SAMBA: idmap range not specified for domain '*'

Hi,

after the complete failure of setting up SAMBA using the YAST tool, which was solved here (but without samba running)
https://forums.opensuse.org/showthread.php/569263-Samba-configuration-has-blocked-my-internet-access!

I have tried it with manual editing the smb.conf file according to this manual:
https://forums.opensuse.org/content.php/199-Configure-Samba-for-Local-Lan-Workgroup

plus reading through
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server

This time, nothing bad has happened, however I also don’t get any connection to my Windows computers and neither can I see the shared folder from my linux laptop on my Windows computer. Can someone please help me?

Some checks I found in the net, but unfortunately I couldn’t find how to react to the warnings/errors:

When I use

testparm

to test my smb.conf file, I get the error:

Load smb config files from /etc/samba/smb.conf 
Loaded services file OK. 
Weak crypto is allowed 

idmap range not specified for domain '*' 
ERROR: Invalid idmap range for domain *! 

Server role: ROLE_DOMAIN_MEMBER


When I check nmb and smb by

su -c "service nmb status; service smb status"


I get nmb.service running, but then further down in the output:

**daemon_status: daemon 'nmbd' : No local IPv4 non-loopback interfaces available, waiting for interface **>
May 14 23:45:24 mylaptop nmbd[3075]: **[2022/05/14 23:45:24.685810,  0] ../../source3/nmbd/nmbd_subnetdb.c:252(create_subnets)**
May 14 23:45:24 mylaptop nmbd[3075]: **  NOTE: NetBIOS name resolution is not supported for Internet Protocol Version 6 (IPv6).**
May 14 23:45:41 mylaptop systemd[1]: Started Samba NMB Daemon. 
May 14 23:46:04 mylaptop nmbd[3075]: **[2022/05/14 23:46:04.759844,  0] ../../source3/nmbd/nmbd_become_lmb.c:398(become_local_master_stage2)**
May 14 23:46:04 mylaptop nmbd[3075]: **  *******
May 14 23:46:04 mylaptop nmbd[3075]:  
May 14 23:46:04 mylaptop nmbd[3075]: **  Samba name server MYLAPTOP is now a local master browser for workgroup WORKGROUP on subnet 192.168.178.32**
May 14 23:46:04 mylaptop nmbd[3075]:  
May 14 23:46:04 mylaptop nmbd[3075]: **  *******


As far as I can tell, I have done everything as written in the above manuals, but here I attach my smb.conf file:

# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
[global]
    passdb backend = tdbsam
    printing = cups
    printcap name = cups
    printcap cache time = 750
    cups options = raw
    map to guest = Bad User
    logon path = \\%L\profiles\.msprofile
    logon home = \\%L\%U\.9xprofile
    logon drive = P:
    usershare allow guests = No
    netbios name = laptopname
    usershare max shares = 100
    wins support = No
    include = /etc/samba/dhcp.conf
    security = domain
[homes]
    comment = Home Directories
    valid users = %S, %D%w%S
    browseable = No
    read only = No
    inherit acls = Yes
[MyShare]
    path = /home/myshare/myshare_medien
    comment = MyShare
    guest OK = yes
    guest only = yes
    read only = No
[profiles]
    comment = Network Profiles Service
    path = %H
    read only = No
    store dos attributes = Yes
    create mask = 0600
    directory mask = 0700

[users]
    comment = All users
    path = /home
    read only = No
    inherit acls = Yes
    veto files = /aquota.user/groups/shares/
[groups]
    comment = All groups
    path = /home/groups
    read only = No
    inherit acls = Yes
[printers]
    comment = All Printers
    path = /var/tmp
    printable = Yes
    create mask = 0600
    browseable = No
[print$]
    comment = Printer Drivers
    path = /var/lib/samba/drivers
    write list = @ntadmin root
    force group = ntadmin
    create mask = 0664
    directory mask = 0775

In order for Windows to discover the samba host “automatically”, you would need to use WS-Discovery to advertise it as such. There is wsdd that can perform this function…

Alternatively, just navigate to the share in the file explorer then save it by dragging it to ‘Quick Access’ (left hand side of file explorer), or right click on it and ‘Pin to Quick Access’…

I get nmb.service running, but then further down in the output:

daemon_status: daemon 'nmbd' : No local IPv4 non-loopback interfaces available, waiting for interface >
May 14 23:45:24 mylaptop nmbd[3075]: [2022/05/14 23:45:24.685810,  0] ../../source3/nmbd/nmbd_subnetdb.c:252(create_subnets)
May 14 23:45:24 mylaptop nmbd[3075]:   NOTE: NetBIOS name resolution is not supported for Internet Protocol Version 6 (IPv6).
May 14 23:45:41 mylaptop systemd[1]: Started Samba NMB Daemon.

This is because the network is not up at the time nmbd is starting up. It could be due to using NetworkManager with a connection that is only activated at the desktop login for example. It is possible to configure so that the network is brought up at boot.

If you’re using samba as a standalone server, then remove ‘security = domain’ from smb.conf.

Hi and thanks Deano Ferrari,

this got me two steps further.
I can now connect from my windows laptop to the samba share on my linux laptop (r/w). However, not the other way round, yet.

This is, what I did according to your advise:
I removed ‘security = domain’ from the smb.conf file. testparm now gives

[FONT=monospace]Server role: ROLE_STANDALONE
[/FONT]

as expected. And I changed the password storing method for the KDE network manager to “for all users” which seems to lead to a connection at boot. At any rate,


su -c "service nmb status; service smb status" 

does not give any errors anymore, especially, not the error which is the topic of this post.
It says:

** Samba name server MYLAPTOP is now a local master browser for workgroup WORKGROUP on subnet 192.168.178.32**

which I hope is ok. I didn’t try WSDD yet, because I understood it only helps, once the SAMBA connection works. I can enter \MYLAPTOP in the Windows explorer, no problem.

So, what am I missing to connect from my linux laptop to the windows share? If I browse in KDE Dolphin to “network”, only my linux laptop itself appears at “Shared Folders (SMB)”. If I enter the “remote” in the address bar:


smb://MYWINDOWSLAPTOP/

I get

smb://mywindowslaptop/ does not exist.

I tried small or capital letters, with or without the trailing / and also with adding the shared folder behind. All with the same result.

Actually, is there a way to connect right from the command prompt, instead of using Dolphin?

Thank you for your efforts, and kind regards,
Flo

PS: I can connect to the windows share from another windows computer.

That reads like progress! :slight_smile:

So, what am I missing to connect from my linux laptop to the windows share? If I browse in KDE Dolphin to “network”, only my linux laptop itself appears at “Shared Folders (SMB)”. If I enter the “remote” in the address bar:

smb://MYWINDOWSLAPTOP/

I get

smb://mywindowslaptop/ does not exist.

I tried small or capital letters, with or without the trailing / and also with adding the shared folder behind. All with the same result.

That should work if the name resolves ok. I assume that the following will also fail…

nmblookup MYWINDOWSLAPTOP

Can you reach it by IP address at least?

If so check the firewall settings.

BTW, Dolphin should be capable of finding the host “automatically” Network > Shared Folders (SMB) provided the firewall is allowing port 3702 (UDP) for WS-Discovery.

Actually, is there a way to connect right from the command prompt, instead of using Dolphin?

Yes, by using smbclient…

smbclient //<server>/<share> -U <user>

For example…

smbclient //192.168.1.2/Documents -U dean 
Password for [WORKGROUP\dean]: 
Try "help" to get a list of possible commands. 
smb: \> 


Thanks. This got me another step further:
Firstly, I found, I could already connect to the windows share using smbclient, the ip address and username/pwd (although the windows share should be with guest access, it didn’t work without username/pwd using --no-pass).

After opening the port 3702 (UDP) on the firewall as you suggested (using YAST>Firewall), I can now also connect to the windows share using

smbclient //windowslaptop/windowsshare -U username

However, I can still not connect using Dolphin. There is a little progress: I can now see the windowslaptop under Network>Shared Folders (SMB), but when I click on it, I still get the error message

  The file or folder smb://windowslaptop/ does not exist.


While the address line now reads

smb://windowslaptop.kio-discovery-wsd/

Likewise, if I enter


smb://windowslaptop/windowsshare or
smb://ip-address/windowsshare 

in the address line.

PS: The other way round i.e. from Windows accessing the Linux share still works. Apparently, WSDD was already installed by the TW default installation process. Browsing to the Linux laptop in the Windows explorer still does not work, however, I could connect it as a network-directory (with a “LETTER:”) with auto-connect at boot.

I get the same, but any username/password supplied works (the Windows share is shared for ‘Everyone’)

After opening the port 3702 (UDP) on the firewall as you suggested (using YAST>Firewall), I can now also connect to the windows share using

smbclient //windowslaptop/windowsshare -U username

No, smbclient isn’t aware of WS-Discovery, and not relevant to connectivity in any way.

However, I can still not connect using Dolphin. There is a little progress: I can now see the windowslaptop under Network>Shared Folders (SMB), but when I click on it, I still get the error message

  The file or folder smb://windowslaptop/ does not exist.

While the address line now reads

smb://windowslaptop.kio-discovery-wsd/

Ok, so the Windows host is discovered using WS-Discovery at least. When you click on the above are you not presented with the shares after a few seconds?

Likewise, if I enter

smb://windowslaptop/windowsshare or
smb://ip-address/windowsshare

in the address line.

For me that just works. Something missing from your KDE install perhaps?

Just in case you’ve been impacted by the this…
https://forums.opensuse.org/showthread.php/568795-Samba-share-enumeration-doesn-t-work-anymore

Yes. Here too. From another windows laptop it works without username/password, though.

Oh. So

smbclient //windowslaptop/windowsshare -U ...

would have worked before opening the port? Perhaps, I didn’t try.

Unfortunately no. Not even after minutes. And what’s the part that could be missing? It’s a pretty fresh install.

Kind regards,

Flo

Perhaps. Thanks for bringing it to my attention.
I’ll write a comment into that thread.