3 posts were split to a new topic: Access only by NETBIOS\user
There is a new Upgrade tool beta 2 version available from nethserver-testing (6.10)
There are some packages to update: http://dev.nethserver.org/projects/nethserver/issues?query_id=27
After installing the Upgrade tool run:
yum --enablerepo=nethserver-testing update
Then proceed with the Prepare step as usual.
3 Likes
New release is coming: I’m testing the ns6 upgrade tool against 7.6
1 Like
The upgrade tool “beta 2” has been released in ns 6.10 repositories
This weekend I fired off the upgrade on a production 6.9 mail and web server.
I would rate it at 98%+ successful, enough that I kept in online @ 7.6.1810 final.
Root dir had only 44mb available, had to remove 12 kernels to fire upgrade.
Since it was a web server with file server, it required adding an interface for the samba dc upgrade… that required some thought because I already have a NS DC on the local network but on another subnet. Not really an issue.
That also killed access to a created share that was hosting a deprecated website. I haven’t worked that out yet, low priority.
The upgrade did knock out 10% of the users passwords… set them back to unset, as if newly created, once a password was set, access to mail was reacquired.
Some 50% of mail filters created with roundcube were broken.
Spam and Virus filters were fine but it wipe out my list of banned files… annoying, I haven’t a copy and I had about 30 file extension in the list.
Backups were successful though restore hasn’t been tested, it appears the data is available for restore, I use vm copies distributed around as well.
Still has messed up time in the dashboard for the cron that came with the last backup update.
Statistics are fine.
Only fail/error found was for the ntop db, I had removed ntop because it wasn’t being used and its db file was getting up to 6GB.
I call it a success and nobody in that office noticed today so there ya go.
4 Likes
Regarding the share on this upgraded server… I can’t access it from win10 non-joined or ubuntu non-joined, win10 will not even show the shares but ubuntu does list the shares in nautilus, I created another share, I can’t access that one either from any clients.
Both the shares, the one created before the upgrade and the one I created as a test after the upgrade, post several reboots… are being created by root, instead of administrator@domain. That doesn’t seem right, the group is correct, but the owner is root on the upgraded server. I also realized the administrator password wasn’t set, I set a pwd, even rebooted the server, but shares are still created as owned by root.
Hi @fasttech
After upgrade have you check initialization with command systemd-analyze ?
If it was ok, how are you trying to access to shares?
I’ve updated 5 servers from 6.10 to 7.5 and then 7.6 and I haven’t got any problem with non-joined computers.
You can access to share with NETBIOS\username or username@ad.domain.ext and user password.
You shouldn’t have problem.
For website access, you can try to migrate folder to a Virtual Host (and then if u have to access files from external network without VPN you can connect Nextcloud to SMB share and connect with it).
I suggest you also to re-set permissions on shares with server manager.
1 Like
Well I see it’s not an issue of root ownership. The other 7.6 server on the other subnet is also creating shares as root and I can access those from the same clients, not sure how the original shares on the other server were created as administrator since I’m always logging in as root on these.
I agree. Please look also at Shared folders — NethServer 7 Final to allow members of Domain Admins to impersonate “root” over SMB connections. Once they’re granted file ownership they have full control over them.
See also
http://docs.nethserver.org/en/v7/shared_folder.html#change-resource-permissions-from-windows-clients
Apart from typing the user name as described by @federico.ballarini and the manual, how do you access the share?
\\192.168.1.2\sharename
or
\\myserver\sharename
I suggest to try the latter. Check that “myserver” actually resolves to “192.168.1.2”.
Also ensure that “myserver” is listed in klist -k output as “host/myserver@ADREALM”…
1 Like
As I said, I can’t access the share, it doesn’t matter if it’s ip or hostname. I’m trying to ascertain if this is a networking issue.
… pasted from wrong machine… grrrr.
What is the hostname command output?
Mixed case keytab entries could lead to troubles.
Do you have an old XP client to make a connection test? Otherwise you can reproduce old protocol connections following these instructions:
- copy
smb.confto the local directory - edit it and set
client NTLMv2 auth = yes - run
smbclient -s ...
smbclient -U 'DPNET\davidep%Nethesis,1234' -s smb.conf //192.168.122.8/iba1
@davidep I can’t believe it, I totally posted the output from the wrong machine… this is the upgraded, problem instance. Sorry about that.
[root@server9b ~]# hostname
server9b.mydomain.com
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
2 host/server9b.mydomain.com@AD.mydomain.COM
2 host/SERVER9B@AD.mydomain.COM
2 host/server9b.mydomain.com@AD.mydomain.COM
2 host/SERVER9B@AD.mydomain.COM
2 host/server9b.mydomain.com@AD.mydomain.COM
2 host/SERVER9B@AD.mydomain.COM
2 host/server9b.mydomain.com@AD.mydomain.COM
2 host/SERVER9B@AD.mydomain.COM
2 host/server9b.mydomain.com@AD.mydomain.COM
2 host/SERVER9B@AD.mydomain.COM
2 SERVER9B$@AD.mydomain.COM
2 SERVER9B$@AD.mydomain.COM
2 SERVER9B$@AD.mydomain.COM
2 SERVER9B$@AD.mydomain.COM
2 SERVER9B$@AD.mydomain.COM
2 smtp/server9b.mydomain.com@AD.mydomain.COM
2 smtp/SERVER9B@AD.mydomain.COM
2 smtp/server9b.mydomain.com@AD.mydomain.COM
2 smtp/SERVER9B@AD.mydomain.COM
2 smtp/server9b.mydomain.com@AD.mydomain.COM
2 smtp/SERVER9B@AD.mydomain.COM
2 smtp/server9b.mydomain.com@AD.mydomain.COM
2 smtp/SERVER9B@AD.mydomain.COM
2 smtp/server9b.mydomain.com@AD.mydomain.COM
2 smtp/SERVER9B@AD.mydomain.COM
2 pop/server9b.mydomain.com@AD.mydomain.COM
2 pop/SERVER9B@AD.mydomain.COM
2 pop/server9b.mydomain.com@AD.mydomain.COM
2 pop/SERVER9B@AD.mydomain.COM
2 pop/server9b.mydomain.com@AD.mydomain.COM
2 pop/SERVER9B@AD.mydomain.COM
2 pop/server9b.mydomain.com@AD.mydomain.COM
2 pop/SERVER9B@AD.mydomain.COM
2 pop/server9b.mydomain.com@AD.mydomain.COM
2 pop/SERVER9B@AD.mydomain.COM
2 imap/server9b.mydomain.com@AD.mydomain.COM
2 imap/SERVER9B@AD.mydomain.COM
2 imap/server9b.mydomain.com@AD.mydomain.COM
2 imap/SERVER9B@AD.mydomain.COM
2 imap/server9b.mydomain.com@AD.mydomain.COM
2 imap/SERVER9B@AD.mydomain.COM
2 imap/server9b.mydomain.com@AD.mydomain.COM
2 imap/SERVER9B@AD.mydomain.COM
2 imap/server9b.mydomain.com@AD.mydomain.COM
2 imap/SERVER9B@AD.mydomain.COM
2 cifs/server9b.mydomain.com@AD.mydomain.COM
2 cifs/SERVER9B@AD.mydomain.COM
2 cifs/server9b.mydomain.com@AD.mydomain.COM
2 cifs/SERVER9B@AD.mydomain.COM
2 cifs/server9b.mydomain.com@AD.mydomain.COM
2 cifs/SERVER9B@AD.mydomain.COM
2 cifs/server9b.mydomain.com@AD.mydomain.COM
2 cifs/SERVER9B@AD.mydomain.COM
2 cifs/server9b.mydomain.com@AD.mydomain.COM
2 cifs/SERVER9B@AD.mydomain.COMCan you check if in your “Services” page there is something stopped (like postgresql)?
@federico.ballarini
There’s no postgre…
only stopped services are the expected ones, lsm ftp… it’d be a pretty broken mail server otherwise…
Hi @fasttech. I’ve upgraded 5 servers and never have got problem… this is strange.
When you access directory from client can you check log on server to see if there is something interesting (messages.log and smbd.log)
@federico.ballarini
I can’t tell you how frustrating it is to troubleshoot with the logs, there are about 40 different log files related to samba and I’ve had about zero luck troubleshooting anything using them over the last couple of years. I’ve got one problem with one server I’ve been fighting for a long time and have never seen anything in log after log trying to get a hint of the problem.
Now samba audit works great… if the machine connected… but then there’s no problem is there…
1 Like
Time has passed and many successful cases were reported. Now we’re fixing a couple of minor bugs.
…but I think it’s time to remove the Beta wording. What do you think?
5 Likes
Yes!!!
Yes!!!
1 Like