Public bug reported: Ubuntu Release: Ubuntu 20.04.3 LTS Package: samba 4.13.14+dfsg-0ubuntu0.20.04.1
Expected behavior: I'm running a 20.04.03 LTS server joined into an AD-Domain via sssd. Logging in via ssh works like fine. The server also exports the user homes via samba, so the users can access their homes e.g. via \\myserver\myusername from their Windows10 desktops "just like that". The authentication via kerberos works flawlessly, they do not have to provide a password. That was the case for the system as long as it was running samba version 4.11.6. What happens instead? After a regular nightly system security update, the samba server stack went from: libsmbclient 2:4.11.6+dfsg-0ubuntu1.10 samba install ok installed libwbclient0 2:4.11.6+dfsg-0ubuntu1.10 samba install ok installed python3-samba 2:4.11.6+dfsg-0ubuntu1.10 samba install ok installed samba 2:4.11.6+dfsg-0ubuntu1.10 hold ok installed samba-common 2:4.11.6+dfsg-0ubuntu1.10 samba install ok installed samba-common-bin 2:4.11.6+dfsg-0ubuntu1.10 samba install ok installed samba-dsdb-modules 2:4.11.6+dfsg-0ubuntu1.10 samba install ok installed samba-libs 2:4.11.6+dfsg-0ubuntu1.10 samba install ok installed samba-vfs-modules 2:4.11.6+dfsg-0ubuntu1.10 samba install ok installed to: libsmbclient 2:4.13.14+dfsg-0ubuntu0.20.04.1 samba install ok installed libwbclient0 2:4.13.14+dfsg-0ubuntu0.20.04.1 samba install ok installed python3-samba 2:4.13.14+dfsg-0ubuntu0.20.04.1 samba install ok installed samba 2:4.13.14+dfsg-0ubuntu0.20.04.1 install ok installed samba-common 2:4.13.14+dfsg-0ubuntu0.20.04.1 samba install ok installed samba-common-bin 2:4.13.14+dfsg-0ubuntu0.20.04.1 samba install ok installed samba-dsdb-modules 2:4.13.14+dfsg-0ubuntu0.20.04.1 samba install ok installed samba-libs 2:4.13.14+dfsg-0ubuntu0.20.04.1 samba install ok installed samba-vfs-modules 2:4.13.14+dfsg-0ubuntu0.20.04.1 samba install ok installed (aktually the following packages got updated: libicu66 libipa-hbac0 libldb2 libsmbclient libsss-idmap0 libwbclient0 python3-ldb python3-samba python3-sss samba samba-common samba-common-bin samba-dsdb-modules samba-libs samba-vfs-modules sssd sssd-ad sssd-ad-common sssd-common sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy sssd-tools) After the update, the export of the user homes is not working anymore. The Windows10 users are not able to reach it via "\\myserver\myusername". The share is unavailable. I can reproduce that behavior, by restoring an older snapshot of that virtual server. It works fine at first (immediately after the restore), but then -after an initiated package update- it stops working. Here is my smb.conf: ------------------------------------------------------- [global] interfaces = lo ens160 bind interfaces only = yes realm = MYDOMA.IN kerberos method = secrets and keytab server string = %h server (Samba, Ubuntu) log file = /var/log/samba/log.%m max log size = 1000 logging = file panic action = /usr/share/samba/panic-action %d log level = 3 server role = standalone server obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user usershare allow guests = yes [Homes] comment = User Homes path = /home/mydoma.in/%U browsable = yes valid users = %U force group = "Domain users" follow symlinks = yes wide links = no writable = yes read only = no force create mode = 0660 create mask = 0777 directory mask = 0777 force directory mode = 0770 access based share enum = yes hide unreadable = yes ---------------------------------------------------------- When trying to connect from a Windows10 client, the updated samba server (4.13.14) logs for that particular IP address show: [2021/11/25 11:12:52.256505, 1] ../../source3/librpc/crypto/gse_krb5.c:179(fill_mem_keytab_from_secrets) fill_mem_keytab_from_secrets: secrets_fetch_or_upgrade_domain_info(WORKGROUP) - NT_STATUS_CANT_ACCESS_DOMAIN_INFO [2021/11/25 11:12:52.256532, 3] ../../source3/librpc/crypto/gse_krb5.c:570(gse_krb5_get_server_keytab) ../../source3/librpc/crypto/gse_krb5.c:570: Warning! Unable to set mem keytab from secrets! [2021/11/25 11:12:52.258626, 1] ../../source3/librpc/crypto/gse_krb5.c:179(fill_mem_keytab_from_secrets) fill_mem_keytab_from_secrets: secrets_fetch_or_upgrade_domain_info(WORKGROUP) - NT_STATUS_CANT_ACCESS_DOMAIN_INFO [2021/11/25 11:12:52.258647, 3] ../../source3/librpc/crypto/gse_krb5.c:570(gse_krb5_get_server_keytab) ../../source3/librpc/crypto/gse_krb5.c:570: Warning! Unable to set mem keytab from secrets! [2021/11/25 11:12:52.259947, 1] ../../source3/auth/auth_generic.c:209(auth3_generate_session_info_pac) auth3_generate_session_info_pac: Unexpected PAC for [myuser@MYDOMAIN] in standalone mode - NT_STATUS_BAD_TOKEN_TYPE [2021/11/25 11:12:52.259983, 3] ../../source3/smbd/smb2_server.c:3861(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_BAD_TOKEN_TYPE] || at ../../source3/smbd/smb2_sesssetup.c:146 [2021/11/25 11:12:52.260415, 3] ../../source3/smbd/server_exit.c:220(exit_server_common) Server exit (NT_STATUS_CONNECTION_RESET) ** Affects: samba (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1952219 Title: AD-joined Samba Server stops working after upgrade to 4.13.14+dfsg-0ubuntu0.20.04.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1952219/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs