DescriptionBijesh Thekkepat
2022-12-13 13:33:33 UTC
Created attachment 1932365[details]
Share access error from macOS
Description of problem:
Cannot connect to Samba shares anymore from MacOS Ventura after upgrade to Samba 4.16.4-2.el8 on RHEL 8.7. Shares are accessible locally using smbclient. No issues reported on Windows clients.
Shares are accessible if we do 'yum downgrade samba.x86_64', so that the version of samba is 4.15.5-10.el8_6
Error reported on MacOS is "There was a problem connecting to the server "" There are no shares available or you are not allowed to access them on the server. Please contact your system administrator to resolve the problem"
Attached "smb_connection_error_v2.png"
Version-Release number of selected component (if applicable):
RHEL 8.7
python3-samba-4.16.4-2.el8.x86_64 Wed Nov 16 09:25:27 2022
samba-4.16.4-2.el8.x86_64 Wed Nov 16 09:25:28 2022
samba-client-4.16.4-2.el8.x86_64 Wed Nov 16 09:25:28 2022
samba-client-libs-4.16.4-2.el8.x86_64 Wed Nov 16 09:25:27 2022
samba-common-4.16.4-2.el8.noarch Wed Nov 16 09:25:26 2022
samba-common-libs-4.16.4-2.el8.x86_64 Wed Nov 16 09:25:27 2022
samba-common-tools-4.16.4-2.el8.x86_64 Wed Nov 16 09:25:27 2022
samba-libs-4.16.4-2.el8.x86_64 Wed Nov 16 09:25:27 2022
How reproducible:
1] configure smb.conf as below
[global]
workgroup = SAMBA
security = user
passdb backend = tdbsam
printing = cups
printcap name = cups
load printers = yes
cups options = raw
access based share enum = yes
log level = 10
debug pid = true
max log size = 0
~~~
[testshare]
comment = My Samba share
path = /testshare
read only = no
guest ok = no
valid users = username
write list = username
~~~
Restart smb service
# systemctl restart smb
# mkdir /testshare
# chown username /testshare
# chcon -R -t samba_share_t /testshare
# smbpasswd -a username
- Share can be accessed locally using smbclient
- Share can be accessed if samba downgraded to samba-4.15.5-10.el8_6 but not accessible from samba-4.16.4-2.el8 (RHEL 8.7)
Actual results:
~~~
[2022/11/16 09:31:41, 10, pid=35489, effective(1001, 100), real(1001, 0)] ../../source3/smbd/share_access.c:239(user_ok_token)
user_ok_token: share IPC$ is ok for unix user username
[2022/11/16 09:31:41, 2, pid=35489, effective(1001, 100), real(1001, 0)] ../../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log)
tdb(/var/lib/samba/share_info.tdb): tdb_open_ex: could not open file /var/lib/samba/share_info.tdb: Permission denied <---
[2022/11/16 09:31:41, 3, pid=35489, effective(1001, 100), real(1001, 0)] ../../lib/dbwrap/dbwrap_tdb.c:484(db_open_tdb)
Could not open tdb: Permission denied
[2022/11/16 09:31:41, 0, pid=35489, effective(1001, 100), real(1001, 0)] ../../source3/lib/sharesec.c:162(share_info_db_init)
Failed to open share info database /var/lib/samba/share_info.tdb (Permission denied)
[2022/11/16 09:31:41, 10, pid=35489, effective(1001, 100), real(1001, 0), class=rpc_srv] ../../source3/rpc_server/srvsvc/srv_srvsvc_nt.c:664(init_srv_share_info_ctr)
NOT counting service IPC$
[2022/11/16 09:31:41, 3, pid=35489, effective(1001, 100), real(1001, 0)] ../../libcli/security/dom_sid.c:216(dom_sid_parse_endp)
string_to_sid: SID username is not in a valid format
[2022/11/16 09:31:41, 10, pid=35489, effective(1001, 100), real(1001, 0)] ../../source3/passdb/lookup_sid.c:124(lookup_name)
lookup_name: STAGING-FS1\username => domain=[STAGING-FS1], name=[username]
~~~
Tried removing the /var/lib/samba/*.tdb but did not help.
Expected results:
The share should be accessible from MacOS Ventura on Samba 4.16.4-2.el8 like it did when on 4.15.5-10.el8_6
Additional info:
# id username
uid=1001(username) gid=100(users) groups=100(users),1001(admin_users)
# pdbedit -L | grep username
username:1001:
# ls -ld /var/lib/samba/
drwxr-xr-x. 7 root root 216 Nov 14 15:40 /var/lib/samba/
# ls -laZ /var/lib/samba/share_info.tdb
-rw-------. 1 root root system_u:object_r:samba_var_t:s0 421888 Sep 26 16:07 /var/lib/samba/share_info.tdb
Attached error screenshot "smb_connection_error_v2.png"
Comment 3Andreas Schneider
2022-12-19 14:37:39 UTC
Could you please check if SELINUX prevents that smbd can open /var/lib/samba/share_info.tdb? What are the file permissions for this file?
Comment 5Andreas Schneider
2022-12-21 16:02:23 UTC
Then I would guess it is SELinux preventing access to the file.
Comment 7Andreas Schneider
2022-12-23 15:08:49 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (Low: samba security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHSA-2023:2987
Created attachment 1932365 [details] Share access error from macOS Description of problem: Cannot connect to Samba shares anymore from MacOS Ventura after upgrade to Samba 4.16.4-2.el8 on RHEL 8.7. Shares are accessible locally using smbclient. No issues reported on Windows clients. Shares are accessible if we do 'yum downgrade samba.x86_64', so that the version of samba is 4.15.5-10.el8_6 Error reported on MacOS is "There was a problem connecting to the server "" There are no shares available or you are not allowed to access them on the server. Please contact your system administrator to resolve the problem" Attached "smb_connection_error_v2.png" Version-Release number of selected component (if applicable): RHEL 8.7 python3-samba-4.16.4-2.el8.x86_64 Wed Nov 16 09:25:27 2022 samba-4.16.4-2.el8.x86_64 Wed Nov 16 09:25:28 2022 samba-client-4.16.4-2.el8.x86_64 Wed Nov 16 09:25:28 2022 samba-client-libs-4.16.4-2.el8.x86_64 Wed Nov 16 09:25:27 2022 samba-common-4.16.4-2.el8.noarch Wed Nov 16 09:25:26 2022 samba-common-libs-4.16.4-2.el8.x86_64 Wed Nov 16 09:25:27 2022 samba-common-tools-4.16.4-2.el8.x86_64 Wed Nov 16 09:25:27 2022 samba-libs-4.16.4-2.el8.x86_64 Wed Nov 16 09:25:27 2022 How reproducible: 1] configure smb.conf as below [global] workgroup = SAMBA security = user passdb backend = tdbsam printing = cups printcap name = cups load printers = yes cups options = raw access based share enum = yes log level = 10 debug pid = true max log size = 0 ~~~ [testshare] comment = My Samba share path = /testshare read only = no guest ok = no valid users = username write list = username ~~~ Restart smb service # systemctl restart smb # mkdir /testshare # chown username /testshare # chcon -R -t samba_share_t /testshare # smbpasswd -a username - Share can be accessed locally using smbclient - Share can be accessed if samba downgraded to samba-4.15.5-10.el8_6 but not accessible from samba-4.16.4-2.el8 (RHEL 8.7) Actual results: ~~~ [2022/11/16 09:31:41, 10, pid=35489, effective(1001, 100), real(1001, 0)] ../../source3/smbd/share_access.c:239(user_ok_token) user_ok_token: share IPC$ is ok for unix user username [2022/11/16 09:31:41, 2, pid=35489, effective(1001, 100), real(1001, 0)] ../../lib/tdb_wrap/tdb_wrap.c:65(tdb_wrap_log) tdb(/var/lib/samba/share_info.tdb): tdb_open_ex: could not open file /var/lib/samba/share_info.tdb: Permission denied <--- [2022/11/16 09:31:41, 3, pid=35489, effective(1001, 100), real(1001, 0)] ../../lib/dbwrap/dbwrap_tdb.c:484(db_open_tdb) Could not open tdb: Permission denied [2022/11/16 09:31:41, 0, pid=35489, effective(1001, 100), real(1001, 0)] ../../source3/lib/sharesec.c:162(share_info_db_init) Failed to open share info database /var/lib/samba/share_info.tdb (Permission denied) [2022/11/16 09:31:41, 10, pid=35489, effective(1001, 100), real(1001, 0), class=rpc_srv] ../../source3/rpc_server/srvsvc/srv_srvsvc_nt.c:664(init_srv_share_info_ctr) NOT counting service IPC$ [2022/11/16 09:31:41, 3, pid=35489, effective(1001, 100), real(1001, 0)] ../../libcli/security/dom_sid.c:216(dom_sid_parse_endp) string_to_sid: SID username is not in a valid format [2022/11/16 09:31:41, 10, pid=35489, effective(1001, 100), real(1001, 0)] ../../source3/passdb/lookup_sid.c:124(lookup_name) lookup_name: STAGING-FS1\username => domain=[STAGING-FS1], name=[username] ~~~ Tried removing the /var/lib/samba/*.tdb but did not help. Expected results: The share should be accessible from MacOS Ventura on Samba 4.16.4-2.el8 like it did when on 4.15.5-10.el8_6 Additional info: # id username uid=1001(username) gid=100(users) groups=100(users),1001(admin_users) # pdbedit -L | grep username username:1001: # ls -ld /var/lib/samba/ drwxr-xr-x. 7 root root 216 Nov 14 15:40 /var/lib/samba/ # ls -laZ /var/lib/samba/share_info.tdb -rw-------. 1 root root system_u:object_r:samba_var_t:s0 421888 Sep 26 16:07 /var/lib/samba/share_info.tdb Attached error screenshot "smb_connection_error_v2.png"