Latest updates broke Samba

Archived topics about LMDE 1 and LMDE 2
Jugene

Re: Latest updates broke Samba

Post by Jugene »

Polymorph wrote:
It was necessary to prescribe the most netbiosname
Would you please explain. What do I have to do?

[global]
netbios name = Jugene
bigbenaugust

Re: Latest updates broke Samba

Post by bigbenaugust »

I did try setting the netbios name in smbclient and it did not help the issue.
bigbenaugust

Re: Latest updates broke Samba

Post by bigbenaugust »

It is interesting to note that the Debian Security update for samba (4.2.10) is labeled as "do not use" at samba.org.
User avatar
JayBird707
Level 3
Level 3
Posts: 126
Joined: Sat Jan 30, 2016 9:56 pm

Re: Latest updates broke Samba

Post by JayBird707 »

I added my network storage to fstab to work around the issue. Had to change settings in several apps. I'm just surprised that it's been a week and no resolution.
ASRock H470M-ITX/ac Home Build on Linux Mint Cinnamon!
Dell Studio 1737 Laptop, HP6300 SFF Desktop, Intel NUC NUC7CJYH Mini All on Linux Mint XFCE!
Image
Polymorph
Level 1
Level 1
Posts: 24
Joined: Tue Jan 31, 2012 8:11 pm
Location: NSW, Australia

Re: Latest updates broke Samba

Post by Polymorph »

I guess I will just wait for a bug fix to arrive - hopefully soon.

Until then it will have to be the old Sneaker Net!
User avatar
JayBird707
Level 3
Level 3
Posts: 126
Joined: Sat Jan 30, 2016 9:56 pm

Re: Latest updates broke Samba

Post by JayBird707 »

I'm really getting bummed. It seems like every time I reboot the last work around doesn't work any more. Does anyone have any news?
ASRock H470M-ITX/ac Home Build on Linux Mint Cinnamon!
Dell Studio 1737 Laptop, HP6300 SFF Desktop, Intel NUC NUC7CJYH Mini All on Linux Mint XFCE!
Image
bigbenaugust

Re: Latest updates broke Samba

Post by bigbenaugust »

JayBird707 wrote:I'm really getting bummed. It seems like every time I reboot the last work around doesn't work any more. Does anyone have any news?
I have contacted our storage team downstairs to see what I'm generating on the appliance end. Maybe that will help me figure out what to change on this end.
User avatar
JayBird707
Level 3
Level 3
Posts: 126
Joined: Sat Jan 30, 2016 9:56 pm

Re: Latest updates broke Samba

Post by JayBird707 »

Look at the post "Lost networking to windows after Samba updates 4-18-2016" see Xenopeek's advice on rolling back. I think the date was April 24. He included a script that got me back in business. Make sure t read the next few posts don't update Samba or ldb after applying the fix.
ASRock H470M-ITX/ac Home Build on Linux Mint Cinnamon!
Dell Studio 1737 Laptop, HP6300 SFF Desktop, Intel NUC NUC7CJYH Mini All on Linux Mint XFCE!
Image
bigbenaugust

Re: Latest updates broke Samba

Post by bigbenaugust »

Running smbclient with a debug level of 10 gets me this down at the end:

Code: Select all

Starting GENSEC mechanism spnego
Starting GENSEC submechanism ntlmssp
     negotiate: struct NEGOTIATE_MESSAGE
        Signature                : 'NTLMSSP'
        MessageType              : NtLmNegotiate (1)
        NegotiateFlags           : 0x62088215 (1644724757)
               1: NTLMSSP_NEGOTIATE_UNICODE
               0: NTLMSSP_NEGOTIATE_OEM    
               1: NTLMSSP_REQUEST_TARGET   
               1: NTLMSSP_NEGOTIATE_SIGN   
               0: NTLMSSP_NEGOTIATE_SEAL   
               0: NTLMSSP_NEGOTIATE_DATAGRAM
               0: NTLMSSP_NEGOTIATE_LM_KEY 
               0: NTLMSSP_NEGOTIATE_NETWARE
               1: NTLMSSP_NEGOTIATE_NTLM   
               0: NTLMSSP_NEGOTIATE_NT_ONLY
               0: NTLMSSP_ANONYMOUS        
               0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
               0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
               0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
               1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
               0: NTLMSSP_TARGET_TYPE_DOMAIN
               0: NTLMSSP_TARGET_TYPE_SERVER
               0: NTLMSSP_TARGET_TYPE_SHARE
               1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
               0: NTLMSSP_NEGOTIATE_IDENTIFY
               0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
               0: NTLMSSP_NEGOTIATE_TARGET_INFO
               1: NTLMSSP_NEGOTIATE_VERSION
               1: NTLMSSP_NEGOTIATE_128    
               1: NTLMSSP_NEGOTIATE_KEY_EXCH
               0: NTLMSSP_NEGOTIATE_56     
        DomainNameLen            : 0x0000 (0)
        DomainNameMaxLen         : 0x0000 (0)
        DomainName               : *
            DomainName               : ''
        WorkstationLen           : 0x0000 (0)
        WorkstationMaxLen        : 0x0000 (0)
        Workstation              : *
            Workstation              : ''
        Version: struct ntlmssp_VERSION
            ProductMajorVersion      : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6)
            ProductMinorVersion      : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1)
            ProductBuild             : 0x0000 (0)
            Reserved: ARRAY(3)
                [0]                      : 0x00 (0)
                [1]                      : 0x00 (0)
                [2]                      : 0x00 (0)
            NTLMRevisionCurrent      : NTLMSSP_REVISION_W2K3 (15)
Got challenge flags:
Got NTLMSSP neg_flags=0x60898205
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_TARGET_TYPE_DOMAIN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_TARGET_INFO
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
ntlmssp_handle_neg_flags: Got challenge flags[0x60898205] - possible downgrade detected! missing_flags[0x00000010] - NT code 0x80090302
  NTLMSSP_NEGOTIATE_SIGN
neg_flags[0x62088205]
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
SPNEGO(ntlmssp) login failed: NT code 0x80090302
SPNEGO login failed: NT code 0x80090302
session setup failed: NT code 0x80090302
After the updates, Samba is failing the security negotiation... somewhere.
Polymorph
Level 1
Level 1
Posts: 24
Joined: Tue Jan 31, 2012 8:11 pm
Location: NSW, Australia

Re: Latest updates broke Samba

Post by Polymorph »

I still cannot get my network to work since the last update.

Does anyone have a solution please.

Is there any other method of networking than Samba?

TIA
sepiamint

Re: Latest updates broke Samba

Post by sepiamint »

Ahoi mate(ys),

Beside no working samba shares the "system-config-samba" client did not start. I found out this was because in the

/etc/samba/smb.conf

"security =" was set to server. comment it out or change to:
"security = user"
  • Edit: I have seen this is already known in this thread, my bad
Now the client should start again. I don't know if the "server" setting is deprecated or its just a bug (IMHO it is, the config client should start nevertheless).
When set to "user" you have to add your clients, or more insecure allow guests, add "nobody" and link it to the guest account.

And remember to restart (at least the samba services). It may take some time till the clients got the word.

That worked for me, but i don't know if it works for others. No guarantee nor refund.

p.s. blocking the update maybe is no good idea, as there were security fixes.
bigbenaugust

Re: Latest updates broke Samba

Post by bigbenaugust »

After getting into it with our Storage team and reviewing some RHEL and NetApp docs, it looks like the latest Samba is being more rigid about enforcing packet signing then the server (or appliance) is. The server is trying to negotiate for a downgrade in protocol and Samba isn't allowing it (could be construed as a MITM attack, I suppose) and there is no way currently to make that happen.

So we're still working on it. :)
Polymorph
Level 1
Level 1
Posts: 24
Joined: Tue Jan 31, 2012 8:11 pm
Location: NSW, Australia

Re: Latest updates broke Samba

Post by Polymorph »

Any further news on when Samba networking will be working again?

It has been nearly three weeks now.

Alan
bigbenaugust

Re: Latest updates broke Samba

Post by bigbenaugust »

The bug has been resolved upstream. So on our RHEL servers where we actually needed smbclient, we've compiled the latest source and dropped it in /usr/local/bin so we can keep those jobs running.

Now, how long the upstream fix is going to take to get to Debian... who knows.
Polymorph
Level 1
Level 1
Posts: 24
Joined: Tue Jan 31, 2012 8:11 pm
Location: NSW, Australia

Re: Latest updates broke Samba

Post by Polymorph »

Is there any further news on Samba? I still cannot network any of my four computers.

I am considering installing Windows 10 onto two of them since I desperately need a network. But I consider this a backward step.

Any ideas?
bigbenaugust

Re: Latest updates broke Samba

Post by bigbenaugust »

I would say compile the latest and install to /usr/local or /opt/local if you can. Otherwise, look at using mount.cifs and mounting the shares instead of using smbclient.
Locked

Return to “LMDE Archive”