Posts by donh

donh · Sunday, 7:30 pm

I don't know if quickemu would be useful or not for this. But it is interesting.

FYI

donh · Oct 13th 2021

Maybe you should look at proxmox instead of esxi. It seems much more intuitive to me. You could also look at the qemu plugin from omv extras if you don't want all the features of those two.

donh · Oct 13th 2021

If you need a tutorial search for debian 10. Just use the omv iso instead.

Good luck

donh · Oct 11th 2021

Hm it just came up blank before. Anyway will fill it out.

Thanks

New issue https://github.com/openmediavault/openmediavault/issues/1110

donh · Oct 11th 2021

Where is this template? Never used one before.

Thanks

donh · Oct 11th 2021

Opened a github issue. https://github.com/openmediavault/openmediavault/issues/1109

donh · Oct 10th 2021

This might be useful for this or other things that get set by omv scripts.

https://serverfault.com/questi…-to-smb-conf-via-a-script

Will try later.

Thanks

FYI /etc/samba/smb.d/ad.conf does work. But not for security = domain. Tested by moving settings from extra options to ad.conf and adding the include in extra options. Tested on 5 and 6.

donh · Oct 10th 2021

From the man page linked in omv6/#/services/smb/settings

Code

IDENTITY MAPPING CONSIDERATIONS

In the SMB protocol, users, groups, and machines are represented by their security identifiers (SIDs). On POSIX system Samba processes need to run under corresponding POSIX user identities and with supplemental POSIX groups to allow access to the files owned by those users and groups. The process of mapping SIDs to POSIX users and groups is called IDENTITY MAPPING or, in short, ID MAPPING.

Samba supports multiple ways to map SIDs to POSIX users and groups. The configuration is driven by the idmap config DOMAIN : OPTION option which allows one to specify identity mapping (idmap) options for each domain separately.

Identity mapping modules implement different strategies for mapping of SIDs to POSIX user and group identities. They are applicable to different use cases and scenarios. It is advised to read the documentation of the individual identity mapping modules before choosing a specific scenario to use. Each identity management module is documented in a separate manual page. The standard idmap backends are tdb (idmap_tdb(8)), tdb2 (idmap_tdb2(8)), ldap (idmap_ldap(8)), rid (idmap_rid(8)), hash (idmap_hash(8)), autorid (idmap_autorid(8)), ad (idmap_ad(8)), nss (idmap_nss(8)), and rfc2307 (idmap_rfc2307(8)).

Overall, ID mapping configuration should be decided carefully. Changes to the already deployed ID mapping configuration may create the risk of losing access to the data or disclosing the data to the wrong parties.

This example shows how to configure two domains with idmap_rid(8), the principal domain and a trusted domain, leaving the default id mapping scheme at tdb.

    [global]
    
    workgroup = MAIN

    idmap config * : backend        = tdb
    idmap config * : range          = 1000000-1999999

    idmap config MAIN : backend     = rid
    idmap config MAIN : range       = 5000000-5999999

    idmap config TRUSTED : backend  = rid
    idmap config TRUSTED : range    = 6000000-6999999
   ...

Display More

Code

security = domain  ### in "Extra options"

Causes server error 500 as above. So catch 22, back to the above.

Thanks

donh · Oct 10th 2021

OK thanks. Will try later. It is working sort of without that. Problem seems to be groups not working correctly. This may help.

donh · Oct 10th 2021

Quote from ryecoaaron
According to Red Hat, you might have to add some idmap configuration. This is what the posted solution was:

1) Ensure the id map is configured in smb.conf, like:
Code
[global]
...
idmap config * : backend = tdb
idmap config * : range 10000-199999
idmap config DOMAIN : backend = autorid
idmap config DOMAIN : range = 200000-2147483647
2) Map group BUILTIN\Guests to group nobody with following command:
Code
# net -s /dev/null groupmap add sid=S-1-5-32-546 unixgroup=nobody type=builtin
3) Restart samba services and replicate the issue:
Code
# systemctl restart {smb,nmb}
# smbclient //$(hostname)/<share> -U DOMAIN\\<user> -d10

Thanks for the reply. Can you post a link to that article?

donh · Oct 10th 2021

In the past a release with a new debian version has waited for the x.1 version to come out. 11.1 has just come out so that is not holding it up anymore. It still has to be ready though.

donh · Oct 9th 2021

Can you setup another scan template to scan to your pc to test? Wireshark be useful too.

donh · Oct 9th 2021

You can see the problem by looking at omvIP/#/usermgmt/groups/create. Try to create a group for "test user". Turns red and wont save. I don't know if other "special characters" are effected.

donh · Oct 9th 2021

Seems the problem is with the way ownership of the file is assigned. Maybe due to the space in "domain user@" in the group?

donh · Oct 8th 2021

Code

Here is samba testparm.



root@omv6:~# samba testparm
INFO: Current debug levels:
  all: 10
  tdb: 10
  printdrivers: 10
  lanman: 10
  smb: 10
  rpc_parse: 10
  rpc_srv: 10
  rpc_cli: 10
  passdb: 10
  sam: 10
  auth: 10
  winbind: 10
  vfs: 10
  idmap: 10
  quota: 10
  acls: 10
  locking: 10
  msdfs: 10
  dmapi: 10
  registry: 10
  scavenger: 10
  dns: 10
  ldb: 10
  tevent: 10
  auth_audit: 10
  auth_json_audit: 10
  kerberos: 10
  drs_repl: 10
  smb2: 10
  smb2_credits: 10
  dsdb_audit: 10
  dsdb_json_audit: 10
  dsdb_password_audit: 10
  dsdb_password_json_audit: 10
  dsdb_transaction_audit: 10
  dsdb_transaction_json_audit: 10
  dsdb_group_audit: 10
  dsdb_group_json_audit: 10
lpcfg_do_global_parameter: WARNING: The "encrypt passwords" option is deprecated
lpcfg_do_global_parameter: WARNING: The "client use spnego" option is deprecated
Processing section "[sdb]"
pm_process() returned Yes
root@omv6:~#

Display More

donh · Oct 8th 2021

Here is the output.

Code

debian:
----------
          ID: configure_samba_global
    Function: file.managed
        Name: /etc/samba/smb.conf
      Result: True
     Comment: File /etc/samba/smb.conf updated
     Started: 13:38:15.729692
    Duration: 123.584 ms
     Changes:   
              ----------
              diff:
                  --- 
                  +++ 
                  @@ -41,33 +41,3 @@
                   password server = dexta.example.com
                   realm = EXAMPLE.COM
                   security = ads
                  -#======================= Share Definitions =======================
                  -[sdb]
                  -path = /srv/dev-disk-by-uuid-dddc6d8d-cbc7-4e9b-8652-8e26308b0769/
                  -guest ok = no
                  -guest only = no
                  -read only = no
                  -browseable = yes
                  -inherit acls = yes
                  -inherit permissions = yes
                  -ea support = yes
                  -store dos attributes = yes
                  -fruit:encoding = private
                  -fruit:locking = none
                  -fruit:metadata = netatalk
                  -fruit:resource = file
                  -fruit:time machine = yes
                  -vfs objects =  fruit streams_xattr
                  -printable = no
                  -create mask = 0664
                  -force create mode = 0664
                  -directory mask = 0775
                  -force directory mode = 0775
                  -hide special files = yes
                  -follow symlinks = yes
                  -hide dot files = yes
                  -valid users = "don","administrator@example.com","donadmin@example.com","dexample@example.com","scanuser@example.com","jexample@example.com",@"domain users@example.com"
                  -invalid users = "nobody","sm_00896c44e6ca4e378@example.com","sm_92aebd7159514eedb@example.com","sm_4de0cc3fd712416ea@example.com","krbtgt@example.com","guest@example.com","sm_c69700aeff494c3d9@example.com",@"nogroup",@"exchange windows permissions@example.com",@"exchangelegacyinterop@example.com",@"server management@example.com",@"delegated setup@example.com",@"um management@example.com",@"s-1-5-21-2781488526-1165096633-3670503853-512@example.com",@"winrmremotewmiusers__@example.com",@"wseremoteaccessusers@example.com",@"group policy creator owners@example.com",@"view-only organization management@example.com",@"cloneable domain controllers@example.com",@"hygiene management@example.com",@"protected users@example.com",@"s-1-5-21-2781488526-1165096633-3670503853-1113@example.com",@"s-1-5-21-2781488526-1165096633-3670503853-1106@example.com",@"recipient management@example.com",@"wseallowdashboardaccess@example.com",@"wseinvisibletodashboard@example.com",@"s-1-5-21-2781488526-1165096633-3670503853-1107@example.com",@"read-only domain controllers@example.com",@"enterprise admins@example.com",@"wseallowcomputeraccess@example.com",@"dnsadmins@example.com",@"cert publishers@example.com",@"domain admins@example.com",@"organization management@example.com",@"exchange servers@example.com",@"wseallowshareaccess@example.com",@"dhcp users@example.com",@"records management@example.com",@"wsealertadministrators@example.com",@"s-1-5-21-2781488526-1165096633-3670503853-514@example.com",@"denied rodc password replication group@example.com",@"dhcp administrators@example.com",@"s-1-5-21-2781488526-1165096633-3670503853-519@example.com",@"domain guests@example.com",@"s-1-5-21-2781488526-1165096633-3670503853-1110@example.com",@"wseremotewebaccessusers@example.com",@"wseallowaddinaccess@example.com",@"wseallowhomepagelinks@example.com",@"exchange trusted subsystem@example.com",@"$i31000-q93gr5525bp9@example.com",@"s-1-5-21-2781488526-1165096633-3670503853-1108@example.com",@"discovery management@example.com",@"s-1-5-21-2781488526-1165096633-3670503853-1109@example.com",@"allowed rodc password replication group@example.com",@"exchange all hosted organizations@example.com",@"public folder management@example.com",@"dnsupdateproxy@example.com",@"wseallowmediaaccess@example.com",@"help desk@example.com",@"domain controllers@example.com",@"s-1-5-21-2781488526-1165096633-3670503853-513@example.com",@"domain computers@example.com",@"schema admins@example.com",@"ras and ias servers@example.com",@"wsemanagedgroups@example.com",@"s-1-5-21-2781488526-1165096633-3670503853-1111@example.com",@"enterprise read-only domain controllers@example.com",@"s-1-5-21-2781488526-1165096633-3670503853-518@example.com",@"s-1-5-21-2781488526-1165096633-3670503853-1112@example.com",@"s-1-5-21-2781488526-1165096633-3670503853-1105@example.com",@"s-1-5-21-2781488526-1165096633-3670503853-572@example.com"
                  -read list = "administrator@example.com"
                  -write list = "don","donadmin@example.com","dexample@example.com","scanuser@example.com","jexample@example.com",@"domain users@example.com"
                  -
----------
          ID: configure_samba_shares
    Function: file.append
        Name: /etc/samba/smb.conf
      Result: True
     Comment: Appended 30 lines
     Started: 13:38:15.853580
    Duration: 767.317 ms
     Changes:   
              ----------
              diff:
                  --- 
                  
                  +++ 
                  
                  @@ -41,3 +41,33 @@
                  
                   password server = dexta.example.com
                   realm = EXAMPLE.COM
                   security = ads
                  +#======================= Share Definitions =======================
                  +[sdb]
                  +path = /srv/dev-disk-by-uuid-dddc6d8d-cbc7-4e9b-8652-8e26308b0769/
                  +guest ok = no
                  +guest only = no
                  +read only = no
                  +browseable = yes
                  +inherit acls = yes
                  +inherit permissions = yes
                  +ea support = yes
                  +store dos attributes = yes
                  +fruit:encoding = private
                  +fruit:locking = none
                  +fruit:metadata = netatalk
                  +fruit:resource = file
                  +fruit:time machine = yes
                  +vfs objects =  fruit streams_xattr
                  +printable = no
                  +create mask = 0664
                  +force create mode = 0664
                  +directory mask = 0775
                  +force directory mode = 0775
                  +hide special files = yes
                  +follow symlinks = yes
                  +hide dot files = yes
                  +valid users = "don","administrator@example.com","donadmin@example.com","dexample@example.com","scanuser@example.com","jexample@example.com",@"domain users@example.com"
                  +invalid users = "nobody","sm_00896c44e6ca4e378@example.com","sm_92aebd7159514eedb@example.com","sm_4de0cc3fd712416ea@example.com","krbtgt@example.com","guest@example.com","sm_c69700aeff494c3d9@example.com",@"nogroup",@"exchange windows permissions@example.com",@"exchangelegacyinterop@example.com",@"server management@example.com",@"delegated setup@example.com",@"um management@example.com",@"s-1-5-21-2781488526-1165096633-3670503853-512@example.com",@"winrmremotewmiusers__@example.com",@"wseremoteaccessusers@example.com",@"group policy creator owners@example.com",@"view-only organization management@example.com",@"cloneable domain controllers@example.com",@"hygiene management@example.com",@"protected users@example.com",@"s-1-5-21-2781488526-1165096633-3670503853-1113@example.com",@"s-1-5-21-2781488526-1165096633-3670503853-1106@example.com",@"recipient management@example.com",@"wseallowdashboardaccess@example.com",@"wseinvisibletodashboard@example.com",@"s-1-5-21-2781488526-1165096633-3670503853-1107@example.com",@"read-only domain controllers@example.com",@"enterprise admins@example.com",@"wseallowcomputeraccess@example.com",@"dnsadmins@example.com",@"cert publishers@example.com",@"domain admins@example.com",@"organization management@example.com",@"exchange servers@example.com",@"wseallowshareaccess@example.com",@"dhcp users@example.com",@"records management@example.com",@"wsealertadministrators@example.com",@"s-1-5-21-2781488526-1165096633-3670503853-514@example.com",@"denied rodc password replication group@example.com",@"dhcp administrators@example.com",@"s-1-5-21-2781488526-1165096633-3670503853-519@example.com",@"domain guests@example.com",@"s-1-5-21-2781488526-1165096633-3670503853-1110@example.com",@"wseremotewebaccessusers@example.com",@"wseallowaddinaccess@example.com",@"wseallowhomepagelinks@example.com",@"exchange trusted subsystem@example.com",@"$i31000-q93gr5525bp9@example.com",@"s-1-5-21-2781488526-1165096633-3670503853-1108@example.com",@"discovery management@example.com",@"s-1-5-21-2781488526-1165096633-3670503853-1109@example.com",@"allowed rodc password replication group@example.com",@"exchange all hosted organizations@example.com",@"public folder management@example.com",@"dnsupdateproxy@example.com",@"wseallowmediaaccess@example.com",@"help desk@example.com",@"domain controllers@example.com",@"s-1-5-21-2781488526-1165096633-3670503853-513@example.com",@"domain computers@example.com",@"schema admins@example.com",@"ras and ias servers@example.com",@"wsemanagedgroups@example.com",@"s-1-5-21-2781488526-1165096633-3670503853-1111@example.com",@"enterprise read-only domain controllers@example.com",@"s-1-5-21-2781488526-1165096633-3670503853-518@example.com",@"s-1-5-21-2781488526-1165096633-3670503853-1112@example.com",@"s-1-5-21-2781488526-1165096633-3670503853-1105@example.com",@"s-1-5-21-2781488526-1165096633-3670503853-572@example.com"
                  +read list = "administrator@example.com"
                  +write list = "don","donadmin@example.com","dexample@example.com","scanuser@example.com","jexample@example.com",@"domain users@example.com"
                  +
----------
          ID: configure_samba_recyclebin_cron
    Function: file.managed
        Name: /etc/cron.daily/openmediavault-samba-recycle
      Result: True
     Comment: File /etc/cron.daily/openmediavault-samba-recycle is in the correct state
     Started: 13:38:16.621158
    Duration: 3.779 ms
     Changes:   
----------
          ID: remove_samba_recyclebin_cron_scripts
    Function: module.run
      Result: True
     Comment: file.find: []
     Started: 13:38:16.626297
    Duration: 2.204 ms
     Changes:   
              ----------
              file.find:
----------
          ID: configure_default_wsdd
    Function: file.managed
        Name: /etc/default/wsdd
      Result: True
     Comment: File /etc/default/wsdd is in the correct state
     Started: 13:38:16.628691
    Duration: 3.348 ms
     Changes:   
----------
          ID: divert_default_wsdd
    Function: omv_dpkg.divert_add
        Name: /etc/default/wsdd
      Result: True
     Comment: Leaving 'local diversion of /etc/default/wsdd to /etc/default/wsdd.distrib'
     Started: 13:38:16.632854
    Duration: 30.3 ms
     Changes:   
----------
          ID: divert_samba_smb_config
    Function: omv_dpkg.divert_add
        Name: /etc/samba/smb.conf
      Result: True
     Comment: Leaving 'local diversion of /etc/samba/smb.conf to /etc/samba/smb.conf.distrib'
     Started: 13:38:16.663669
    Duration: 34.013 ms
     Changes:   
----------
          ID: test_samba_service_config
    Function: cmd.run
        Name: samba-tool testparm --suppress-prompt
      Result: True
     Comment: Command "samba-tool testparm --suppress-prompt" run
     Started: 13:38:16.700812
    Duration: 181.554 ms
     Changes:   
              ----------
              pid:
                  68237
              retcode:
                  0
              stderr:
                  INFO: Current debug levels:
                    all: 10
                    tdb: 10
                    printdrivers: 10
                    lanman: 10
                    smb: 10
                    rpc_parse: 10
                    rpc_srv: 10
                    rpc_cli: 10
                    passdb: 10
                    sam: 10
                    auth: 10
                    winbind: 10
                    vfs: 10
                    idmap: 10
                    quota: 10
                    acls: 10
                    locking: 10
                    msdfs: 10
                    dmapi: 10
                    registry: 10
                    scavenger: 10
                    dns: 10
                    ldb: 10
                    tevent: 10
                    auth_audit: 10
                    auth_json_audit: 10
                    kerberos: 10
                    drs_repl: 10
                    smb2: 10
                    smb2_credits: 10
                    dsdb_audit: 10
                    dsdb_json_audit: 10
                    dsdb_password_audit: 10
                    dsdb_password_json_audit: 10
                    dsdb_transaction_audit: 10
                    dsdb_transaction_json_audit: 10
                    dsdb_group_audit: 10
                    dsdb_group_json_audit: 10
                  lpcfg_do_global_parameter: WARNING: The "encrypt passwords" option is deprecated
                  lpcfg_do_global_parameter: WARNING: The "client use spnego" option is deprecated
                  Processing section "[sdb]"
                  pm_process() returned Yes
                  INFO 2021-10-08 13:38:16,867 pid:68237 /usr/lib/python3/dist-packages/samba/netcmd/testparm.py #96: Loaded smb config files from /etc/samba/smb.conf
                  INFO 2021-10-08 13:38:16,867 pid:68237 /usr/lib/python3/dist-packages/samba/netcmd/testparm.py #97: Loaded services file OK.
              stdout:
                  # Global parameters
                  [global]
                      client use spnego = Yes
                      disable spoolss = Yes
                      encrypt passwords = Yes
                      guest account = nobody
                      kerberos method = secrets and keytab
                      log file = /var/log/samba/log.%m
                      logging = syslog
                      log level = 10
                      max log size = 1000
                      pam password change = Yes
                      panic action = /usr/share/samba/panic-action %d
                      passdb backend = tdbsam
                      passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
                      passwd program = /usr/bin/passwd %u
                      password server = dexta.example.com
                      printcap name = /dev/null
                      realm = EXAMPLE.COM
                      security = ADS
                      server string = %h server
                      socket options = TCP_NODELAY IPTOS_LOWDELAY
                      unix extensions = Yes
                      workgroup = EXAMPLE
                      fruit:aapl = yes
                      aio read size = 16384
                      aio write size = 16384
                      create mask = 0777
                      directory mask = 0777
                      use sendfile = Yes
                  
                  [sdb]
                      create mask = 0664
                      directory mask = 0775
                      force create mode = 0664
                      force directory mode = 0775
                      hide special files = Yes
                      inherit acls = Yes
                      inherit permissions = Yes
                      invalid users = nobody sm_00896c44e6ca4e378@example.com sm_92aebd7159514eedb@example.com sm_4de0cc3fd712416ea@example.com krbtgt@example.com guest@example.com sm_c69700aeff494c3d9@example.com @nogroup "@exchange windows permissions@example.com" @exchangelegacyinterop@example.com "@server management@example.com" "@delegated setup@example.com" "@um management@example.com" @s-1-5-21-2781488526-1165096633-3670503853-512@example.com @winrmremotewmiusers__@example.com @wseremoteaccessusers@example.com "@group policy creator owners@example.com" "@view-only organization management@example.com" "@cloneable domain controllers@example.com" "@hygiene management@example.com" "@protected users@example.com" @s-1-5-21-2781488526-1165096633-3670503853-1113@example.com @s-1-5-21-2781488526-1165096633-3670503853-1106@example.com "@recipient management@example.com" @wseallowdashboardaccess@example.com @wseinvisibletodashboard@example.com @s-1-5-21-2781488526-1165096633-3670503853-1107@example.com "@read-only domain controllers@example.com" "@enterprise admins@example.com" @wseallowcomputeraccess@example.com @dnsadmins@example.com "@cert publishers@example.com" "@domain admins@example.com" "@organization management@example.com" "@exchange servers@example.com" @wseallowshareaccess@example.com "@dhcp users@example.com" "@records management@example.com" @wsealertadministrators@example.com @s-1-5-21-2781488526-1165096633-3670503853-514@example.com "@denied rodc password replication group@example.com" "@dhcp administrators@example.com" @s-1-5-21-2781488526-1165096633-3670503853-519@example.com "@domain guests@example.com" @s-1-5-21-2781488526-1165096633-3670503853-1110@example.com @wseremotewebaccessusers@example.com @wseallowaddinaccess@example.com @wseallowhomepagelinks@example.com "@exchange trusted subsystem@example.com" @$i31000-q93gr5525bp9@example.com @s-1-5-21-2781488526-1165096633-3670503853-1108@example.com "@discovery management@example.com" @s-1-5-21-2781488526-1165096633-3670503853-1109@example.com "@allowed rodc password replication group@example.com" "@exchange all hosted organizations@example.com" "@public folder management@example.com" @dnsupdateproxy@example.com @wseallowmediaaccess@example.com "@help desk@example.com" "@domain controllers@example.com" @s-1-5-21-2781488526-1165096633-3670503853-513@example.com "@domain computers@example.com" "@schema admins@example.com" "@ras and ias servers@example.com" @wsemanagedgroups@example.com @s-1-5-21-2781488526-1165096633-3670503853-1111@example.com "@enterprise read-only domain controllers@example.com" @s-1-5-21-2781488526-1165096633-3670503853-518@example.com @s-1-5-21-2781488526-1165096633-3670503853-1112@example.com @s-1-5-21-2781488526-1165096633-3670503853-1105@example.com @s-1-5-21-2781488526-1165096633-3670503853-572@example.com
                      path = /srv/dev-disk-by-uuid-dddc6d8d-cbc7-4e9b-8652-8e26308b0769/
                      read list = administrator@example.com
                      read only = No
                      valid users = don administrator@example.com donadmin@example.com dexample@example.com scanuser@example.com jexample@example.com "@domain users@example.com"
                      vfs objects = fruit streams_xattr
                      write list = don donadmin@example.com dexample@example.com scanuser@example.com jexample@example.com "@domain users@example.com"
                      fruit:time machine = yes
                      fruit:resource = file
                      fruit:metadata = netatalk
                      fruit:locking = none
                      fruit:encoding = private
----------
          ID: start_samba_service
    Function: service.running
        Name: smbd
      Result: False
     Comment: Job for smbd.service failed because the control process exited with error code.
              See "systemctl status smbd.service" and "journalctl -xe" for details.
     Started: 13:38:17.503446
    Duration: 463.467 ms
     Changes:   
----------
          ID: start_samba_service_nmbd
    Function: service.running
        Name: nmbd
      Result: False
     Comment: One or more requisite failed: omv.deploy.samba.default.start_samba_service
     Started: 13:38:17.968921
    Duration: 0.017 ms
     Changes:   
----------
          ID: start_wsdd_service
    Function: service.running
        Name: wsdd
      Result: True
     Comment: Service wsdd is already enabled, and is running
     Started: 13:38:17.969107
    Duration: 200.994 ms
     Changes:   
              ----------
              wsdd:
                  True

Summary for debian
------------
Succeeded: 9 (changed=5)
Failed:    2
------------
Total states run:    11
Total run time:   1.811 s
root@omv6:~#

Display More

Sorry for the formatting if it didn't work.

smbd not starting is the problem.

Code

root@omv6:~# systemctl status smbd.service
● smbd.service - Samba SMB Daemon
     Loaded: loaded (/lib/systemd/system/smbd.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Fri 2021-10-08 13:38:18 MDT; 15min ago
       Docs: man:smbd(8)
             man:samba(7)
             man:smb.conf(5)
    Process: 68280 ExecStartPre=/usr/share/samba/update-apparmor-samba-profile (code=exited, status=0/SUCCESS)
    Process: 68287 ExecStart=/usr/sbin/smbd --foreground --no-process-group $SMBDOPTIONS (code=exited, status=255/EXCEPTION)
   Main PID: 68287 (code=exited, status=255/EXCEPTION)
     Status: "Starting process..."
        CPU: 214ms

Oct 08 13:38:18 omv6 smbd[68287]: [2021/10/08 13:38:18.432590,  5, pid=68287, effective(0, 0), real(0, 0)] ../../source3/passdb/pdb_util.c:205(create_builtin_guests)
Oct 08 13:38:18 omv6 smbd[68287]:   create_builtin_guests: Failed to create Guests
Oct 08 13:38:18 omv6 smbd[68287]: [2021/10/08 13:38:18.432667,  4, pid=68287, effective(0, 0), real(0, 0)] ../../source3/smbd/sec_ctx.c:437(pop_sec_ctx)
Oct 08 13:38:18 omv6 smbd[68287]:   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
Oct 08 13:38:18 omv6 smbd[68287]: [2021/10/08 13:38:18.432741,  3, pid=68287, effective(0, 0), real(0, 0)] ../../source3/auth/token_util.c:786(finalize_local_nt_token)
Oct 08 13:38:18 omv6 smbd[68287]:   Failed to check for local Guests membership (NT_STATUS_INVALID_PARAMETER_MIX)
Oct 08 13:38:18 omv6 smbd[68287]: [2021/10/08 13:38:18.432827,  0, pid=68287, effective(0, 0), real(0, 0), class=auth] ../../source3/auth/auth_util.c:1410(make_new_session_inf>
Oct 08 13:38:18 omv6 smbd[68287]:   create_local_token failed: NT_STATUS_INVALID_PARAMETER_MIX
Oct 08 13:38:18 omv6 smbd[68287]: [2021/10/08 13:38:18.432907,  0, pid=68287, effective(0, 0), real(0, 0)] ../../source3/smbd/server.c:2052(main)
Oct 08 13:38:18 omv6 smbd[68287]:   ERROR: failed to setup guest info.

Display More

Thanks

donh · Oct 8th 2021

I have a 6 beta connected to my ad server. I used this and may have made some edits. RE: Active Directory / LDAP Revisited Users and groups show in shares etc. I can access and open files but not save them yet. When I try to add security = ads to smb extras in the web ui I get a 500 internal server error. Diagnostics only shows "Please apply the config change first".

As far as I can see security = ads is still a valid argunent. https://www.samba.org/samba/do…/man-html/smb.conf.5.html

Thanks

donh · Oct 7th 2021

Is something inspecting for viruses or security? Some are in effect man in the middle inspection. In firefox right click the lock symbol left of the url. Should show details. Here is what the first few lines look like for me.

Common Name forum.openmediavault.org

Country US

Organization Let's Encrypt

Common Name R3

ValidityNot before Tue, 07 Sep 2021 00:13:21 GMT

Not after Mon, 06 Dec 2021 00:13:20 GMT

...

donh · Sep 24th 2021

Well I tried but I doubt my knowledge at this level.

To the op I made a proxmox snapshot of my omv and installed ntp. It said it removed

The following packages will be REMOVED:

chrony openmediavault openmediavault-snmp

The following NEW packages will be installed:

libopts25 ntp

Try removing and installing those and cross your fingers. It didn't work for me but I have some customizations so not 100% stock. Rolled back and all is fine again.

donh · Sep 24th 2021

I think apt can block installation and removal of packages.

https://www.tecmint.com/disabl…pdates-ubuntu-debian-apt/

Maybe it could block removal of OMV or prevent ntp. Maybe other packages as might be appropriate too.

Posts by donh

New openmediavault-kvm plugin

Help with OMV on ESXi please?

Help with OMV on ESXi please?

OMV6 connect to windows 2012 Active Directory

OMV6 connect to windows 2012 Active Directory

OMV6 connect to windows 2012 Active Directory

OMV6 connect to windows 2012 Active Directory

OMV6 connect to windows 2012 Active Directory

OMV6 connect to windows 2012 Active Directory

OMV6 connect to windows 2012 Active Directory

omv-extras plugins - porting progress to OMV 6.x

FTP scan from Lexmark to OMV5 folder

OMV6 connect to windows 2012 Active Directory

OMV6 connect to windows 2012 Active Directory

OMV6 connect to windows 2012 Active Directory

OMV6 connect to windows 2012 Active Directory

OMV6 connect to windows 2012 Active Directory

Website and forum expired root Certificate

OMV 5.5.11 removed after installing ntp

OMV 5.5.11 removed after installing ntp