← Back to team overview

enterprise-support team mailing list archive

[Bug 1954877] [NEW] Permission Denied for every share after upgrade to 2:4.7.6+dfsg~ubuntu-0ubuntu2.26

 

Public bug reported:

Our file shares on our samba server was working until last Tuesday, when
an unattended upgrade upgraded Samba to 2:4.7.6+dfsg~ubuntu-0ubuntu2.26,
we are now at 2:4.7.6+dfsg~ubuntu-0ubuntu2.27 after another upgrade last
night.

Environment:
OS: Ubbuntu 18.04.2 LTS
Kernel: 4.15.0-163-generic

################################################

/etc/samba/smb.conf

[global]
  workgroup = DOMAIN
  realm = DOMAIN.AD.DOMAIN
  server string = default
  fruit:aapl = yes
  log file = /var/log/samba/log.%m
  max log size = 5000
  log level = 8

  # Authentication
  server role = standalone server
  security = ADS
  passdb backend = tdbsam
  map to guest = bad user
  interfaces = 10.100.0.100
  hosts allow = 10.0.0.0/8
  dns proxy = no
  bind interfaces only = no
  client signing = yes
  client use spnego = yes
  password server = *
  encrypt passwords = yes
  kerberos method = secrets and keytab

  # Printers
  # Don't load printers
  load printers = no
  printing = bsd
  printcap name = /dev/null
  disable spoolss = yes

  include = /etc/samba/storage1_shares.conf
################################################

/etc/samba/storage1_shares.conf

[Share_one]
  comment = Share_one
  path = /mnt/zpool1/Share_one
  write list =
  create mask = 744
  directory mask = 755
  guest ok = no
  read only = no
  browseable = yes
  printable = no
  writable = yes
  inherit permissions = yes
  inherit acls = yes
  users = @"DOMAIN\group one", @"DOMAIN\group two"
  force group =
  vfs objects = catia fruit streams_xattr
  fruit:resource = xattr
  fruit:encoding = native

################################################

/etc/krb5.conf

[libdefaults]
default_realm = AD.DOMAIN.COM
ticket_lifetime = 24h
renew_lifetime = 7d

[realms]
  AD.DOMAIN.COM = {
    kdc = "dc1.ad.domain.com"
    admin_server = "dc1.ad.domain.com"
  }

[domain_realm]
.ad.domain.com = AD.DOMAIN.COM
ad.domain.com = AD.DOMAIN.COM

[logging]
  Default = FILE:/var/log/krb5.log

################################################

/etc/sssd/sssd.conf

[sssd]
services = nss, pam
config_file_version = 2
domains = AD.DOMAIN.COM

[domain/AD.DOMAIN.COM]
id_provider = ad
access_provider = ad

override_homedir = /home/%d/%u

[nss]
filter_users = user1,user2,user3,user4

################################################

Changes:
Start-Date: 2021-12-07  06:40:49
Commandline: /usr/bin/unattended-upgrade
Upgrade: python-samba:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), libwbclient0:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba-dsdb-modules:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba-libs:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba-common:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba-vfs-modules:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), libsmbclient:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), smbclient:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba-common-bin:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26)
End-Date: 2021-12-07  06:41:02

Problem:
No Domain Users or Administrators are able to access any of the shares any longer. All we get when trying to accessing the drives from our Windows workstations is that we do not have permissions to access the drives.

Additionally from the logs, it looks like domain users and
administrators authenticate successfully, so I can see that LDAP / AD
Authentication is working. But users are just not able to access files /
folders from their clients to the samba shares.

** Affects: samba (Ubuntu)
     Importance: Undecided
         Status: New

** Description changed:

  Our file shares on our samba server was working until last Tuesday, when
  an unattended upgrade upgraded Samba to 2:4.7.6+dfsg~ubuntu-0ubuntu2.26,
  we are now at 2:4.7.6+dfsg~ubuntu-0ubuntu2.27 after another upgrade last
  night.
  
  Environment:
  OS: Ubbuntu 18.04.2 LTS
  Kernel: 4.15.0-163-generic
  
+ ################################################
+ 
  /etc/samba/smb.conf
  
  [global]
-   workgroup = DOMAIN
-   realm = DOMAIN.AD.DOMAIN
-   server string = default
-   fruit:aapl = yes
-   log file = /var/log/samba/log.%m
-   max log size = 5000
-   log level = 8
+   workgroup = DOMAIN
+   realm = DOMAIN.AD.DOMAIN
+   server string = default
+   fruit:aapl = yes
+   log file = /var/log/samba/log.%m
+   max log size = 5000
+   log level = 8
  
-   # Authentication
-   server role = standalone server
-   security = ADS
-   passdb backend = tdbsam
-   map to guest = bad user
-   interfaces = 10.100.0.100
-   hosts allow = 10.0.0.0/8
-   dns proxy = no
-   bind interfaces only = no
-   client signing = yes
-   client use spnego = yes
-   password server = *
-   encrypt passwords = yes
-   kerberos method = secrets and keytab
+   # Authentication
+   server role = standalone server
+   security = ADS
+   passdb backend = tdbsam
+   map to guest = bad user
+   interfaces = 10.100.0.100
+   hosts allow = 10.0.0.0/8
+   dns proxy = no
+   bind interfaces only = no
+   client signing = yes
+   client use spnego = yes
+   password server = *
+   encrypt passwords = yes
+   kerberos method = secrets and keytab
  
-   # Printers
-   # Don't load printers
-   load printers = no
-   printing = bsd
-   printcap name = /dev/null
-   disable spoolss = yes
+   # Printers
+   # Don't load printers
+   load printers = no
+   printing = bsd
+   printcap name = /dev/null
+   disable spoolss = yes
  
-   include = /etc/samba/storage1_shares.conf
+   include = /etc/samba/storage1_shares.conf
+ ################################################
  
  /etc/samba/storage1_shares.conf
  
  [Share_one]
-   comment = Share_one
-   path = /mnt/zpool1/Share_one
-   write list = 
-   create mask = 744
-   directory mask = 755
-   guest ok = no
-   read only = no
-   browseable = yes
-   printable = no
-   writable = yes
-   inherit permissions = yes
-   inherit acls = yes
-   users = @"DOMAIN\group one", @"DOMAIN\group two"
-   force group = 
-   vfs objects = catia fruit streams_xattr
-   fruit:resource = xattr
-   fruit:encoding = native
+   comment = Share_one
+   path = /mnt/zpool1/Share_one
+   write list =
+   create mask = 744
+   directory mask = 755
+   guest ok = no
+   read only = no
+   browseable = yes
+   printable = no
+   writable = yes
+   inherit permissions = yes
+   inherit acls = yes
+   users = @"DOMAIN\group one", @"DOMAIN\group two"
+   force group =
+   vfs objects = catia fruit streams_xattr
+   fruit:resource = xattr
+   fruit:encoding = native
+ 
+ ################################################
+ 
+ /etc/krb5.conf
+ 
+ [libdefaults]
+ default_realm = AD.DOMAIN.COM
+ ticket_lifetime = 24h
+ renew_lifetime = 7d
+ 
+ [realms]
+   AD.BIOLA.EDU = {
+     kdc = "dc1.ad.domain.com"
+     admin_server = "dc1.ad.domain.com"
+   }
+ 
+ [domain_realm]
+ .ad.domain.com = AD.DOMAIN.COM
+ ad.domain.com = AD.DOMAIN.COM
+ 
+ [logging]
+   Default = FILE:/var/log/krb5.log
+ 
+ ################################################
+ 
+ /etc/sssd/sssd.conf
+ 
+ [sssd]
+ services = nss, pam
+ config_file_version = 2
+ domains = AD.DOMAIN.COM
+ 
+ [domain/AD.DOMAIN.COM]
+ id_provider = ad
+ access_provider = ad
+ 
+ override_homedir = /home/%d/%u
+ 
+ [nss]
+ filter_users = user1,user2,user3,user4
+ 
+ ################################################
  
  Changes:
  Start-Date: 2021-12-07  06:40:49
  Commandline: /usr/bin/unattended-upgrade
  Upgrade: python-samba:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), libwbclient0:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba-dsdb-modules:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba-libs:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba-common:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba-vfs-modules:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), libsmbclient:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), smbclient:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba-common-bin:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26)
  End-Date: 2021-12-07  06:41:02
  
  Problem:
  No Domain Users or Administrators are able to access any of the shares any longer. All we get when trying to accessing the drives from our Windows workstations is that we do not have permissions to access the drives.

** Description changed:

  Our file shares on our samba server was working until last Tuesday, when
  an unattended upgrade upgraded Samba to 2:4.7.6+dfsg~ubuntu-0ubuntu2.26,
  we are now at 2:4.7.6+dfsg~ubuntu-0ubuntu2.27 after another upgrade last
  night.
  
  Environment:
  OS: Ubbuntu 18.04.2 LTS
  Kernel: 4.15.0-163-generic
  
  ################################################
  
  /etc/samba/smb.conf
  
  [global]
    workgroup = DOMAIN
    realm = DOMAIN.AD.DOMAIN
    server string = default
    fruit:aapl = yes
    log file = /var/log/samba/log.%m
    max log size = 5000
    log level = 8
  
    # Authentication
    server role = standalone server
    security = ADS
    passdb backend = tdbsam
    map to guest = bad user
    interfaces = 10.100.0.100
    hosts allow = 10.0.0.0/8
    dns proxy = no
    bind interfaces only = no
    client signing = yes
    client use spnego = yes
    password server = *
    encrypt passwords = yes
    kerberos method = secrets and keytab
  
    # Printers
    # Don't load printers
    load printers = no
    printing = bsd
    printcap name = /dev/null
    disable spoolss = yes
  
    include = /etc/samba/storage1_shares.conf
  ################################################
  
  /etc/samba/storage1_shares.conf
  
  [Share_one]
    comment = Share_one
    path = /mnt/zpool1/Share_one
    write list =
    create mask = 744
    directory mask = 755
    guest ok = no
    read only = no
    browseable = yes
    printable = no
    writable = yes
    inherit permissions = yes
    inherit acls = yes
    users = @"DOMAIN\group one", @"DOMAIN\group two"
    force group =
    vfs objects = catia fruit streams_xattr
    fruit:resource = xattr
    fruit:encoding = native
  
  ################################################
  
  /etc/krb5.conf
  
  [libdefaults]
  default_realm = AD.DOMAIN.COM
  ticket_lifetime = 24h
  renew_lifetime = 7d
  
  [realms]
-   AD.BIOLA.EDU = {
-     kdc = "dc1.ad.domain.com"
-     admin_server = "dc1.ad.domain.com"
-   }
+   AD.DOMAIN.COM = {
+     kdc = "dc1.ad.domain.com"
+     admin_server = "dc1.ad.domain.com"
+   }
  
  [domain_realm]
  .ad.domain.com = AD.DOMAIN.COM
  ad.domain.com = AD.DOMAIN.COM
  
  [logging]
-   Default = FILE:/var/log/krb5.log
+   Default = FILE:/var/log/krb5.log
  
  ################################################
  
  /etc/sssd/sssd.conf
  
  [sssd]
  services = nss, pam
  config_file_version = 2
  domains = AD.DOMAIN.COM
  
  [domain/AD.DOMAIN.COM]
  id_provider = ad
  access_provider = ad
  
  override_homedir = /home/%d/%u
  
  [nss]
  filter_users = user1,user2,user3,user4
  
  ################################################
  
  Changes:
  Start-Date: 2021-12-07  06:40:49
  Commandline: /usr/bin/unattended-upgrade
  Upgrade: python-samba:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), libwbclient0:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba-dsdb-modules:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba-libs:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba-common:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba-vfs-modules:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), libsmbclient:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), smbclient:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba-common-bin:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26)
  End-Date: 2021-12-07  06:41:02
  
  Problem:
  No Domain Users or Administrators are able to access any of the shares any longer. All we get when trying to accessing the drives from our Windows workstations is that we do not have permissions to access the drives.

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to samba in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1954877

Title:
  Permission Denied for every share after upgrade to
  2:4.7.6+dfsg~ubuntu-0ubuntu2.26

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1954877/+subscriptions