enterprise-support team mailing list archive
-
enterprise-support team
-
Mailing list archive
-
Message #08691
[Bug 1954877] [NEW] Permission Denied for every share after upgrade to 2:4.7.6+dfsg~ubuntu-0ubuntu2.26
Public bug reported:
Our file shares on our samba server was working until last Tuesday, when
an unattended upgrade upgraded Samba to 2:4.7.6+dfsg~ubuntu-0ubuntu2.26,
we are now at 2:4.7.6+dfsg~ubuntu-0ubuntu2.27 after another upgrade last
night.
Environment:
OS: Ubbuntu 18.04.2 LTS
Kernel: 4.15.0-163-generic
################################################
/etc/samba/smb.conf
[global]
workgroup = DOMAIN
realm = DOMAIN.AD.DOMAIN
server string = default
fruit:aapl = yes
log file = /var/log/samba/log.%m
max log size = 5000
log level = 8
# Authentication
server role = standalone server
security = ADS
passdb backend = tdbsam
map to guest = bad user
interfaces = 10.100.0.100
hosts allow = 10.0.0.0/8
dns proxy = no
bind interfaces only = no
client signing = yes
client use spnego = yes
password server = *
encrypt passwords = yes
kerberos method = secrets and keytab
# Printers
# Don't load printers
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
include = /etc/samba/storage1_shares.conf
################################################
/etc/samba/storage1_shares.conf
[Share_one]
comment = Share_one
path = /mnt/zpool1/Share_one
write list =
create mask = 744
directory mask = 755
guest ok = no
read only = no
browseable = yes
printable = no
writable = yes
inherit permissions = yes
inherit acls = yes
users = @"DOMAIN\group one", @"DOMAIN\group two"
force group =
vfs objects = catia fruit streams_xattr
fruit:resource = xattr
fruit:encoding = native
################################################
/etc/krb5.conf
[libdefaults]
default_realm = AD.DOMAIN.COM
ticket_lifetime = 24h
renew_lifetime = 7d
[realms]
AD.DOMAIN.COM = {
kdc = "dc1.ad.domain.com"
admin_server = "dc1.ad.domain.com"
}
[domain_realm]
.ad.domain.com = AD.DOMAIN.COM
ad.domain.com = AD.DOMAIN.COM
[logging]
Default = FILE:/var/log/krb5.log
################################################
/etc/sssd/sssd.conf
[sssd]
services = nss, pam
config_file_version = 2
domains = AD.DOMAIN.COM
[domain/AD.DOMAIN.COM]
id_provider = ad
access_provider = ad
override_homedir = /home/%d/%u
[nss]
filter_users = user1,user2,user3,user4
################################################
Changes:
Start-Date: 2021-12-07 06:40:49
Commandline: /usr/bin/unattended-upgrade
Upgrade: python-samba:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), libwbclient0:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba-dsdb-modules:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba-libs:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba-common:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba-vfs-modules:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), libsmbclient:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), smbclient:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba-common-bin:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26)
End-Date: 2021-12-07 06:41:02
Problem:
No Domain Users or Administrators are able to access any of the shares any longer. All we get when trying to accessing the drives from our Windows workstations is that we do not have permissions to access the drives.
Additionally from the logs, it looks like domain users and
administrators authenticate successfully, so I can see that LDAP / AD
Authentication is working. But users are just not able to access files /
folders from their clients to the samba shares.
** Affects: samba (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
Our file shares on our samba server was working until last Tuesday, when
an unattended upgrade upgraded Samba to 2:4.7.6+dfsg~ubuntu-0ubuntu2.26,
we are now at 2:4.7.6+dfsg~ubuntu-0ubuntu2.27 after another upgrade last
night.
Environment:
OS: Ubbuntu 18.04.2 LTS
Kernel: 4.15.0-163-generic
+ ################################################
+
/etc/samba/smb.conf
[global]
- workgroup = DOMAIN
- realm = DOMAIN.AD.DOMAIN
- server string = default
- fruit:aapl = yes
- log file = /var/log/samba/log.%m
- max log size = 5000
- log level = 8
+ workgroup = DOMAIN
+ realm = DOMAIN.AD.DOMAIN
+ server string = default
+ fruit:aapl = yes
+ log file = /var/log/samba/log.%m
+ max log size = 5000
+ log level = 8
- # Authentication
- server role = standalone server
- security = ADS
- passdb backend = tdbsam
- map to guest = bad user
- interfaces = 10.100.0.100
- hosts allow = 10.0.0.0/8
- dns proxy = no
- bind interfaces only = no
- client signing = yes
- client use spnego = yes
- password server = *
- encrypt passwords = yes
- kerberos method = secrets and keytab
+ # Authentication
+ server role = standalone server
+ security = ADS
+ passdb backend = tdbsam
+ map to guest = bad user
+ interfaces = 10.100.0.100
+ hosts allow = 10.0.0.0/8
+ dns proxy = no
+ bind interfaces only = no
+ client signing = yes
+ client use spnego = yes
+ password server = *
+ encrypt passwords = yes
+ kerberos method = secrets and keytab
- # Printers
- # Don't load printers
- load printers = no
- printing = bsd
- printcap name = /dev/null
- disable spoolss = yes
+ # Printers
+ # Don't load printers
+ load printers = no
+ printing = bsd
+ printcap name = /dev/null
+ disable spoolss = yes
- include = /etc/samba/storage1_shares.conf
+ include = /etc/samba/storage1_shares.conf
+ ################################################
/etc/samba/storage1_shares.conf
[Share_one]
- comment = Share_one
- path = /mnt/zpool1/Share_one
- write list =
- create mask = 744
- directory mask = 755
- guest ok = no
- read only = no
- browseable = yes
- printable = no
- writable = yes
- inherit permissions = yes
- inherit acls = yes
- users = @"DOMAIN\group one", @"DOMAIN\group two"
- force group =
- vfs objects = catia fruit streams_xattr
- fruit:resource = xattr
- fruit:encoding = native
+ comment = Share_one
+ path = /mnt/zpool1/Share_one
+ write list =
+ create mask = 744
+ directory mask = 755
+ guest ok = no
+ read only = no
+ browseable = yes
+ printable = no
+ writable = yes
+ inherit permissions = yes
+ inherit acls = yes
+ users = @"DOMAIN\group one", @"DOMAIN\group two"
+ force group =
+ vfs objects = catia fruit streams_xattr
+ fruit:resource = xattr
+ fruit:encoding = native
+
+ ################################################
+
+ /etc/krb5.conf
+
+ [libdefaults]
+ default_realm = AD.DOMAIN.COM
+ ticket_lifetime = 24h
+ renew_lifetime = 7d
+
+ [realms]
+ AD.BIOLA.EDU = {
+ kdc = "dc1.ad.domain.com"
+ admin_server = "dc1.ad.domain.com"
+ }
+
+ [domain_realm]
+ .ad.domain.com = AD.DOMAIN.COM
+ ad.domain.com = AD.DOMAIN.COM
+
+ [logging]
+ Default = FILE:/var/log/krb5.log
+
+ ################################################
+
+ /etc/sssd/sssd.conf
+
+ [sssd]
+ services = nss, pam
+ config_file_version = 2
+ domains = AD.DOMAIN.COM
+
+ [domain/AD.DOMAIN.COM]
+ id_provider = ad
+ access_provider = ad
+
+ override_homedir = /home/%d/%u
+
+ [nss]
+ filter_users = user1,user2,user3,user4
+
+ ################################################
Changes:
Start-Date: 2021-12-07 06:40:49
Commandline: /usr/bin/unattended-upgrade
Upgrade: python-samba:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), libwbclient0:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba-dsdb-modules:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba-libs:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba-common:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba-vfs-modules:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), libsmbclient:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), smbclient:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba-common-bin:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26)
End-Date: 2021-12-07 06:41:02
Problem:
No Domain Users or Administrators are able to access any of the shares any longer. All we get when trying to accessing the drives from our Windows workstations is that we do not have permissions to access the drives.
** Description changed:
Our file shares on our samba server was working until last Tuesday, when
an unattended upgrade upgraded Samba to 2:4.7.6+dfsg~ubuntu-0ubuntu2.26,
we are now at 2:4.7.6+dfsg~ubuntu-0ubuntu2.27 after another upgrade last
night.
Environment:
OS: Ubbuntu 18.04.2 LTS
Kernel: 4.15.0-163-generic
################################################
/etc/samba/smb.conf
[global]
workgroup = DOMAIN
realm = DOMAIN.AD.DOMAIN
server string = default
fruit:aapl = yes
log file = /var/log/samba/log.%m
max log size = 5000
log level = 8
# Authentication
server role = standalone server
security = ADS
passdb backend = tdbsam
map to guest = bad user
interfaces = 10.100.0.100
hosts allow = 10.0.0.0/8
dns proxy = no
bind interfaces only = no
client signing = yes
client use spnego = yes
password server = *
encrypt passwords = yes
kerberos method = secrets and keytab
# Printers
# Don't load printers
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
include = /etc/samba/storage1_shares.conf
################################################
/etc/samba/storage1_shares.conf
[Share_one]
comment = Share_one
path = /mnt/zpool1/Share_one
write list =
create mask = 744
directory mask = 755
guest ok = no
read only = no
browseable = yes
printable = no
writable = yes
inherit permissions = yes
inherit acls = yes
users = @"DOMAIN\group one", @"DOMAIN\group two"
force group =
vfs objects = catia fruit streams_xattr
fruit:resource = xattr
fruit:encoding = native
################################################
/etc/krb5.conf
[libdefaults]
default_realm = AD.DOMAIN.COM
ticket_lifetime = 24h
renew_lifetime = 7d
[realms]
- AD.BIOLA.EDU = {
- kdc = "dc1.ad.domain.com"
- admin_server = "dc1.ad.domain.com"
- }
+ AD.DOMAIN.COM = {
+ kdc = "dc1.ad.domain.com"
+ admin_server = "dc1.ad.domain.com"
+ }
[domain_realm]
.ad.domain.com = AD.DOMAIN.COM
ad.domain.com = AD.DOMAIN.COM
[logging]
- Default = FILE:/var/log/krb5.log
+ Default = FILE:/var/log/krb5.log
################################################
/etc/sssd/sssd.conf
[sssd]
services = nss, pam
config_file_version = 2
domains = AD.DOMAIN.COM
[domain/AD.DOMAIN.COM]
id_provider = ad
access_provider = ad
override_homedir = /home/%d/%u
[nss]
filter_users = user1,user2,user3,user4
################################################
Changes:
Start-Date: 2021-12-07 06:40:49
Commandline: /usr/bin/unattended-upgrade
Upgrade: python-samba:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), libwbclient0:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba-dsdb-modules:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba-libs:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba-common:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba-vfs-modules:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), libsmbclient:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), smbclient:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26), samba-common-bin:amd64 (2:4.7.6+dfsg~ubuntu-0ubuntu2.23, 2:4.7.6+dfsg~ubuntu-0ubuntu2.26)
End-Date: 2021-12-07 06:41:02
Problem:
No Domain Users or Administrators are able to access any of the shares any longer. All we get when trying to accessing the drives from our Windows workstations is that we do not have permissions to access the drives.
--
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to samba in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1954877
Title:
Permission Denied for every share after upgrade to
2:4.7.6+dfsg~ubuntu-0ubuntu2.26
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1954877/+subscriptions