samba problem after system upgrade

English Network/Internet
1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi, after a system upgrade (11.1 -> 11.2) all start ok on the server,
but the xp clients don’t start session, any suggestion?

VampirD
No in elenath hîlar nan hâd gîn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAkw539IACgkQJQ+0ABWtaVm/sACgpnh3rpQAzDLQLvGVxLS+OwSR
qZAAnRHr8j1H9NbUIFA5WMfrx9uMyqf0
=hpQP
-----END PGP SIGNATURE-----

2

I’m sorry can you restate the problem?

3

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have a SAMBA PDC that was upgraded from 11.1 to 11.2 (zypper dup),

| Alias | Name | Enabled | Refresh

  • –±-------------±----------------------±--------±-------
    1 | repo-debug | openSUSE-11.2-Debug | No | Yes
    2 | repo-non-oss | openSUSE-11.2-Non-Oss | Yes | Yes
    3 | repo-oss | openSUSE-11.2-Oss | Yes | Yes
    4 | repo-source | openSUSE-11.2-Source | No | Yes
    5 | repo-update | openSUSE-11.2-Update | Yes | Yes

the server start ok and seems that the upgrade was all ok, but if I try
to login on a XP workstation it report that the server is down, the
machine password is wrong or the user is not valid

VampirD

Microsoft Windows is like air conditioning
Stops working when you open a window.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAkw6BowACgkQJQ+0ABWtaVldfACffzjFn44wHYZ0HWZswupcxeVT
BBMAn3UR19/paarIk1dhrGazHIACJJD+
=JZCz
-----END PGP SIGNATURE-----

4

That’s login to the server from an XP machine?

Ok with the basics?
Have you checked to see if /etc/samba/smb.conf has changed, ie, /etc/samba/smb.conf.rpmnew, or /etc/samba/smb.conf.old?
How about the /etc/hosts* have they changed?
How about the server IP address, if its dynamically assigned and picked up a new IP addr?

Any clues in


tail -n 100 /var/log/samba/smbd.log
tail -n 100 /var/log/warn
5

On Sun July 11 2010 10:14 am, VampirD wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi, after a system upgrade (11.1 → 11.2) all start ok on the server,
> but the xp clients don’t start session, any suggestion?
>
> - –
> VampirD
> No in elenath hîlar nan hâd gîn
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.12 (GNU/Linux)
> Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkw539IACgkQJQ+0ABWtaVm/sACgpnh3rpQAzDLQLvGVxLS+OwSR
> qZAAnRHr8j1H9NbUIFA5WMfrx9uMyqf0
> =hpQP
> -----END PGP SIGNATURE-----
VampirD;
Did you do a fresh install or an update? A couple of things could have gone
wrong.
Here are some that jump to mind.

If you did a fresh install, then most likely, (certainly), you blew away the
old /etc/samba/secrets.tdb. In this case the domain SID would have changed
and you will need to rejoin the domain or restore the old SID. Did you save
the SID?

Starting with Samba 3.4.0 the default “passdb backend” changed from smbpasswd
to tdbsam. If you were using the default with 11.1 and just did an upgrade
you will need to set the backend back to smbpasswd. If you did a fresh
install you will need to redo all the joins and user passwds. If you are
using LDAP see the above paragraph.

All so check that the firewall is allowing both the Samba Server and Netbios
Server through.

P. V.
“We’re all in this together, I’m pulling for you.” Red Green

6

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> VampirD;
> Did you do a fresh install or an update? A couple of things could have gone
> wrong.
It was a upgrade, not fresh install of the entire system

> If you did a fresh install, then most likely, (certainly), you blew away the
> old /etc/samba/secrets.tdb. In this case the domain SID would have changed
> and you will need to rejoin the domain or restore the old SID. Did you save
> the SID?
There is a /etc backup, so the content of the /etc/samba directory must
be there

> Starting with Samba 3.4.0 the default “passdb backend” changed from smbpasswd
> to tdbsam. If you were using the default with 11.1 and just did an upgrade
> you will need to set the backend back to smbpasswd. If you did a fresh
> install you will need to redo all the joins and user passwds. If you are
> using LDAP see the above paragraph.
mmmmm… I’ll check that, but now I don’t have access to the server

> All so check that the firewall is allowing both the Samba Server and Netbios
> Server through.
Firewall is ok, and I can access the samba shares from the xp
administrator account

VampirD

Microsoft Windows is like air conditioning
Stops working when you open a window.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAkw6V78ACgkQJQ+0ABWtaVnSOQCgi8fxFehzN4M7UQ0LGIyebzeD
kDEAnR27vDwkHrvX1/0OYwiNEhNLGZ/7
=JUVi
-----END PGP SIGNATURE-----

7

On Sun July 11 2010 06:42 pm, VampirD wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>> VampirD;
>> Did you do a fresh install or an update? A couple of things could have
gone
<snip>
>
>> Starting with Samba 3.4.0 the default “passdb backend” changed from
smbpasswd
>> to tdbsam. If you were using the default with 11.1 and just did an
upgrade
>> you will need to set the backend back to smbpasswd. If you did a fresh
>> install you will need to redo all the joins and user passwds. If you are
>> using LDAP see the above paragraph.
> mmmmm… I’ll check that, but now I don’t have access to the server
>
<snip>
>
> - –
> VampirD
>
> Microsoft Windows is like air conditioning
> Stops working when you open a window.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.12 (GNU/Linux)
> Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkw6V78ACgkQJQ+0ABWtaVnSOQCgi8fxFehzN4M7UQ0LGIyebzeD
> kDEAnR27vDwkHrvX1/0OYwiNEhNLGZ/7
> =JUVi
> -----END PGP SIGNATURE-----
VampirD;

If your 11.1 smb.conf did not specify the “passdb backend”, then most
certainly it was smbpasswd. You can check the current value of that
parameter with:


testparm -vs | grep passdb

This will show the current value of the parameter, including any default.

If you decide to just convert to the tdb backend you can export your current
smbpasswd file to tdbsam. First set the passdb backend parameter to
smbpasswd in /etc/samba/smb.conf.


passdb backend = smbpasswd

Restart smbd. Then execute with root authority:


pdbedit -i smbpasswd -e tdbsam

Let Samba revert to tdbsam ( just remove the passdb backend parameter and
restart smbd.

For a Domain tdbsam is much superior than smbpasswd and allows a lot more
control over user accounts.

P. V.
“We’re all in this together, I’m pulling for you.” Red Green

8

On Sun July 11 2010 11:44 pm, PV wrote:

>
> For a Domain tdbsam is much superior than smbpasswd and allows a lot more
> control over user accounts.
The above should read:

For a Domain, tdbsam is superior to smbpasswd as it allows better control over
accounts.
(it’s late here)
If you decide to convert to tdbsam this reference may give you more details:
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html#pdbeditthing
See the section titled “Account Import/Export”

P. V.
“We’re all in this together, I’m pulling for you.” Red Green

9

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Added


passdb backend = smbpasswd

and working, at least report connectes users, I’ll test it well later
when I can reach the server, and later try to change to tdbsam

VampirD

Microsoft Windows is like air conditioning
Stops working when you open a window.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAkw6/0EACgkQJQ+0ABWtaVkysgCfYI83Z8ZUNxPIZQDl3iDCXFpx
YTIAoLTSMPpIq59TdMsPKeCD5r2DuAFW
=NeYz
-----END PGP SIGNATURE-----

10

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

:slight_smile: all working ok now

VampirD
No in elenath hîlar nan hâd gîn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAkw7jMMACgkQJQ+0ABWtaVlKVwCgqyPXFljt6uRi0XUNConS0x30
U1oAoKj1sxGGyicXOta3nG0QlmNx7+xx
=7jSa
-----END PGP SIGNATURE-----

11

On Mon July 12 2010 04:44 pm, VampirD wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> :slight_smile: all working ok now
>
> - –
> VampirD
> No in elenath hîlar nan hâd gîn
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.12 (GNU/Linux)
> Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkw7jMMACgkQJQ+0ABWtaVlKVwCgqyPXFljt6uRi0XUNConS0x30
> U1oAoKj1sxGGyicXOta3nG0QlmNx7+xx
> =7jSa
> -----END PGP SIGNATURE-----
VampirD;

Glad to see you have it working now. If you ever do a fresh install or change
PDC’s you will need to restore your existing domain SID. It’s easiest to get
from a running PDC. I would recommend that you execute the following
command:


net getlocalsid <your domain>

If you redirect the output to a text file and back that up, then if needed you
can restore the sid on a new PDC with:


net setlocalsid <your domain sid>


P. V.
“We’re all in this together, I’m pulling for you.” Red Green

12

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ok, thanks again PV, I’ll write that to remember it.

VampirD
No in elenath hîlar nan hâd gîn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAkw7svQACgkQJQ+0ABWtaVlu/gCePHTO8UQ+1bPbQ9NGPA3kAHIl
uw0AoMD6AKyC8LCKYrHcWgPbIBZfK+gU
=cGGf
-----END PGP SIGNATURE-----