Latest updates broke Samba

Archived topics about LMDE 1
Forum rules
Jugene
Level 1
Level 1
Posts: 9
Joined: Mon Apr 11, 2016 3:42 am

Re: Latest updates broke Samba

Postby Jugene » Thu Apr 21, 2016 5:28 am

Polymorph wrote:
It was necessary to prescribe the most netbiosname


Would you please explain. What do I have to do?



[global]
netbios name = Jugene

bigbenaugust
Level 3
Level 3
Posts: 107
Joined: Wed Dec 07, 2011 2:46 pm
Location: the 919

Re: Latest updates broke Samba

Postby bigbenaugust » Thu Apr 21, 2016 10:59 am

I did try setting the netbios name in smbclient and it did not help the issue.
--Ben

bigbenaugust
Level 3
Level 3
Posts: 107
Joined: Wed Dec 07, 2011 2:46 pm
Location: the 919

Re: Latest updates broke Samba

Postby bigbenaugust » Fri Apr 22, 2016 11:09 am

It is interesting to note that the Debian Security update for samba (4.2.10) is labeled as "do not use" at samba.org.
--Ben

JayBird707
Level 2
Level 2
Posts: 69
Joined: Sat Jan 30, 2016 9:56 pm

Re: Latest updates broke Samba

Postby JayBird707 » Fri Apr 22, 2016 6:17 pm

I added my network storage to fstab to work around the issue. Had to change settings in several apps. I'm just surprised that it's been a week and no resolution.
Dell Studio 1737 - Intel(R) Core(TM)2 Duo CPU T6570 @ 2.10GHz; 8GiB RAM
Kernel : Linux 4.4.0-57-generic (x86_64) Distribution: Linux Mint 18 Sarah: XFCE 4
HDA-Intel - HDA ATI HDMI

Polymorph
Level 1
Level 1
Posts: 22
Joined: Tue Jan 31, 2012 8:11 pm
Location: NSW, Australia

Re: Latest updates broke Samba

Postby Polymorph » Fri Apr 22, 2016 11:42 pm

I guess I will just wait for a bug fix to arrive - hopefully soon.

Until then it will have to be the old Sneaker Net!

JayBird707
Level 2
Level 2
Posts: 69
Joined: Sat Jan 30, 2016 9:56 pm

Re: Latest updates broke Samba

Postby JayBird707 » Sat Apr 23, 2016 7:27 pm

I'm really getting bummed. It seems like every time I reboot the last work around doesn't work any more. Does anyone have any news?
Dell Studio 1737 - Intel(R) Core(TM)2 Duo CPU T6570 @ 2.10GHz; 8GiB RAM
Kernel : Linux 4.4.0-57-generic (x86_64) Distribution: Linux Mint 18 Sarah: XFCE 4
HDA-Intel - HDA ATI HDMI

bigbenaugust
Level 3
Level 3
Posts: 107
Joined: Wed Dec 07, 2011 2:46 pm
Location: the 919

Re: Latest updates broke Samba

Postby bigbenaugust » Mon Apr 25, 2016 10:46 am

JayBird707 wrote:I'm really getting bummed. It seems like every time I reboot the last work around doesn't work any more. Does anyone have any news?


I have contacted our storage team downstairs to see what I'm generating on the appliance end. Maybe that will help me figure out what to change on this end.
--Ben

JayBird707
Level 2
Level 2
Posts: 69
Joined: Sat Jan 30, 2016 9:56 pm

Re: Latest updates broke Samba

Postby JayBird707 » Mon Apr 25, 2016 11:13 am

Look at the post "Lost networking to windows after Samba updates 4-18-2016" see Xenopeek's advice on rolling back. I think the date was April 24. He included a script that got me back in business. Make sure t read the next few posts don't update Samba or ldb after applying the fix.
Dell Studio 1737 - Intel(R) Core(TM)2 Duo CPU T6570 @ 2.10GHz; 8GiB RAM
Kernel : Linux 4.4.0-57-generic (x86_64) Distribution: Linux Mint 18 Sarah: XFCE 4
HDA-Intel - HDA ATI HDMI

bigbenaugust
Level 3
Level 3
Posts: 107
Joined: Wed Dec 07, 2011 2:46 pm
Location: the 919

Re: Latest updates broke Samba

Postby bigbenaugust » Mon Apr 25, 2016 12:17 pm

Running smbclient with a debug level of 10 gets me this down at the end:

Code: Select all

Starting GENSEC mechanism spnego
Starting GENSEC submechanism ntlmssp
     negotiate: struct NEGOTIATE_MESSAGE
        Signature                : 'NTLMSSP'
        MessageType              : NtLmNegotiate (1)
        NegotiateFlags           : 0x62088215 (1644724757)
               1: NTLMSSP_NEGOTIATE_UNICODE
               0: NTLMSSP_NEGOTIATE_OEM   
               1: NTLMSSP_REQUEST_TARGET   
               1: NTLMSSP_NEGOTIATE_SIGN   
               0: NTLMSSP_NEGOTIATE_SEAL   
               0: NTLMSSP_NEGOTIATE_DATAGRAM
               0: NTLMSSP_NEGOTIATE_LM_KEY
               0: NTLMSSP_NEGOTIATE_NETWARE
               1: NTLMSSP_NEGOTIATE_NTLM   
               0: NTLMSSP_NEGOTIATE_NT_ONLY
               0: NTLMSSP_ANONYMOUS       
               0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
               0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
               0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
               1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
               0: NTLMSSP_TARGET_TYPE_DOMAIN
               0: NTLMSSP_TARGET_TYPE_SERVER
               0: NTLMSSP_TARGET_TYPE_SHARE
               1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
               0: NTLMSSP_NEGOTIATE_IDENTIFY
               0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
               0: NTLMSSP_NEGOTIATE_TARGET_INFO
               1: NTLMSSP_NEGOTIATE_VERSION
               1: NTLMSSP_NEGOTIATE_128   
               1: NTLMSSP_NEGOTIATE_KEY_EXCH
               0: NTLMSSP_NEGOTIATE_56     
        DomainNameLen            : 0x0000 (0)
        DomainNameMaxLen         : 0x0000 (0)
        DomainName               : *
            DomainName               : ''
        WorkstationLen           : 0x0000 (0)
        WorkstationMaxLen        : 0x0000 (0)
        Workstation              : *
            Workstation              : ''
        Version: struct ntlmssp_VERSION
            ProductMajorVersion      : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6)
            ProductMinorVersion      : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1)
            ProductBuild             : 0x0000 (0)
            Reserved: ARRAY(3)
                [0]                      : 0x00 (0)
                [1]                      : 0x00 (0)
                [2]                      : 0x00 (0)
            NTLMRevisionCurrent      : NTLMSSP_REVISION_W2K3 (15)
Got challenge flags:
Got NTLMSSP neg_flags=0x60898205
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_TARGET_TYPE_DOMAIN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_TARGET_INFO
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
ntlmssp_handle_neg_flags: Got challenge flags[0x60898205] - possible downgrade detected! missing_flags[0x00000010] - NT code 0x80090302
  NTLMSSP_NEGOTIATE_SIGN
neg_flags[0x62088205]
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
SPNEGO(ntlmssp) login failed: NT code 0x80090302
SPNEGO login failed: NT code 0x80090302
session setup failed: NT code 0x80090302


After the updates, Samba is failing the security negotiation... somewhere.
--Ben

Polymorph
Level 1
Level 1
Posts: 22
Joined: Tue Jan 31, 2012 8:11 pm
Location: NSW, Australia

Re: Latest updates broke Samba

Postby Polymorph » Mon Apr 25, 2016 9:45 pm

I still cannot get my network to work since the last update.

Does anyone have a solution please.

Is there any other method of networking than Samba?

TIA

sepiamint
Level 1
Level 1
Posts: 1
Joined: Tue Apr 26, 2016 7:41 am

Re: Latest updates broke Samba

Postby sepiamint » Tue Apr 26, 2016 8:12 am

Ahoi mate(ys),

Beside no working samba shares the "system-config-samba" client did not start. I found out this was because in the

/etc/samba/smb.conf

"security =" was set to server. comment it out or change to:
"security = user"

    Edit: I have seen this is already known in this thread, my bad

Now the client should start again. I don't know if the "server" setting is deprecated or its just a bug (IMHO it is, the config client should start nevertheless).
When set to "user" you have to add your clients, or more insecure allow guests, add "nobody" and link it to the guest account.

And remember to restart (at least the samba services). It may take some time till the clients got the word.

That worked for me, but i don't know if it works for others. No guarantee nor refund.

p.s. blocking the update maybe is no good idea, as there were security fixes.


bigbenaugust
Level 3
Level 3
Posts: 107
Joined: Wed Dec 07, 2011 2:46 pm
Location: the 919

Re: Latest updates broke Samba

Postby bigbenaugust » Tue Apr 26, 2016 10:34 am

After getting into it with our Storage team and reviewing some RHEL and NetApp docs, it looks like the latest Samba is being more rigid about enforcing packet signing then the server (or appliance) is. The server is trying to negotiate for a downgrade in protocol and Samba isn't allowing it (could be construed as a MITM attack, I suppose) and there is no way currently to make that happen.

So we're still working on it. :)
--Ben

Polymorph
Level 1
Level 1
Posts: 22
Joined: Tue Jan 31, 2012 8:11 pm
Location: NSW, Australia

Re: Latest updates broke Samba

Postby Polymorph » Wed May 11, 2016 8:49 pm

Any further news on when Samba networking will be working again?

It has been nearly three weeks now.

Alan

bigbenaugust
Level 3
Level 3
Posts: 107
Joined: Wed Dec 07, 2011 2:46 pm
Location: the 919

Re: Latest updates broke Samba

Postby bigbenaugust » Wed May 18, 2016 9:29 am

The bug has been resolved upstream. So on our RHEL servers where we actually needed smbclient, we've compiled the latest source and dropped it in /usr/local/bin so we can keep those jobs running.

Now, how long the upstream fix is going to take to get to Debian... who knows.
--Ben

Polymorph
Level 1
Level 1
Posts: 22
Joined: Tue Jan 31, 2012 8:11 pm
Location: NSW, Australia

Re: Latest updates broke Samba

Postby Polymorph » Wed May 25, 2016 2:50 am

Is there any further news on Samba? I still cannot network any of my four computers.

I am considering installing Windows 10 onto two of them since I desperately need a network. But I consider this a backward step.

Any ideas?

bigbenaugust
Level 3
Level 3
Posts: 107
Joined: Wed Dec 07, 2011 2:46 pm
Location: the 919

Re: Latest updates broke Samba

Postby bigbenaugust » Wed May 25, 2016 9:33 am

I would say compile the latest and install to /usr/local or /opt/local if you can. Otherwise, look at using mount.cifs and mounting the shares instead of using smbclient.
--Ben


Return to “Archive”

Who is online

Users browsing this forum: No registered users and 1 guest