Author Topic: SAMBA Error  (Read 26372 times)

Lonniebiz

  • Zen Samurai
  • ****
  • Posts: 320
  • Karma: +24/-2
    • View Profile
Re: SAMBA Error
« Reply #45 on: October 24, 2013, 07:22:56 pm »
@famasa

Well said. It seemed to work better in 3.0, so why did they change this?

In 3.0, it didn't take a long time to save changes to the samba module.

In 3.0, if you set up group permissions, Zentyal honored those permissions for shared folders.

In 3.0, the way it worked made sense.

In 3.2, what are the benefits of these changes that are causing all these problems?

The goal should be to make Zentyal shares act exactly like Windows shares. In 3.0, Zentyal was a fairly decent replacement for a windows file server. In 3.2, so far, controlling permissions has been de-abstracted from the web interface it seems.

Lonniebiz

  • Zen Samurai
  • ****
  • Posts: 320
  • Karma: +24/-2
    • View Profile
Re: SAMBA Error
« Reply #46 on: October 24, 2013, 07:45:07 pm »
1 - What matters in Zentyal design is ACL more than Linux object ownership.

No one is arguing this priority. The issue is, for us who have actually upgrade to 3.2, is that is not clear what the Linux-level ownership and permissions should be, in order get Zentyal to again honor the ACL permissions we've prescribed via the web interface.

In 3.0, I believe this is the ownership that worked:
Code: [Select]
sudo chown -R sync:'__USERS__' /home/samba/shares/FolderName/
I don't care what Zentyal makes the linux-level ownership or permissions as long as it will honor the ACL permissions I set in the web interface. And also, as long as it will allow me to set permissions using windows explorer, while being logged in as a domain admin to a windows server or workstation.
« Last Edit: October 24, 2013, 11:18:00 pm by Lonniebiz »

famasa

  • Zen Apprentice
  • *
  • Posts: 13
  • Karma: +4/-1
    • View Profile
Re: SAMBA Error
« Reply #47 on: November 13, 2013, 02:38:31 am »
After the last update of samba (File Sharing and Domain Services  3.2.9), again after changing any permissions the samba restart hangs at 67% and then all of the shares become unavailable.  If you do getfacl on the share it does not have the access priviliges defined in zentyal.

Everytime there is a samba service restart, I have to restore the privileges manually using "setfacl --restore ..."

This is so frustrating.  I am very disappointed with the latest zentyal development.

BrettonWoods

  • Guest
Re: SAMBA Error
« Reply #48 on: November 13, 2013, 07:19:07 am »
Have you done the chmod 0600 /opt/samba4/private/tls/key.pem
(File Sharing and Domain Services  3.2.9) bug

famasa

  • Zen Apprentice
  • *
  • Posts: 13
  • Karma: +4/-1
    • View Profile
Re: SAMBA Error
« Reply #49 on: November 13, 2013, 07:41:53 pm »
The file already had the right permissions:

$ ls -l /opt/samba4/private/tls/key.pem
-rw------- 1 root root 887 Oct  6 17:42 /opt/samba4/private/tls/key.pem

and we continue with the same problem.

rcarney

  • Zen Apprentice
  • *
  • Posts: 37
  • Karma: +5/-0
    • View Profile
Re: SAMBA Error
« Reply #50 on: November 14, 2013, 09:57:19 pm »
Same problem with 32-bit 3.2 version

BrettonWoods

  • Guest
Re: SAMBA Error
« Reply #51 on: November 15, 2013, 05:46:10 am »
Sorry guys as I have File Sharing and Domain Services   3.2.9 running.

samba4   SMB/CIFS file, NT domain and active directory server (version 4)   4.1.1-zentyal2

I have held back on updates and have stopped before the above.

Maybe someone might just inform you of a scheduled fix.

lembal

  • Guest
Re: SAMBA Error
« Reply #52 on: November 15, 2013, 03:37:44 pm »
Hello there !

Got an issue with the 3.2.9 samba4 update (11/11/13) on my Zentyal 3.2 64Bits.
I Couldn't start de Sharing services anymore even after a hardware reboot.
I corrected this with this command :

Code: [Select]
chmod 0600 /opt/samba4/private/tls/key.pem
The day after that, the service stopped by it self... again ! I was afraid i couldn't restart it but it did.
In the meantime my users were not able de log on the domain !
To avoid this situation i created the following script :

Code: [Select]
#!/bin/sh
#Automatic restarting SAMBA4 service if down
pidof smbd > /dev/null
if [ $? = 1 ]
then
/etc/init.d/samba4 restart

echo "Samba service restarted" | mail -s 'Samba restarted on XXX Server' myemail@domain.com
fi

I've added this entry in the /etc/crontab file :

Code: [Select]
*/1 * * * * root /root/smbrestart.sh
...so that every minute my script is launched. Anytime Samba server stops, within the minute it's automatically restarted and i'm informed by email.
If it can help somebody ;)

famasa

  • Zen Apprentice
  • *
  • Posts: 13
  • Karma: +4/-1
    • View Profile
Re: SAMBA Error
« Reply #53 on: November 23, 2013, 01:27:33 am »
Is there any update on when this will be fixed???

jjm1982

  • Zen Warrior
  • ***
  • Posts: 200
  • Karma: +7/-0
    • View Profile
Re: SAMBA Error
« Reply #54 on: December 04, 2013, 10:50:47 am »
I have the same error, using 32 bits though

jjm1982

  • Zen Warrior
  • ***
  • Posts: 200
  • Karma: +7/-0
    • View Profile
Re: SAMBA Error
« Reply #55 on: December 06, 2013, 03:03:56 am »
I believe I've made some progress on this issue. I no longer receive this error
Code: [Select]
AuthKrbHelper.pm:172 EBox::Samba::AuthKrbHelper::_getTicketUsingKeytab - Could not get ticket: could not acquire credentials using an initial credentials context: unable to reach any KDC in realm BCGVT.LAN
 at /usr/share/perl5/EBox/Samba/AuthKrbHelper.pm line 172
in the zentyal.log anymore.

After do a LOT of googling and looking through the perl scripts the trace references I found this linke: http://kerberos.996246.n3.nabble.com/kinit-krb5-get-init-creds-unable-to-reach-any-KDC-in-realm-REALM-td9947.html and it refers to the /etc/hosts file where the machine name is set to 127.0.1.1 when it should be 127.0.0.1.

And I actually read up on some of the kerberos info from an M$ website: http://technet.microsoft.com/en-us/library/bb463167.aspx and this:
Quote
To access Kerberized services, the client computer must be capable of resolving the DNS domain of the target computer to the correct Kerberos REALM. This becomes an issue when the DNS domain name does not match the Kerberos REALM name. Because mapping does not become an issue until the client computer tries to access a service, domain to REALM mapping problems do not affect initial ticket requests (TGTs). When mapping problems exist, service ticket requests may fail or access to Kerberized services may fail. With Active Directory, the REALM name is always the uppercase equivalent of the DNS domain name.
paragraph stood out to me.

After reading that I remembered that I continue to experience DNS issues. So I set the domain IP address, added the server as a host name and my DNS server as a host name. I assigned the two IP addresses I use on my server to the host name and added both as name servers.

I also read on http://kerberos.996246.n3.nabble.com/kinit-krb5-get-init-creds-unable-to-reach-any-KDC-in-realm-REALM-td9947.html that kerberos uses ports 88 and 750 so I added them to the 'Network' > 'Services' > 'Kerberos' using TCP & UDP protocol and saved the configuration. I then added those same ports to the services record in DNS.

After making these changes I am now left with this error in the zentyal.log file, which I thought was already fixed.

Code: [Select]
2013/12/05 20:49:06 ERROR> GlobalImpl.pm:660 EBox::GlobalImpl::__ANON__ - Failed to save changes in module samba: Failed to open: NT_STATUS_ACCESS_DENIED at /usr/share/perl5/EBox/Samba.pm line 412.
The Zentyal Web GUI still stops at 67% and throws an error and I'm unable to start the zentyal samba service but samba4 is running; I am able to access my shares without any issues.

I can easily back out my changes if I'm headed in the wrong direction...

famasa

  • Zen Apprentice
  • *
  • Posts: 13
  • Karma: +4/-1
    • View Profile
Re: SAMBA Error
« Reply #56 on: March 19, 2014, 03:55:44 pm »
This is getting really frustrating.  4 months later, the problem has not been resolved:
We are currently at Zentyal 3.3 with:
Core   3.3.5
File Sharing and Domain Services   3.3.4

Every time you make any changes through the interface you have to worry whether Filesharing (samba) is restarted as dependency.  If that happens the interface hangs at 67%, all of the shares are disabled until the ACLs are applied.  If you are lucky it finishes but mostly it does not.  Then you have to go and restore manually the ACLs from backup setfacl --restore

This is really no way to administer a filesharing server...  How much longer do we have to wait for a fix???

StuartNaylor

  • Guest
Re: SAMBA Error
« Reply #57 on: March 19, 2014, 04:05:03 pm »
Its not a fix famasa,

Only thing I can think of is jump to 3.4.
Its not an upgrade though its a config backup. File backup. Install and restore affair.

The community version is a rolling road and I have no idea when or if there will be a fix for 3.3.4.

I am presuming 3.4 is still very much in focus and if you want something quick then thats your answer.

sergowech

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: SAMBA Error
« Reply #58 on: September 25, 2015, 04:21:56 pm »
Hi....  It's not a problem....
domain administrator account password has expired ))))

Code: [Select]
sudo samba-tool user setpassword administrator
And ales.....

dragonslayr

  • Zen Warrior
  • ***
  • Posts: 157
  • Karma: +1/-0
    • View Profile
Re: SAMBA Error
« Reply #59 on: October 06, 2023, 08:07:06 pm »
Thank you sergowech

Solved my issue