** Description changed:
Our file shares on our samba server was working until last Tuesday, when
an unattended upgrade upgraded Samba to 2:4.7.6+dfsg~ubuntu-0ubuntu2.26,
we are now at 2:4.7.6+dfsg~ubuntu-0ubuntu2.27 after another upgrade last
night.
Environment:
OS: Ubbuntu 18.04.2 LTS
Kernel: 4.15.0-163-generic
################################################
/etc/samba/smb.conf
[global]
workgroup = DOMAIN
realm = DOMAIN.AD.DOMAIN
server string = default
fruit:aapl = yes
log file = /var/log/samba/log.%m
max log size = 5000
log level = 8
# Authentication
server role = standalone server
security = ADS
passdb backend = tdbsam
map to guest = bad user
interfaces = 10.100.0.100
hosts allow = 10.0.0.0/8
dns proxy = no
bind interfaces only = no
client signing = yes
client use spnego = yes
password server = *
encrypt passwords = yes
kerberos method = secrets and keytab
# Printers
# Don't load printers
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
include = /etc/samba/storage1_shares.conf
################################################
/etc/samba/storage1_shares.conf
[Share_one]
comment = Share_one
path = /mnt/zpool1/Share_one
write list =
create mask = 744
directory mask = 755
guest ok = no
read only = no
browseable = yes
printable = no
writable = yes
inherit permissions = yes
inherit acls = yes
users = @"DOMAIN\group one", @"DOMAIN\group two"
force group =
vfs objects = catia fruit streams_xattr
fruit:resource = xattr
fruit:encoding = native
################################################
/etc/krb5.conf
[libdefaults]
default_realm = AD.DOMAIN.COM
ticket_lifetime = 24h
renew_lifetime = 7d
[realms]
AD.DOMAIN.COM = {
kdc = "dc1.ad.domain.com"
admin_server = "dc1.ad.domain.com"
}
[domain_realm]
.ad.domain.com = AD.DOMAIN.COM
ad.domain.com = AD.DOMAIN.COM
[logging]
Default = FILE:/var/log/krb5.log
################################################
/etc/sssd/sssd.conf
[sssd]
services = nss, pam
config_file_version = 2
domains = AD.DOMAIN.COM
[domain/AD.DOMAIN.COM]
id_provider = ad
access_provider = ad
override_homedir = /home/%d/%u
[nss]
filter_users = user1,user2,user3,user4
################################################
Changes:
Start-Date: 2021-12-07 06:40:49
Commandline: /usr/bin/unattended-upgrade
Upgrade: python-samba:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23,
2:4.7.6+dfsg~ubuntu-0ubuntu2.26), libwbclient0:amd64
(2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba:amd64
(2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26),
samba-dsdb-modules:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23,
2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba-libs:amd64
(2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26),
samba-common:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23,
2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba-vfs-modules:amd64
(2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26),
libsmbclient:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23,
2:4.7.6+dfsg~ubuntu-0ubuntu2.26), smbclient:amd64
(2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26),
samba-common-bin:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23,
2:4.7.6+dfsg~ubuntu-0ubuntu2.26)
End-Date: 2021-12-07 06:41:02
Problem:
No Domain Users or Administrators are able to access any of the shares any
longer. All we get when trying to accessing the drives from our Windows
workstations is that we do not have permissions to access the drives.
+
+ Additionally from the logs, it looks like domain users and
+ administrators authenticate successfully, so I can see that LDAP / AD
+ Authentication is working. But users are just not able to access files /
+ folders from their clients to the samba shares.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1954877
Title:
Permission Denied for every share after upgrade to
2:4.7.6+dfsg~ubuntu-0ubuntu2.26
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1954877/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
