Samba Mystery

Three systems all set up similarly, latest kernel…Linux 3.16.7-21-desktop, openSUSE 13.2 (Harlequin) (x86_64), KDE 4.14.6… which means I need to update my profile… I and only I maintain all so there’s no question of whose fault it is… :wink:

There were these three servers see,… Popeye, OliveOil & Brutus
Popeye & OliveOil communicate as I expect and have for a long time with the occasional update glitch.
OliveOil & Popeye communicate as I expect as well…
Brutus can logon perfectly to both Popeye & Oliveoil.
But Brutus will not allow ANYONE to log on via samba to him.
Including users already logged on to the server Brutus.
Meaning that if I open Dolphin / Network / Samba Shares / JeepNet and I see the three servers listed, then FROM Brutus I can log onto Popeye and OliveOil, better said I can access their shares without even a password…but try to pick Brutus from that list and no one can logon to Brutus.

I’m baffled. It’s not like I’ve never done this before.
That said, I’m no expert by a long shot.
I’ve been down the road with swerdna’s tutorials for years and still reference those as my guide.
I know how to cut n’ paste with the best of them, so duplicating the behavior of OliveOil on Brutus should have been easy enough, or so I thought! lol
As it turns out there are a few differences in the samba config files, but nothing that I see making Brutus balk. OliveOil acts also as my print server and works fine to print from Popeye to the printer.

I thought maybe Brutus’ user name/password data was corrupt, so I did the following:

  • As su, deleted in /etc/samba anything that looked like a password or username file.
  • Updated all Samba via repositories.
  • Reinstated the saved smb.conf file.
  • Added users to the user base / established passwords

But I got these odd messages about “backend” issues…whatever that means…


Brutus:/etc # smbpasswd -a UserA
No builtin backend found, trying to load plugin
Module 'tdbsam' loaded
New SMB password:
Retype new SMB password:
Forcing Primary Group to 'Domain Users' for UserA

Brutus:/etc # smbpasswd -a UserB
No builtin backend found, trying to load plugin
Module 'tdbsam' loaded
New SMB password:
Retype new SMB password:
Forcing Primary Group to 'Domain Users' for UserB
Brutus:/etc#  

So that maybe why the users cannot login…? If so I don’t know what it means really.

I expect from the following config to be able to logon to Brutus at the root level of the folder tree. (not AS root)
With a similar config file I can logon to OliveOil at the root level with no problem (from either Brutus or Popeye)
That’s what’s got me so perplexed.
Any help is appreciated!
**
BRUTUS smb.conf**


[global]
    workgroup = JeepNet
    netbios name = Brutus
    server string = Shop_Monkey
    name resolve order = bcast, host, lmhosts, wins
    map to guest = Bad User
    syslog only = Yes
    local master = yes
    os level = 33
    include = /etc/samba/dhcp.conf
    log file = /var/log/samba/log.%m
    log level = 3
    max log size = 150
    smb ports = 139, 445
    socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536
    printing = cups
    printcap name = cups
    printcap cache time = 750
    cups options = raw
    load printers = yes
    use client driver = yes
    domain master = No
    usershare owner only = No
    passdb backend = tdbsam
    usershare allow guests = No
    wins support = No
    ldap admin dn = 
    wins server = 

## Share disabled by YaST
# [homes]
#    comment = Home Directories
#    valid users = %S, %D%w%S
#    browseable = No
#    read only = No
#    inherit acls = Yes
## Share disabled by YaST
# [profiles]
#    comment = Network Profiles Service
#    path = %H
#    read only = No
#    store dos attributes = Yes
#    create mask = 0600
#    directory mask = 0700
## Share disabled by YaST
# [users]
#    comment = All users
#    path = /home
#    read only = No
#    inherit acls = Yes
#    veto files = /aquota.user/groups/shares/

[Brutus]
    comment = Brutus
    path = /
    read only = No
    writeable = yes
    inherit acls = Yes
    valid users = UserA UserB
    
[printers]
    comment = All Printers
    path = /var/tmp
    printable = Yes
    print ok = Yes
    create mask = 0700
    browseable = No
    guest ok = Yes
[print$]
    comment = Printer Drivers
    path = /var/lib/samba/drivers
    write list = @ntadmin root
    force group = ntadmin
    create mask = 0664
    directory mask = 0775


OLIVEOIL config.


[global]
    workgroup = JEEPNET
    server string = Samba Mama Server
    map to guest = Bad User
    syslog only = Yes
    log file = /usr/local/samba/var/log.%m
    max log size = 50
    smb ports = 139, 445
    name resolve order = bcast, host, lmhosts, wins
    socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536
    printing = cups
    printcap name = cups
    printcap cache time = 750
    cups options = raw
    load printers = yes
    use client driver = yes
    domain master = No
    usershare owner only = No
    : veto files = /aquota.user/groups/shares/
    : directory mask = 0700
    : create mask = 0600
    : store dos attributes = Yes
    : path = /home
    : inherit acls = Yes
    : read only = No
    : browseable = No
    : valid users = %S, %D%w%S
    : comment = All users
    idmap config * : backend = tdb
    
[OliveOil]
    comment = OliveOil full access
    path = /
    valid users = UserA, UserB, UserC
    read only = No
    inherit acls = Yes

[printers]
    comment = All Printers
    path = /var/tmp
    create mask = 0700
    guest ok = Yes
    printable = Yes
    print ok = Yes
    browseable = No

[print$]
    comment = Printer Drivers
    path = /var/lib/samba/drivers
    write list = @ntadmin, root
    force group = ntadmin
    create mask = 0664
    directory mask = 0775

On 4/30/2015 2:26 AM, SomeSuSEUser wrote:
>
> Three systems all set up similarly, latest kernel…Linux
> 3.16.7-21-desktop, openSUSE 13.2 (Harlequin) (x86_64), KDE 4.14.6…
> which means I need to update my profile… I and only I maintain all so
> there’s no question of whose fault it is… :wink:
>
> There were these three servers see,… Popeye, OliveOil & Brutus
> Popeye & OliveOil communicate as I expect and have for a long time with
> the occasional update glitch.
> OliveOil & Popeye communicate as I expect as well…
> Brutus can logon perfectly to both Popeye & Oliveoil.
> But Brutus will not allow ANYONE to log on via samba to him.
> Including users already logged on to the server Brutus.
> Meaning that if I open Dolphin / Network / Samba Shares / JeepNet and I
> see the three servers listed, then FROM Brutus I can log onto Popeye and
> OliveOil, better said I can access their shares without even a
> password…but try to pick Brutus from that list and no one can logon to
> Brutus.
>
> I’m baffled. It’s not like I’ve never done this before.
> That said, I’m no expert by a long shot.
> I’ve been down the road with swerdna’s tutorials for years and still
> reference those as my guide.
> I know how to cut n’ paste with the best of them, so duplicating the
> behavior of OliveOil on Brutus should have been easy enough, or so I
> thought! lol
> As it turns out there are a few differences in the samba config files,
> but nothing that I see making Brutus balk. OliveOil acts also as my
> print server and works fine to print from Popeye to the printer.
>
> I thought maybe Brutus’ user name/password data was corrupt, so I did
> the following:
>
> - As su, deleted in /etc/samba anything that looked like a password or
> username file.
> - Updated all Samba via repositories.
> - Reinstated the saved smb.conf file.
> - Added users to the user base / established passwords
>
>
> But I got these odd messages about “backend” issues…whatever that
> means…
>
> Code:
> --------------------
>
> Brutus:/etc # smbpasswd -a UserA
> No builtin backend found, trying to load plugin
> Module ‘tdbsam’ loaded
> New SMB password:
> Retype new SMB password:
> Forcing Primary Group to ‘Domain Users’ for UserA
>
> Brutus:/etc # smbpasswd -a UserB
> No builtin backend found, trying to load plugin
> Module ‘tdbsam’ loaded
> New SMB password:
> Retype new SMB password:
> Forcing Primary Group to ‘Domain Users’ for UserB
> Brutus:/etc#
> --------------------
>
>
> So that maybe why the users cannot login…? If so I don’t know what it
> means really.
>
> I expect from the following config to be able to logon to Brutus at the
> root level of the folder tree. (not AS root)
> With a similar config file I can logon to OliveOil at the root level
> with no problem (from either Brutus or Popeye)
> That’s what’s got me so perplexed.
> Any help is appreciated!
>
> BRUTUS SMB.CONF
> Code:
> --------------------
>
> [global]
> workgroup = JeepNet
> netbios name = Brutus
> server string = Shop_Monkey
> name resolve order = bcast, host, lmhosts, wins
> map to guest = Bad User
> syslog only = Yes
> local master = yes
> os level = 33
> include = /etc/samba/dhcp.conf
> log file = /var/log/samba/log.%m
> log level = 3
> max log size = 150
> smb ports = 139, 445
> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536
> printing = cups
> printcap name = cups
> printcap cache time = 750
> cups options = raw
> load printers = yes
> use client driver = yes
> domain master = No
> usershare owner only = No
> passdb backend = tdbsam
> usershare allow guests = No
> wins support = No
> ldap admin dn =
> wins server =
>
> ## Share disabled by YaST
> # [homes]
> # comment = Home Directories
> # valid users = %S, %D%w%S
> # browseable = No
> # read only = No
> # inherit acls = Yes
> ## Share disabled by YaST
> # [profiles]
> # comment = Network Profiles Service
> # path = %H
> # read only = No
> # store dos attributes = Yes
> # create mask = 0600
> # directory mask = 0700
> ## Share disabled by YaST
> # [users]
> # comment = All users
> # path = /home
> # read only = No
> # inherit acls = Yes
> # veto files = /aquota.user/groups/shares/
>
> [Brutus]
> comment = Brutus
> path = /
> read only = No
> writeable = yes
> inherit acls = Yes
> valid users = UserA UserB
>
> [printers]
> comment = All Printers
> path = /var/tmp
> printable = Yes
> print ok = Yes
> create mask = 0700
> browseable = No
> guest ok = Yes
> [print$]
> comment = Printer Drivers
> path = /var/lib/samba/drivers
> write list = @ntadmin root
> force group = ntadmin
> create mask = 0664
> directory mask = 0775
>
>
> --------------------
>
>
> OLIVEOIL CONFIG.
> Code:
> --------------------
>
> [global]
> workgroup = JEEPNET
> server string = Samba Mama Server
> map to guest = Bad User
> syslog only = Yes
> log file = /usr/local/samba/var/log.%m
> max log size = 50
> smb ports = 139, 445
> name resolve order = bcast, host, lmhosts, wins
> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536 SO_SNDBUF=65536
> printing = cups
> printcap name = cups
> printcap cache time = 750
> cups options = raw
> load printers = yes
> use client driver = yes
> domain master = No
> usershare owner only = No
> : veto files = /aquota.user/groups/shares/
> : directory mask = 0700
> : create mask = 0600
> : store dos attributes = Yes
> : path = /home
> : inherit acls = Yes
> : read only = No
> : browseable = No
> : valid users = %S, %D%w%S
> : comment = All users
> idmap config * : backend = tdb
>
> [OliveOil]
> comment = OliveOil full access
> path = /
> valid users = UserA, UserB, UserC
> read only = No
> inherit acls = Yes
>
> [printers]
> comment = All Printers
> path = /var/tmp
> create mask = 0700
> guest ok = Yes
> printable = Yes
> print ok = Yes
> browseable = No
>
> [print$]
> comment = Printer Drivers
> path = /var/lib/samba/drivers
> write list = @ntadmin, root
> force group = ntadmin
> create mask = 0664
> directory mask = 0775
>
> --------------------
>
>
SomeSuSEUser;

Try running:


su -
pdbedit -L

What error message is generated, if any?
Are your users all listed?

Since “passwd backend” defaults to tdbsam, try just removing that parameter. Perhaps you have a white space in that line.

P.S. For modern kernels socket options is a bunch of voodo from " a long time ago in a Galaxy far, far away." Setting
socket options will likely degrade performance but not cause your problems.


P.V.
“We’re all in this together, I’m pulling for you” Red Green

Thanks for the ideas PV.
I cleaned up the smb.conf file…


[global]
    workgroup = JeepNet
    server string = Shop_Monkey
    name resolve order = bcast, host, lmhosts, wins
    map to guest = Bad User
    syslog only = Yes
    local master = yes
    os level = 33
    log file = /var/log/samba/log.%m
    log level = 3
    max log size = 150
    printing = cups
    printcap name = cups
    printcap cache time = 750
    cups options = raw
    load printers = yes
    use client driver = yes
    domain master = No
    usershare owner only = No
    usershare allow guests = No
    wins support = No
    ldap admin dn =
    passdb backend = smbpasswd
    wins server =
    
## Share disabled by YaST
# [homes]
#    comment = Home Directories
#    valid users = %S, %D%w%S
#    browseable = No
#    read only = No
#    inherit acls = Yes
## Share disabled by YaST
# [profiles]
#    comment = Network Profiles Service
#    path = %H
#    read only = No
#    store dos attributes = Yes
#    create mask = 0600
#    directory mask = 0700
## Share disabled by YaST
# [users]
#    comment = All users
#    path = /home
#    read only = No
#    inherit acls = Yes
#    veto files = /aquota.user/groups/shares/

[Brutus]
    comment = Brutus
    path = /
    read only = No
    writeable = yes
    inherit acls = Yes
    valid users = User1 User2
    
[printers]
    comment = All Printers
    path = /var/tmp
    printable = Yes
    print ok = Yes
    create mask = 0700
    browseable = No
    guest ok = Yes
[print$]
    comment = Printer Drivers
    path = /var/lib/samba/drivers
    write list = @ntadmin root
    force group = ntadmin
    create mask = 0664
    directory mask = 0775

and did testparm on smb.conf:


Load smb config files from smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[Brutus]"
Processing section "[printers]"
Processing section "[print$]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions


[global]
        workgroup = JEEPNET
        server string = Shop_Monkey
        map to guest = Bad User
        passdb backend = smbpasswd
        syslog only = Yes
        log file = /var/log/samba/log.%m
        max log size = 150
        name resolve order = bcast, host, lmhosts, wins
        printcap name = cups
        os level = 33
        domain master = No
        usershare owner only = No
        idmap config * : backend = tdb
        cups options = raw
        use client driver = Yes

[Brutus]
        comment = Brutus
        path = /
        valid users = User1, User2
        read only = No
        inherit acls = Yes

[printers]
        comment = All Printers
        path = /var/tmp
        create mask = 0700
        guest ok = Yes
        printable = Yes
        print ok = Yes
        browseable = No

[print$]
        comment = Printer Drivers
        path = /var/lib/samba/drivers
        write list = @ntadmin, root
        force group = ntadmin
        create mask = 0664
        directory mask = 0775

but with no resolution. Still no one can logon to Brutus.

Brutus:/etc/samba # pdbedit -L
No builtin backend found, trying to load plugin
Module 'smbpasswd' loaded
User1:1001:
User2:1000:

so both users are in the database…
I specifically deleted these lines in the Global stanza of the smb.conf file:

ldap admin dn =
passdb backend = smbpasswd

So the system must write those in automagically as I see they are back.

I’m really stumped.
I UNinstalled everything samba and deleted the /etc/samba path.
Restarted, REinstalled all samba, and I still can’t get anyone logged on to Brutus.
I did use the saved config file shown after reinstalling samba and running through the setup of it.

I can browse FROM Brutus to the other servers all I want.

When I try to access the shares I’m doing so via Dolphin
Choosing Network from Places on the left which displays the network Samba Shares…
which shows the “workgroup” JeepNet…
Which then drops down the three servers on the network…
Drop down on Brutus shows the share name…
and right there, when you try to open the share it prompts for UserName / Password.

Neither of the 2 users defined in the config file can access the share.

ACCESS DENIED TO smb://brutus/Brutus...

I then changed the share name so it would be less confusing…
After restarting samba still the same…

ACCESS DENIED TO smb://brutus/AllFiles...

Hoping a fresh pair of eyes on this will light a bulb with someone…
Should I NOT be using kwrite to edit the smb.conf file? Maybe I’m corrupting it somehow…

On 5/9/2015 5:26 PM, SomeSuSEUser wrote:
>
> Thanks for the ideas PV.
> I cleaned up the smb.conf file…
>
>
> Code:
> --------------------
>
> [global]
<snip>
> passdb backend = smbpasswd
> wins server =
>
<snip>
> --------------------
> Brutus:/etc/samba # pdbedit -L
> No builtin backend found, trying to load plugin
> Module ‘smbpasswd’ loaded
> User1:1001:
> User2:1000:
>
> --------------------
>
>
> so both users are in the database…
> I specifically deleted these lines in the Global stanza of the smb.conf
> file:
>
>
> Code:
> --------------------
> ldap admin dn =
> passdb backend = smbpasswd
> --------------------
>
>
> So the system must write those in automagically as I see they are back.
>
> I’m really stumped.
> I UNinstalled everything samba and deleted the /etc/samba path.
> Restarted, REinstalled all samba, and I still can’t get anyone logged on
> to Brutus.
> I did use the saved config file shown after reinstalling samba and
> running through the setup of it.
>
> I can browse FROM Brutus to the other servers all I want.
>
> When I try to access the shares I’m doing so via Dolphin
> Choosing Network from Places on the left which displays the network
> Samba Shares…
> which shows the “workgroup” JeepNet…
> Which then drops down the three servers on the network…
> Drop down on Brutus shows the share name…
> and right there, when you try to open the share it prompts for UserName
> / Password.
>
> Neither of the 2 users defined in the config file can access the share.
>
> Code:
> --------------------
> ACCESS DENIED TO smb://brutus/Brutus…
> --------------------
>
>
> I then changed the share name so it would be less confusing…
> After restarting samba still the same…
>
> Code:
> --------------------
> ACCESS DENIED TO smb://brutus/AllFiles…
> --------------------
>
>
> Hoping a fresh pair of eyes on this will light a bulb with someone…
> Should I NOT be using kwrite to edit the smb.conf file? Maybe I’m
> corrupting it somehow…
>
>
SomeSuSEUser;
You keep getting this message:
“No builtin backend found, trying to load plugin”

This looks like you are missing or have a corrupt library. Try reinstalling Samba and see if the error persists.

The system does not write any parameters into /etc/samba/smb.conf unless you do something. You are either not saving
your edits or maybe rolling back the system (snapper?) I still recommend removing the “passdb backend” parameter and
just use the default backend.


P.V.
“We’re all in this together, I’m pulling for you” Red Green