Solved samba share permission privilege changed since update

[bxbzq]

In /var/log/samba4/smbd.log, there are these lines from time to time. Relevant?

[2023/10/25 14:56:58.428893,  3] ../../source3/lib/messages.c:926(send_all_fn)
  send_all_fn: messaging_send_buf to 1140 failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
[2023/10/25 14:56:58.429038,  3] ../../source3/lib/messages.c:926(send_all_fn)
  send_all_fn: messaging_send_buf to 1195 failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
[2023/10/25 14:56:58.429139,  3] ../../source3/lib/messages.c:926(send_all_fn)
  send_all_fn: messaging_send_buf to 1143 failed: NT_STATUS_OBJECT_NAME_NOT_FOUND

 

[VladiBG]

You can also try to delete the net cache from the samba and all databases. But it's better to make a backup of it first.

service samba_server stop
net cache flush
rm /var/db/samba4/*.tdb
service samba_server start

In the /var/log/samba4/<IP>.log look for auth_log.c (log_authentication_event_human_readable) and check if the user group is correct.

 

[bxbzq]

In the /var/log/samba4/<IP>.log look for auth_log.c (log_authentication_event_human_readable) and check if the user group is correct.

You mean this line? It looks correct.

[2023/10/25 14:45:12.813736,  4] ../../auth/auth_log.c:753(log_successful_authz_event_human_readable)
  Successful AuthZ: [SMB2,NTLMSSP] user [JFSVR]\[wang_d] [S-1-5-21-514823997-3778344846-3024379377-1003] at [Wed, 25 Oct 2023 14:45:12.813722 CST] Remote host [ipv4:192.168.1.98:61583] local host [ipv4:192.168.1.254:445]
  {"timestamp": "2023-10-25T14:45:12.813824+0800", "type": "Authorization", "Authorization": {"version": {"major": 1, "minor": 1}, "localAddress": "ipv4:192.168.1.254:445", "remoteAddress": "ipv4:192.168.1.98:61583", "serviceDescription": "SMB2", "authType": "NTLMSSP", "domain": "JFSVR", "account": "wang_d", "sid": "S-1-5-21-514823997-3778344846-3024379377-1003", "sessionId": "9794fdb6-c85e-485a-b62e-79dbab40333b", "logonServer": "JFSVR", "transportProtection": "SMB", "accountFlags": "0x00000010"}}

 

[bxbzq]

You can also try to delete the net cache from the samba and all databases. But it's better to make a backup of it first.

service samba_server stop
net cache flush
rm /var/db/samba4/*.tdb
service samba_server start

In the /var/log/samba4/<IP>.log look for auth_log.c (log_authentication_event_human_readable) and check if the user group is correct.

Tried, no difference.

 

[SirDice]

Not recommended but I guess it's worth a shot:

   client min protocol = NT1
   server min protocol = NT1
   ntlm auth = ntlmv1-permitted

This enables the old SMBv1 protocol again, on 4.13 at least, don't know if it still works for 4.16.

 

[VladiBG]

Are you able to connect and list the file shares using the IP address of the server?

 

[bxbzq]

Not recommended but I guess it's worth a shot:

   client min protocol = NT1
   server min protocol = NT1
   ntlm auth = ntlmv1-permitted

This enables the old SMBv1 protocol again, on 4.13 at least, don't know if it still works for 4.16.

No effect. SMB1.0 on windows 10 is enabled, and 4.13 was installed couple of days ago.

 

[bxbzq]

Are you able to connect and list the file shares using the IP address of the server?

Sorry, don't get it.

 

[VladiBG]

Can you connect using \\ip_address\ to the server?

 

[bxbzq]

In a brower? oh yes.

 

[delvin]

Run this command:

find {share} -exec rmextattr user DOSATTRIB "{}" ";"

Credits: https://www.netfence.it/sub/sambaonfreebsd/

 

[bxbzq]

Run this command:

find {share} -exec rmextattr user DOSATTRIB "{}" ";"

Credits: https://www.netfence.it/sub/sambaonfreebsd/

This is great.
Seeing the message of "... failed, attribute not found" on every file when running the command, I was going to give up, but when I checked a few files, it actually made the difference. There are a few bad apples, but looks very promising so far.
Many thanks.