Koozali.org: home of the SME Server
Obsolete Releases => SME Server 9.x => Topic started by: Jáder on January 13, 2021, 12:12:52 PM
-
I did un update on my server on saturday. Monday problems started to rise. People say cannot see mapped letters.
I have netlogon\netlogon.bat script to map more than 10 drives. I was using IFMEMBER to verify if people belongs to group before map drive letter . I had to remove the +5 years command using IFMEMBER and use just "net use" .
But even this way I got problems! People was saying they cannot access ONE single SHARE (commercial one).
Even a "net use k: \\server\commercial" do not work with a "bad password" message.
I´ve moved the bad net use to be last one. So same password was ok for previous 9 mapping and fails to 10th!
I did a SCARRY test: created a new share (test-jm) and cannot access it!
What I updated:
09-jan-2021 - updates SO
Removed:
kernel.x86_64 0:2.6.32-754.27.1.el6 kernel-devel.x86_64 0:2.6.32-754.27.1.el6
Installed:
kernel.x86_64 0:2.6.32-754.35.1.el6 kernel-devel.x86_64 0:2.6.32-754.35.1.el6
Updated:
bind-libs.x86_64 32:9.8.2-0.68.rc1.el6_10.8 bind-utils.x86_64 32:9.8.2-0.68.rc1.el6_10.8
e-smith-samba.noarch 0:2.4.0-27.el6.sme kernel-firmware.noarch 0:2.6.32-754.35.1.el6
kernel-headers.x86_64 0:2.6.32-754.35.1.el6 libX11.i686 0:1.6.4-4.el6_10
libX11.x86_64 0:1.6.4-4.el6_10 libX11-common.noarch 0:1.6.4-4.el6_10
microcode_ctl.x86_64 2:1.17-33.31.el6_10 net-snmp-libs.x86_64 1:5.5-60.el6_10.2
net-snmp-utils.x86_64 1:5.5-60.el6_10.2 proftpd.x86_64 0:1.3.3g-15.el6
tzdata.noarch 0:2020d-1.el6
and later same day I updated other packages (SOGO5)
09-jan-2021 - instalando v5 de sogo seguindo https://forums.contribs.org/index.php/topic,54288.0.html
Dependency Installed:
gnustep-base.x86_64 0:1.23.0-1 gnustep-make.x86_64 0:2.6.1-1 libzip.x86_64 0:0.9-3.1.el6
Updated:
sogo.x86_64 0:5.0.1.20210109-1.centos6 sogo-activesync.x86_64 0:5.0.1.20210109-1.centos6
sogo-ealarms-notify.x86_64 0:5.0.1.20210109-1.centos6 sogo-tool.x86_64 0:5.0.1.20210109-1.centos6
sope49-appserver.x86_64 0:4.9-20201202_1664.el6.1 sope49-cards.x86_64 0:5.0.1.20210109-1.centos6
sope49-core.x86_64 0:4.9-20201202_1664.el6.1 sope49-gdl1.x86_64 0:4.9-20201202_1664.el6.1
sope49-gdl1-contentstore.x86_64 0:5.0.1.20210109-1.centos6 sope49-gdl1-mysql.x86_64 0:4.9-20201202_1664.el6.1
sope49-ldap.x86_64 0:4.9-20201202_1664.el6.1 sope49-mime.x86_64 0:4.9-20201202_1664.el6.1
sope49-sbjson.x86_64 0:2.3.1-20201202_1664.el6.1 sope49-xml.x86_64 0:4.9-20201202_1664.el6.1
I see TWO possibles sources of problem: updates of BIND and librarys from SOGO5 repo (I removed them as indicated on forum post )
-
run 'newrpms' to see if you have accidentally installed any critical packages from non-koozali repositories:
/sbin/e-smith/audittools/newrpms
-
The changelog for e-smith-samba indicates that the last change dealt with Bug 10970 (https://bugs.contribs.org/show_bug.cgi?id=10970)
In the bug, there is a post from 1/9/2021 reporting that e-smith-samba v2.4.0-27 breaks Samba PDC functionality.
You can downgrade to v2.4.0-24 using:
yum downgrade e-smith-samba
(You were probably running v2.4.0-26; I'm still looking for how/where to get back to that)
[edit] I can't find v2.4.0.26 online anywhere. You'll need to get one of the devs to make it available, restore it from a backup, or try to reverse engineer whatever changes were made in v2.4.0.27...
-
...
(You were probably running v2.4.0-26; I'm still looking for how/where to get back to that)
[edit] I can't find v2.4.0.26 online anywhere. You'll need to get one of the devs to make it available, restore it from a backup, or try to reverse engineer whatever changes were made in v2.4.0.27...
looks like I´m on 27 version:
[root@andorinha ibays]# rpm -qi e-smith-samba
Name : e-smith-samba Relocations: (not relocatable)
Version : 2.4.0 Vendor: Contribs.org <http://contribs.org>
Release : 27.el6.sme Build Date: Mon 29 Jun 2020 02:19:09 AM -03
Install Date: Sat 09 Jan 2021 03:41:24 PM -03 Build Host: builder7.koozali.org
Group : Networking/Daemons Source RPM: e-smith-samba-2.4.0-27.el6.sme.src.rpm
Size : 75714 License: GPL
Signature : DSA/SHA1, Mon 29 Jun 2020 02:41:00 AM -03, Key ID 3d7205081e9c9308
Packager : Contribs.org <http://contribs.org>
Summary : e-smith specific Samba configuration files and templates
Description :
Configuration files and templates for the Samba daemon.
[root@andorinha ibays]#
-
downgrade e-smith-samba appear to fix the problem! More info later!
I´ve to do a reboot on office hours, but it´s a small price to pay.
MMCARN you can PM and give a account number: I´d like to pay for your help! :D
BTW: I think we should remove version e-smith-samba v27 from repos!
-
I´m back to .24 version
[root@andorinha ~]# rpm -qi e-smith-samba
Name : e-smith-samba Relocations: (not relocatable)
Version : 2.4.0 Vendor: Contribs.org <http://contribs.org>
Release : 24.el6.sme Build Date: Fri 24 Mar 2017 07:10:45 PM -03
Install Date: Wed 13 Jan 2021 09:53:12 AM -03 Build Host: builder7.koozali.org
Group : Networking/Daemons Source RPM: e-smith-samba-2.4.0-24.el6.sme.src.rpm
Size : 74900 License: GPL
Signature : DSA/SHA1, Fri 24 Mar 2017 07:51:31 PM -03, Key ID 3d7205081e9c9308
Packager : Contribs.org <http://contribs.org>
Summary : e-smith specific Samba configuration files and templates
Description :
Configuration files and templates for the Samba daemon.
Not sure what´s new on .26 but I´m sure I´ll avoid .27 version again!
Could someone remove the .27 version from repository to avoid problems to others ?
-
MMCARN you can PM and give a account number: I´d like to pay for your help
If you insist, make a donation to koozali (http://forums.contribs.org/index.php?action=profile;area=subscriptions)...
looks like I´m on 27 version:
Yes; that was in the list of updates from your first post.
I downgraded my server (since I don't use samba...) and compared the templates between 2.4.0-24 and 2.4.0-27.
The only changed smb.conf templates are 11maxProtocol and 11smbPorts. I think 11maxProtocol was changed in 2.4.0-25 or 2.4.0-26.
If you run into any problems with 2.4.0.24 related to 'min protocol' or 'max protocol' (the parameters set by 11maxProtocol) your system might work ok if you re-install v2.0.4-27, then create a custom template for 11smbPorts with the old content:
mkdir -p /etc/e-smith/templates-custom/etc/smb.conf/
cd /etc/e-smith/templates-custom/etc/smb.conf/
echo '{
my $smb_ports = $smb{SMBPorts} || 139;
"smb ports = $smb_ports";
}' > 11smbPorts
expand-template /etc/samba/smb.conf
sv t smbd
sv t nmbd
Revert this customization using:
'rm' -f /etc/e-smith/templates-custom/etc/smb.conf/11smbPorts
expand-template /etc/samba/smb.conf
sv t smbd
sv t nmbd
While working on this I noticed that the samba templates are looking for config:smb:SMBPorts. I don't know how this interacts with config:smbd:TCPPorts, which controls the firewall - what would happen, for example, if the updated smb.conf uses port 445, but the firewall is blocking that traffic?
Here are my related config db settings:
* there is no entry for 'SMBPorts', which applies the default output - 'smb ports 139 445' in the new fragment, 'smb ports 139' in the old fragment.
# config show smb
smb=service
DeadTime=10080
KeepVersions=enabled
OpLocks=enabled
OsLevel=35
RecycleBin=enabled
RoamingProfiles=no
ServerName=office
ServerRole=PDC
ShadowCount=10
ShadowDir=/home/e-smith/files/.shadow
UnixCharSet=UTF8
UseClientDriver=yes
Workgroup=mmsi
status=enabled
* I'm showing "TCPPorts=139,445", but I don't know if that is a default set by SME at some point, or if I set it manually...
# config show smbd
smbd=service
TCPPorts=139,445
access=private
status=enabled
-
I worked for 6h before your suggestion. I was so tired I didn´t see the SAMBA update even when saw BIND!
So I´ll donate to Koozali fundation as per your request and PM you about it!
Here are my config:
[root@andorinha ~]# config show smb
smb=service
DeadTime=10080
KeepVersions=disabled
LogonDrive=P
OpLocks=false
OsLevel=95
RecycleBin=disabled
RoamingProfiles=no
ServerName=servidor
ServerRole=PDC
ServerString=Servidor Linux da Antinsect
ShadowCount=10
ShadowDir=/home/e-smith/files/.shadow
UnixCharSet=UTF8
UseClientDriver=yes
VetoOplockFiles=/*.mdb/*.MDB/*.dbf/*.DBF
Workgroup=empresa
status=enabled
[root@andorinha ~]# config show smbd
smbd=service
TCPPorts=139,445
access=private
status=enabled
About version of SMB 1/2/3, that´s a lot to understand and today I´m on a hell of problems. So I´ll think about it later this or next week. I have no lab/VM for testing right now!
-
You can add db config settinsg to force smb1 for the sme9.2 server, security is not as good.
[root@sme92x64 ~]# config setprop smb ServerMinProtocol SMB1
smb=service
DeadTime=10080
KeepVersions=disabled
OpLocks=enabled
OsLevel=35
RecycleBin=disabled
RoamingProfiles=no
ServerMinProtocol=SMB1
ServerName=sme92x64
ServerRole=WS
ShadowCount=10
ShadowDir=/home/e-smith/files/.shadow
UnixCharSet=UTF8
UseClientDriver=yes
Workgroup=xxxx
status=enabled
This update defaults to using smb2 unless other mods to system had been used. This was done to accommodate windows 10 latest updates having smb1 disabled, updated samba facilitates smb2 and above
The utility WSDD overcomes issues with smb1 disabled and browsing shares etc..see forum discussions
Added later: above is with latest e-smith-samba v2.0.4-27
-
There is more to the update than just the smb protocol, see the comments in the Bug 10970 also comments in sme10 Bug 10963.
WSDD is a great tool allowing sme9.2 to have smb1 dumped and still having browsing and shares visible..see https://github.com/christgau/wsdd - you will need to sort it yourself, only a sme10 contrib https://wiki.contribs.org/Smeserver-wsdd
There is also a discussion on the forums re its use