user.

The German post also says that there is a known problem with upgrades to Leap 15, and that it is easily fixed. But doesn’t say how.

This may be the reference, in a post on this forum back in May: https://bugzilla.opensuse.org/show_bug.cgi?id=1094881 but the fix, in comment 2, uses "sed’, which last time I came across it was an ICL VME screen editor. I’ll have to research the syntax before risking it.
I might try “user” and see what happens in the morning.

7

Yes, ‘security = domain’ is only used if this host is to be a domain member.

8 
security = user

works.

Thanks!

9

You should be clear about what kind of Windows network environment you have here…some of the parameters you have seem unusual for basic workgroup-based sharing. Did you do the initial configuration, or did you have help with this?

10

It’s a plain Windows 10 box that I have a couple of shared directories on for file transfers. The current smb.conf is the result of trying various suggested fixes. I will revert to the saved original and apply the change to that.