Quite recently (don’t know exact date when this started but within past 2 weeks) samba stopped working. No changes were made to config which used to work fine.
Home directory is still shared fine but /opt and /data no longer. Windows reports that folder does not exist. Dolphin the same.
With Dophin if I try to browse share: smb://server.lan/ (or using IP address) I get following folders:
data
homes
nobody
opt
private
I have not defined such a share as “nobody”. Rest are fine.
Log does not give much help either:
With server.lan:
[2022/10/29 21:38:53.101551, 0] ../../source3/smbd/msdfs.c:180(parse_dfs_path)
parse_dfs_path: trying to convert server.lan to a local path
With IP-address:
[2022/10/29 21:44:55.100598, 0] ../../source3/smbd/msdfs.c:180(parse_dfs_path)
parse_dfs_path: trying to convert 10.1.10.10 to a local path
Apparently something has changed in Samba recently but I have no idea what. Any idea what could cause this?
The config itself (this is pretty old config I’ve been using for years):
# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
[global]
workgroup = XXXX
passdb backend = tdbsam
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
security = user
usershare max shares = 100
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
domain logons = No
domain master = No
netbios name = ***********
name resolve order = bcast host lmhosts wins
local master = yes
preferred master = yes
interfaces = br0
bind interfaces only = yes
usershare allow guests = No
wins support = No
ldap admin dn =
wins server =
[homes]
comment = Home Directories
valid users = %S, %D%w%S
read only = No
inherit acls = Yes
create mask = 0664
delete veto files = No
directory mask = 0775
hide dot files = Yes
hide unreadable = Yes
veto files = .a*/.b*/.c*/.d*/.e*/.f*/.g*/.h*/.i*/.j*/.k*/.m*/.n*/.o*/.p*/.q*/.r*/.s*/.t*/.u*/.v*/.w*/.x*/.y*/.z*
guest ok = No
# browseable = No
# [profiles]
# comment = Network Profiles Service
# path = %H
# read only = No
# store dos attributes = Yes
# create mask = 0600
# directory mask = 0700
# [users]
# comment = All users
# path = /home
# read only = No
# inherit acls = Yes
# veto files = /aquota.user/groups/shares/
# [groups]
# comment = All groups
# path = /home/groups
# read only = No
# inherit acls = Yes
# [printers]
# comment = All Printers
# path = /var/tmp
# printable = Yes
# create mask = 0600
# browseable = No
# [print$]
# comment = Printer Drivers
# path = /var/lib/samba/drivers
# write list = @ntadmin root
# force group = ntadmin
# create mask = 0664
# directory mask = 0775
[data]
comment = Media
create mask = 0664
delete veto files = No
directory mask = 0775
force group = users
hide dot files = Yes
inherit acls = Yes
path = /data/
browsable = Yes
writable = Yes
read only = No
veto files = .*/
guest ok = Yes
[private]
comment = private
create mask = 0664
delete veto files = No
directory mask = 0775
force group = users
hide dot files = Yes
inherit acls = Yes
path = /private
read only = No
veto files = .*/
guest ok = No
[opt]
comment = Media
create mask = 0664
delete veto files = No
directory mask = 0775
force group = users
hide dot files = Yes
inherit acls = Yes
path = /opt
read only = No
veto files = .*/
guest ok = Yes
Can you navigate a share successfully using smbclient?
From ‘man smbclient’…
-d|–debuglevel=DEBUGLEVEL level is an integer from 0 to 10. The default value if this parameter is not specified is 1 for client applications.
The higher this value, the more detail will be logged to the log files about the activities of the server. At level 0, only critical errors and serious warnings will be logged. Level 1 is a reasonable level for day-to-day running - it generates a small amount of information about operations carried out.
Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic.
Note that specifying this parameter here will override the log level parameter in the ${prefix}/etc/smb.conf file.
With Doplhin when I go to: smb://server.lan/ I get:
data (does not exist)
homes (does not exist)
nobody (access denied)
opt (does not exist)
private (does not exist)
Is this when accessing from the server (localhost) itself or via another Linux host on the network? If two different machines, are they both using recent samba versions?
With Windows Explorer I get:
data (cannot be accessed)
homes (works)
<***> (user account name) (works)
opt (cannot be accessed)
private (cannot be accessed)
Are you attempting to access with as a particular samba user with credentials or as a guest?
Are you attempting to access with as a particular samba user with credentials or as a guest?
Doesn’t ask user nor password. Data and opt has been configured to be guest ok. Homes and private with user account. Dolphin asks user account and password despite being ok for quests and yet does not allow in (“does not exist”).
I’m wondering if this is related to some security changes what have been done recently. These settings are now obsoleted (recently):
client use spnego = no
client ntlmv2 auth = no
Someone had similar issues but much earlier and these settings were used to solve the problem. Anyway, this problem sounds very much a security related. Has there been limitations to the path that can be used? Opt, data and private are located in root. Homes under /home/<user>/.
I don’t know whether this is similar to what you report with Dolphin at least, but the another user in that thread suggested…
In System Settings look for Windows Shares. It should ask for a username and password.Put anything in (I currently have user:a/pass:b).
Close Dolphin. Re-open and try your shares again.
In terms of the Windows client I know the Credential Manager can be used to manage the required samba credentials for a given host…
I don’t understand your comment here. System Settings > Network > Settings >Windows Shares brings up a dialogue box allowing one to enter the credentials. Unfortunately, it can only be configured for one particular set of credentials. The Windows credential manager can at least be made specific to a given host.
Is guest accounts still OK without username and password or has that changed?
Not that I’m aware of. I’m still openSUSE Leap 15.4 with samba version 4.15.8, and quest access still works for me. I just tested access via a Windows 10 machine, and my share with guest access just worked. Credentials are prompted for with other shares requiring it as expected.
Problem solved (mainly). Access permission problem still remaining.
Turned out that parameter
veto files
has changed a bit. Previously all folders and files starting with . where also visible. It was possible to remove these from listing with “veto files” parameter (“veto files = .*/”). Now this setting eliminates folders and files. At some point the visibility of dot-files/folders have changed as well since they are no longer listed - with or without having “hide dot files = yes” parameter (could also be that Dolphin and Windows explorer is hiding them automatically nowadays). smbclient still shows dot-files despite the parameter to hide them.
Anyway, commented all “veto” parameters and things got back to normal regarding folder and file visibility.
Furthermore, there is a change is permission handling. I’ve been using the shown config for years. Read and writing files in shared folders but now it was not possible - access denied. For shares “data” and “opt” I’ve forced group to “users”. All used to be fine i.e. created files got “.users" owner definition. This is no longer working the same way. It’s not possible to e.g. create file in a folder where group does not have write access. Still, the file created has correct owner definition ".users”. Haven’t found yet how to change this. Tried “force user = ***” but did not help.