Ubuntu
samba package

samba server requires smbpasswd -a user constantly

Bug #566560 reported by Martin Waldenvik
36
This bug affects 6 people
Affects Status Importance Assigned to Milestone
samba (Ubuntu)
Invalid
Medium
Unassigned

Bug Description

Binary package hint: samba

I installed an ubuntu server edition (lucid beta, lastest updates applied) for my nas and used my old smb.conf from gentoo, used it for years in different setups and different distributions. What happens is that i cannot connect from my windows7 machine. When i do: sudo smbpasswd -a user it works for a while. But later i have to do it all over again.

dpkg-query -W -f='${Package} ${Version} ${Source} ${Status}\n' | grep samba:

libpam-smbpass 2:3.4.7~dfsg-1ubuntu3 samba install ok installed
libsmbclient 2:3.4.7~dfsg-1ubuntu3 samba install ok installed
libwbclient0 2:3.4.7~dfsg-1ubuntu3 samba install ok installed
samba 2:3.4.7~dfsg-1ubuntu3 install ok installed
samba-common 2:3.4.7~dfsg-1ubuntu3 samba install ok installed
samba-common-bin 2:3.4.7~dfsg-1ubuntu3 samba install ok installed
samba-doc 2:3.4.7~dfsg-1ubuntu3 samba install ok installed
smbclient 2:3.4.7~dfsg-1ubuntu3 samba install ok installed
smbfs 2:3.4.7~dfsg-1ubuntu3 samba install ok installed
winbind 2:3.4.7~dfsg-1ubuntu3 samba install ok installed

lsb_release -rd
Description: Ubuntu lucid (development branch)
Release: 10.04

Revision history for this message
Martin Waldenvik (waldenvik) wrote :
summary: - samba server requires a new smbpasswd -a user constantly
+ samba server requires smbpasswd -a user constantly
Revision history for this message
Martin Waldenvik (waldenvik) wrote :
Revision history for this message
Chuck Short (zulcss) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. Unfortunately we can't fix it without more information.

Please include the information requested at https://wiki.ubuntu.com/DebuggingSamba#samba-client.

Changed in samba (Ubuntu):
importance: Undecided → Low
status: New → Incomplete
Revision history for this message
Martin Waldenvik (waldenvik) wrote :

I'm not using linux to connect to my samba server but usually windows7, using nfs for linux and afp for mac. But i tried from my ubuntu desktop. At first it worked and later i got with smbclient //192.168.0.10/egklemata: session setup failed: NT_STATUS_LOGON_FAILURE. A new sudo smbpasswd -a user and i got: Domain=[KOINONIA] OS=[Unix] Server=[Samba 3.4.7]
smb: \>
I can't understand why this happens

Revision history for this message
Chuck Short (zulcss) wrote :

So you are having this problem when connecting t Windows 7?

Revision history for this message
Martin Waldenvik (waldenvik) wrote :

I'm having this problem when connecting from my windows 7 machine to my ubuntu server as stated initially. Yesterday i reseted my smb.conf file. Same error, when trying to connect to ubuntu server from either windows 7 or imac (usually uses afp) i have to enter username/password which never work, when i do a new smbpasswd it works as it should for a while.

Revision history for this message
Carl Nelvig (leskinen) wrote :

I have this very same problem which seems to have started after upgrading from Ubuntu server 9.10 to 10.04 LTS.
Two users on my windows7 machine both connecting to network shares on my Ubuntu server. One of them always manages to connect, the other sometimes managed to connect but every now and then, the samba user seems to not exist

Both users use the same login script in windows consisting of:

net use l: /delete
net use l: \\192.168.1.98\data

When it doesn't work, I get this message in the login script:
"The password or user name is invalid for \\192.168.1.98\data."

The workaround is to log into ubuntu, perform a sudo smbpasswd -a and then run the script again which now works perfectly... (for a while)

Looking at my log files (/var/log/samba/log.xxx) I get the following error message when it doesn't work:
[2010/05/09 16:24:55, 0] lib/util_sock.c:539(read_fd_with_timeout)
[2010/05/09 16:24:55, 0] lib/util_sock.c:1491(get_peer_addr_internal)
  getpeername failed. Error was Transport endpoint is not connected
  read_fd_with_timeout: client 0.0.0.0 read error = Connection reset by peer.

After re-adding the same user in ubuntu with smbpasswd using the same password and running the script again, I get this message when it works:
[2010/05/09 16:33:18, 1] smbd/service.c:1063(make_connection_snum)
  dumleburken (192.168.1.123) connect to service data initially as user carl (uid=1000, gid=116) (pid 1566)

Anyone got any idea what could be wrong? Let me know what kind of further information you need from me

Revision history for this message
rolfy (rolfy-rolfy) wrote :

I'm having this problem, connecting smbclient connections, or linux (gnome browser) connections or vista connections, so i dont really think it's windows 7 specific...

Revision history for this message
rolfy (rolfy-rolfy) wrote :

Okay, i've been pulling my hair out (there's not much left either, but i digress)...

I started from a very blank smb.conf for one...

I noticed that in gnome now if i restart samba, i have to disconnect and reconnect the drive otherwise i get an error saying:
Could not open location 'smb://MACHINE/PATH'
no data available

work around for that issue (if it is a new issue) is to disconnect and reconnect the mount (linux at least - haven't tried windows, hope you don't have to do that there).
==============
$ testparm -s /etc/samba/smb.conf
Load smb config files from /etc/samba/smb.conf
rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Loaded services file OK.
Server role: ROLE_STANDALONE
[global]
        server string = Samba Server
        log file = /var/log/samba/log.%m
        max log size = 50
        unix extensions = No
        dns proxy = No
        wide links = Yes

[homes]
        comment = Home Directories
        read only = No
        browseable = No
        browsable = No

[printers]
        comment = All Printers
        path = /usr/spool/samba
        printable = Yes
        browseable = No
        browsable = No
==================

even with that (which is pretty much empty!) if i restart the service, sometimes i get 'Password required' prompt for a drive i've already remembered the password to...

once its in that state, smbclient does:
smbclient -L \\\\MACHINE -U rolfy
Enter rolfy's password:
session setup failed: NT_STATUS_LOGON_FAILURE

log.CLIENT has:
=======
[2010/05/12 21:05:28, 1] smbd/service.c:676(make_connection_snum)
  create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
[2010/05/12 21:05:28, 1] smbd/service.c:1063(make_connection_snum)
  merlin (192.168.1.15) connect to service rolfy initially as user rolfy (uid=1001, gid=1001) (pid 8251)
[2010/05/12 21:08:17, 1] smbd/service.c:1240(close_cnum)
  merlin (192.168.1.15) closed connection to service rolfy
[2010/05/12 21:08:26, 1] smbd/service.c:676(make_connection_snum)
  create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
[2010/05/12 21:08:58, 1] smbd/service.c:676(make_connection_snum)
  create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
========
log.smbd has
========
[2010/05/12 21:08:17, 0] smbd/server.c:1069(main)
  smbd version 3.4.7 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2009
[2010/05/12 21:08:17, 0] smbd/server.c:1115(main)
  standard input is not a socket, assuming -D option
========
syslog and daemon.log basically has just the 'assuming -D option' message

did a grep in /var/lib/samba, and passdb.tbd does contain my username... so i enabled the user with smbpasswd -e, but that didn't help.

I then added, and it's good to go again....

I'm not sure if this gives more information than was already here, but hopefully it stops someone else taking these same steps...

Revision history for this message
rolfy (rolfy-rolfy) wrote :

i'm not sure how this can be marked as low....

anyway, to 'work around' my problem, i've basically built samba 3.5.2 off their site, and it's now working perfectly. Just in case anyone was wondering...

It's a stuff around (i had to specify a lot of command flags and change some bits and pieces) but at least i can now use samba again, and it looks like this ticket is going nowhere, so i guess it's a good thing i know how to build things!

Revision history for this message
Martin Waldenvik (waldenvik) wrote : Re: [Bug 566560] Re: samba server requires smbpasswd -a user constantly

I reinstalled my old funtoo from a clonezeilla image, since nothing happened.

Martin

On Sat, May 15, 2010 at 02:52, rolfy <email address hidden> wrote:
> i'm not sure how this can be marked as low....
>
> anyway, to 'work around' my problem, i've basically built samba 3.5.2
> off their site, and it's now working perfectly.  Just in case anyone was
> wondering...
>
> It's a stuff around (i had to specify a lot of command flags and change
> some bits and pieces) but at least i can now use samba again, and it
> looks like this ticket is going nowhere, so i guess it's a good thing i
> know how to build things!
>
> --
> samba server requires smbpasswd -a user constantly
> https://bugs.launchpad.net/bugs/566560
> You received this bug notification because you are a direct subscriber
> of the bug.
>

Revision history for this message
rolfy (rolfy-rolfy) wrote :

*sigh* i have to make a correction. The latest samba had no change.

It appears pretty much every time the user wants to connect again (computer goes into standby, they willingly disconnect etc) their account needs to be re-enabled :|

my current workaround is turning samba to no password and just cronning up a script to set no password on an account often.

The other fix is using that pdbedit program and setting the account to never expires and no password, and then it also lets people login.

I really hope not many people are getting this issue... I hate public shares and am really worried about this bug, but dont have time to troubleshoot it...

Revision history for this message
Thierry Carrez (ttx) wrote :

Could you set "log level = 9" and attach the log from a session where is fails (before running smbpasswd -a to unblock it).

It looks like a corruption of the passwd.tdb where is would refuse the login after a given time. Any logic in when the problem triggers ? At the first reconnection, after a reboot of the server, after N days ? Is smbpasswd -a all it takes to unblock it, or do you have to restart the server as well ?

Changed in samba (Ubuntu):
importance: Low → Medium
Revision history for this message
rolfy (rolfy-rolfy) wrote :

I'll try to get a time where my wifes not using the network to turn user access back on to trace, or maybe install a VM to see if it happens there too...

Basically i could fairly reliably get it to happen by:

 - smbpasswd -a
 - map a network drive to my server (home drive or user access drive) (save password)
 - after about 10 minutes (not sure the exact time, but wasn't a long time), disconnect that drive (in gnome just click eject)
 - reconnect to the drive, and you get prompted for a password (shouldn't!)

After that point, no matter what i do I can't reconnect until I run a command to unlock the account, or set to no password, basically anything that would re-write the password entry i think, but i've never looked at the code, so i can't confirm this.

Revision history for this message
Timbba (timbba) wrote :
Download full text (7.0 KiB)

Here are some logs:

[2010/06/05 06:05:59, 3] auth/auth.c:222(check_ntlm_password)
  check_ntlm_password: Checking password for unmapped user [COMPUTER]\[user1]@[COMPUTER] with the new password interface
[2010/06/05 06:05:59, 3] auth/auth.c:225(check_ntlm_password)
  check_ntlm_password: mapped user is: [SERVER]\[user1]@[COMPUTER]
[2010/06/05 06:05:59, 5] ../lib/util/util.c:304(_dump_data)
  [0000] 44 6F 14 6F C8 66 C6 38 Do.o.f.8
[2010/06/05 06:05:59, 8] lib/util.c:1879(is_myname)
  is_myname("SERVER") returns 1
[2010/06/05 06:05:59, 3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2010/06/05 06:05:59, 3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2010/06/05 06:05:59, 3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/06/05 06:05:59, 5] auth/token_util.c:522(debug_nt_user_token)
  NT user token: (NULL)
[2010/06/05 06:05:59, 5] auth/token_util.c:548(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2010/06/05 06:05:59, 4] lib/substitute.c:504(automount_server)
  Home server: server
[2010/06/05 06:05:59, 4] lib/substitute.c:504(automount_server)
  Home server: server
[2010/06/05 06:05:59, 3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2010/06/05 06:05:59, 3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2010/06/05 06:05:59, 3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2010/06/05 06:05:59, 5] auth/token_util.c:522(debug_nt_user_token)
  NT user token: (NULL)
[2010/06/05 06:05:59, 5] auth/token_util.c:548(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2010/06/05 06:05:59, 3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/06/05 06:05:59, 3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2010/06/05 06:05:59, 3] smbd/uid.c:428(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 1
[2010/06/05 06:05:59, 3] smbd/sec_ctx.c:310(set_sec_ctx)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2010/06/05 06:05:59, 5] auth/token_util.c:522(debug_nt_user_token)
  NT user token: (NULL)
[2010/06/05 06:05:59, 5] auth/token_util.c:548(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2010/06/05 06:05:59, 3] smbd/sec_ctx.c:418(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2010/06/05 06:05:59, 5] lib/username.c:133(Get_Pwnam_alloc)
  Finding user user1
[2010/06/05 06:05:59, 5] lib/username.c:77(Get_Pwnam_internals)
  Trying _Get_Pwnam(), username as lowercase is user1
[2010/06/05 06:05:59, 5] lib/username.c:110(Get_Pwnam_internals)
  Get_Pwnam_internals did find user [user1]!
[2010/06/05 06:05:59, 5] passdb/lookup_sid.c:1378(gid_to_sid)
  gid_to_sid: winbind failed to find a sid for gid 1000
[2010/06/05 06:05:59, 3] smbd/sec_ctx.c:210(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2010/06/05 06:05:59, 3] smbd/uid.c:428(push_conn_ctx)
  push_con...

Read more...

Revision history for this message
Timbba (timbba) wrote :

Adding:
My Samba shares always stop working after shutting down the computer. After every boot, I have to readd the user "sudo smbpasswd -a ...." and restart the smbd service. Then it works, but it should work automatically!

Revision history for this message
Timbba (timbba) wrote :

I thought that these lines were the problem:
[2010/06/05 06:05:59, 5] auth/token_util.c:522(debug_nt_user_token)
  NT user token: (NULL)
[2010/06/05 06:05:59, 5] auth/token_util.c:548(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups

But actually they are not a problem. Here are full logs:
- error.log : after boot --> samba fails
- success.log : after readding user using smbpasswd and restarting smbd service --> samba works

Revision history for this message
Timbba (timbba) wrote :
Revision history for this message
Thierry Carrez (ttx) wrote :

All: I would rate this high if only I was reproducing it. I'm not. I can connect to shares after a reboot, without having to do smbpasswd -a again. So I suspect something more specific.

@Martin: if I understand correctly, you add the user (and set a password) using "smbpasswd -a". Is the password you use here the same as the Unix password used to login as the user on the samba server, or is it different ?

libpam-smbpass, which is installed on your samba server, ensures synchronization of passwords at every login. Suppose you use "secretknock" as the unix password for user "foo" on the server. If you run "sudo smbpasswd -a foo" and set "sk" as the SMB password, it will work for a while... until you log in to the server as user "foo" again, at which point the SMB password for foo will automatically be set to "secretknock".

Revision history for this message
Martin Waldenvik (waldenvik) wrote :

Hi

I use my windows password to connect to samba (easier, i think) and
use a different password to login to ubuntu, same username though.

Martin

On Mon, Jun 7, 2010 at 13:58, Thierry Carrez <email address hidden> wrote:
> All: I would rate this high if only I was reproducing it. I'm not. I can
> connect to shares after a reboot, without having to do smbpasswd -a
> again. So I suspect something more specific.
>
> @Martin: if I understand correctly, you add the user (and set a
> password) using "smbpasswd -a". Is the password you use here the same as
> the Unix password used to login as the user on the samba server, or is
> it different ?
>
> libpam-smbpass, which is installed on your samba server, ensures
> synchronization of passwords at every login. Suppose you use
> "secretknock" as the unix password for user "foo" on the server. If you
> run "sudo smbpasswd -a foo" and set "sk" as the SMB password, it will
> work for a while... until you log in to the server as user "foo" again,
> at which point the SMB password for foo will automatically be set to
> "secretknock".
>
> --
> samba server requires smbpasswd -a user constantly
> https://bugs.launchpad.net/bugs/566560
> You received this bug notification because you are a direct subscriber
> of the bug.
>

Revision history for this message
rolfy (rolfy-rolfy) wrote :

i was convinced this was a simple issue, but thus far, i've been unable to reproduce the problem in a virtual machine, which would suggest there's something else at play here, so i'll try to get trace off my file server when i can :|

Revision history for this message
Timbba (timbba) wrote :

@Thierry:
I'm using also different passwords in unix and samba. How to make then persistent SMB password? Do I need to uninstall libpam-smbpass to get rid of this automatical setting of SMB password on login phase?

Revision history for this message
Thierry Carrez (ttx) wrote :

Martin, Timbba: that confirms my hypothesis.

This is not really a bug, it's a feature enabled by default that you should disable in your use case.

Uninstalling libpam-smbpass will remove the password synchronization that occurs every time you log in:
sudo apt-get remove libpam-smbpass

This recurring problem should then disappear. I'll mark the bug as "Invalid", please set it back to "Confirmed" if that does not fix the symptoms you're experiencing.

Changed in samba (Ubuntu):
status: Incomplete → Invalid
Revision history for this message
Timbba (timbba) wrote :

Seems to solve my problem.
However, I have to say that this is not so nicely managed. User experience is awful and this should be handled more user friendly in the future.

Revision history for this message
rolfy (rolfy-rolfy) wrote :

i can also confirm that i had that module installed (though i dont remember installing it :|) I'll do some testing now that it's removed.

Revision history for this message
florble (will-thecleverbaggers) wrote :

same problem~!

Revision history for this message
Martin Waldenvik (waldenvik) wrote :

Should have noted long time ago that removing libpam-smbpass resolved my problems.

Revision history for this message
michael brenden (mike-brenden) wrote :

21 Feb 2012 -- Having exactly same problem, on Ubuntu 10.04.4 LTS (32bit PAE)

Just found this report and am now trying the "fix" of

apt-get remove libpam-smbpass

and will report back success or fail

Revision history for this message
michael brenden (mike-brenden) wrote :

Having trouble trying to understand what is going on --- libpam-smpass REQUIRES windows password to be identical to unix password?? Please say it ain't so...how stoopid that would be...

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.