enterprise-support team mailing list archive

Thread
Date

[Bug 2009858] [NEW] User authentication is broken with 2:4.15.13+dfsg-0ubuntu0.20.04.1 package

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Andrew Berry <2009858@xxxxxxxxxxxxxxxxxx>
Date: Thu, 09 Mar 2023 15:37:12 -0000
Reply-to: Bug 2009858 <2009858@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Public bug reported:

Upgrading from samba 2:4.13.17~dfsg-0ubuntu1.20.04.5 to
2:4.15.13+dfsg-0ubuntu0.20.04.1 breaks user authentication. Neither a
macOS or a Windows client can connect.

>From the mac, I see

[2023/03/09 10:20:43.242196,  1] ../../source3/auth/token_util.c:1171(create_token_from_username)
  lookup_name_smbconf for <redacted> failed

>From Windows, I see:

[2023/03/09 10:21:49.274935,  1] ../../source3/smbd/service.c:364(create_connection_session_info)
  create_connection_session_info: user '<redacted>' (from session setup) not permitted to access this share (imazing)
[2023/03/09 10:21:49.275020,  1] ../../source3/smbd/service.c:545(make_connection_snum)
  create_connection_session_info failed: NT_STATUS_ACCESS_DENIED

Rolling back to 2:4.13.17~dfsg-0ubuntu1.20.04.5 fixes both issues.

There also appears to be a dependency bug. If I run apt-mark hold samba
and then upgrade, samba is broken on startup with:

Mar 09 10:31:36 samba systemd[1]: Failed to start Samba SMB Daemon.
Mar 09 10:31:59 samba systemd[1]: Starting Samba SMB Daemon...
Mar 09 10:31:59 samba smbd[1180]: /usr/sbin/smbd: /lib/x86_64-linux-gnu/libldb.so.2: version `LDB_2.2.3' not found (required by /lib/x86_64-linux-gnu/libsamba-passdb.so.0)
Mar 09 10:31:59 samba smbd[1180]: /usr/sbin/smbd: /lib/x86_64-linux-gnu/libldb.so.2: version `LDB_2.2.3' not found (required by /usr/lib/x86_64-linux-gnu/samba/libsamdb-common.so.0)

I had to manually mark a hold on libldb2 as well.

Here's the relevant config. I've pruned the shares to just the two
listed above, but in practice no shares work.

The username map handles mapping Microsoft account email addresses to
unix usernames for automatic authentication from Windows hosts.

[global]
   log level = 1
   workgroup = WORKGROUP
   server string = %h server (Samba, Ubuntu)
   max log size = 10000
   logging = file
   panic action = /usr/share/samba/panic-action %d
   server role = standalone server
   obey pam restrictions = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   pam password change = yes
   map to guest = bad user
   usershare allow guests = yes

   inherit permissions = yes

   username map = /etc/samba/username_map

   unix extensions = no

   vfs objects = catia fruit streams_xattr acl_xattr
   fruit:nfs_aces = no
   fruit:model = MacSamba
   fruit:resource = xattr
   fruit:encoding = native
   fruit:metadata = stream

[media]
  comment = media
  browseable = yes
  valid users = <redacted>
  force user = media
  writeable = yes
  path = /main/media
  create mask = 0774
  directory mask = 0775

[imazing]
  browseable = yes
  valid users = <redacted>
  guest ok = no
  force user = media
  writeable = yes
  path = /backups/imazing
  create mask = 0774
  directory mask = 0775

** Affects: samba (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to samba in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/2009858

Title:
  User authentication is broken with 2:4.15.13+dfsg-0ubuntu0.20.04.1
  package

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2009858/+subscriptions

Follow ups

[Bug 2009858] Re: User authentication is broken with 2:4.15.13+dfsg-0ubuntu0.20.04.1 package
From: Lena Voytek, 2023-03-10