Backup failure post samba update

Yesterday I updated a local network with 3 NS 7 installs.
2 of the NS backup to the 3rd by cifs.
Both of last night’s backups failed because of a default change from smbv1.

Any thoughts? Don’t tell me I suck and run an insecure network. nobody respects what I do, everyone has an opinion and I only have so much time and resources available, I’m doing the best I can.
I don’t really want to push the servers back down to v1, so how do you guys think I should handle this, change over to the nfs option?
If I remember correctly cifs is only using smbv1.
If I remember correctly, this samba update deprecates smbv1.
Should we even be offering the cifs option in backup anymore if our install of samba now deprecates smbv1?

Aug  3 19:15:22 server5 esmith::event[20009]: Event: pre-backup-data SUCCESS
Aug  3 19:15:23 server5 kernel: Key type dns_resolver registered
Aug  3 19:15:23 server5 kernel: Key type cifs.spnego registered
Aug  3 19:15:23 server5 kernel: Key type cifs.idmap registered
Aug  3 19:15:23 server5 kernel: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3 (or SMB2.1) specify vers=1.0 on mount.
Aug  3 19:15:23 server5 kernel: Status code returned 0xc000006d STATUS_LOGON_FAILURE
Aug  3 19:15:23 server5 kernel: CIFS VFS: Send error in SessSetup = -13
Aug  3 19:15:23 server5 kernel: CIFS VFS: cifs_mount failed w/return code = -13
Aug  3 19:15:23 server5 kernel: Status code returned 0xc000006d NT_STATUS_LOGON_FAILURE
Aug  3 19:15:23 server5 kernel: CIFS VFS: Send error in SessSetup = -13

Hi
I plan and run quite a few networks for clients, almost all use NethServer / AD as their main network server. I do prefer using a decent NAS for backups - and i also prefer using NFS.

Simply put: NFS ist UNIX/Linux standard for more than a few years (check it out, NFS is VERY old) - and is by resources usage by far the most efficient network filing protocoll for anything UNIX/Linux based. Samba eats up a lot of overhead.

Then again, the NAS I use (mostly Synology) use Linux inside, so is NethServer. Why bother using a foreign language (CIFS is Samba…) to talk to someone who speaks your mother tongue?

-> Switch over to NFS, and don’t worry about CIFSv1! Set your NFS per host to be on the safe side!

I use mainly NFSv3, not NFSv4 - that comes with too much overhead for what I need it…
NethServer can do NFS just fine, see also https://wiki.nethserver.org/doku.php?id=nfs PlugIns…

My 2 cents
Andy

@fasttech
https://community.nethserver.org/t/after-yum-upgrade-shares-no-more-accessible/
Do you think it’s related with your issue?

Anyway: SMBv1 should be tossed away from any installation as soon as possible…

@pike
Quite agree about SMBv1, but I don’t think changing rules in the middle of a game is a good idea either.
Happens a lot with Samba.
A few years back, i was still using SME-Server (NethServer predecessor), the Samba Team decided to change the codepage from ISO8859-1 or whatever to UTF8 - in the middle of a running update, not a major upgrade!
That invalidated ALL user accounts held in Samba and also connections to MS AD were fu*ked up…

My 2 cents
Andy

My bad… i was talking as user perspective, not as developer perspective.
SMBv1 is “out of support” for Microsoft since XP/2003 went out of support, due to SMBv2 support available in Vista/2008 Server version 2.0.2 and 7/2008 R2 Server version 2.1 (which soon are going out of support)
From February 2020 only SMB 2.1-enabled OS on microsoft side will receive patches, as still SMBv1 support is still available as manual install feature on Windows 10 (even the recent 1903).

@pike

That recent 1903 update removed all SNMP IPs and Traps I use for Monitoring - on 10 PCs at one client - and all Win10 PCs so far…
Another “great” update. Also removed all Dictation folders and reset them to some local C: subfolder for a Dictation programm.
Love that kind of additional work - sarcasm dripping…
:slight_smile:

The backup mount command already tries to fallback to v1. See: https://github.com/NethServer/nethserver-backup-data/blob/master/root/etc/e-smith/events/actions/mount-cifs#L78

You probably hit the issue reported by @pike. Could you please describe your Samba configuration on the other thread?

1 Like

Please post the output of

[root@neth ~]# alternatives --list | grep -E '(cifs|libwb)'
cifs-idmap-plugin	manual	/usr/lib64/cifs-utils/idmapwb.so
libwbclient.so.0.14-64	manual	/usr/lib64/samba/wbclient/libwbclient.so.0.14

To workaround the issue try:

signal-event nethserver-samba-update

Run again

 alternatives --list | grep -E '(cifs|libwb)

…and compare with previous output

See also

Oh, well the first thing I did was check share availability on the NS server (basically serving nas functionality) that backups are pointed to and the 2 win 10 clients I checked were able to access the shares fine. The win 10 clients only connect by user/password they’re not ad members. So I though it an issue with backup and cifs.

I have 2 NS to backup to a 3rd NS via cifs.

I assume this is a client issue.

How should I apply the event? To one client or to one client and the backup server…? Just to see if the client with the signal event successfully mounts and the other client as a base ref.

It’s safe to run it on both sides. It just fixes alternatives configuration and restart services.

1 Like

So, neither of the clients have that directory so I can’t run that, but the server does.
As I recall, both of the clients are upgrades from NS6 installs and the server is a bare metal NS7 install.

is it enough to fix the issue?

Otherwise paste the output of this command from clients

It’s the clients trying to mount… I don’t see how that would work but I’ll try it tonight.

@davidep

Success!

Aug  6 19:30:12 server2c esmith::event[407]: Event: pre-backup-data SUCCESS
Aug  6 19:30:12 server2c kernel: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3 (or SMB2.1) specify vers=1.0 on mount.
Aug  6 19:35:04 server2c systemd: Created slice User Slice of apache.
Aug  6 19:35:04 server2c systemd: Started Session 1025 of user apache.
Aug  6 19:35:22 server2c systemd: Removed slice User Slice of apache.
Aug  6 19:40:02 server2c systemd: Created slice User Slice of apache.
Aug  6 19:40:02 server2c systemd: Started Session 1026 of user apache.
Aug  6 19:40:20 server2c systemd: Removed slice User Slice of apache.
Aug  6 19:45:01 server2c systemd: Created slice User Slice of apache.
Aug  6 19:45:01 server2c systemd: Started Session 1027 of user apache.
Aug  6 19:45:22 server2c systemd: Removed slice User Slice of apache.
Aug  6 19:47:30 server2c esmith::event[1804]: Event: post-backup-data backup-data
Aug  6 19:47:31 server2c esmith::event[1804]: Action: /etc/e-smith/events/post-backup-data/S20nethserver-backup-config-push2history SUCCESS [1.042655]
Aug  6 19:47:32 server2c esmith::event[1804]: Action: /etc/e-smith/events/post-backup-data/S50mysql-delete-dumped-tables SUCCESS [0.06737]
Aug  6 19:47:32 server2c esmith::event[1804]: Action: /etc/e-smith/events/post-backup-data/S70cleanup-data-duplicity SUCCESS [0.079445]
Aug  6 19:47:32 server2c esmith::event[1804]: Action: /etc/e-smith/events/post-backup-data/S70cleanup-restore-index SUCCESS [0.097537]
Aug  6 19:47:32 server2c esmith::event[1804]: Event: post-backup-data SUCCESS
1 Like