[Samba] getting error Ignoring parameter browse directory and winbind sequence directory

[VigneshDhanraj G]

Hi team,

I am using samba 4.0.25, while connecting to the AD kinit fails by giving
the following error.

testparm output
Unknown parameter encountered: "browse directory"
Ignoring unknown parameter "browse directory"
Unknown parameter encountered: "winbind sequence directory"
Ignoring unknown parameter "winbind sequence directory"

But i have another device which is running the same version of samba same
smb.conf but that not showing this error

please, figure out this issue.


Regards,

Vigneshdhanraj G
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

[Rowland Penny]

On 21/09/15 10:48, VigneshDhanraj G wrote:
> Hi team,
>
> I am using samba 4.0.25, while connecting to the AD kinit fails by giving
> the following error.
>
> testparm output
> Unknown parameter encountered: "browse directory"
> Ignoring unknown parameter "browse directory"
> Unknown parameter encountered: "winbind sequence directory"
> Ignoring unknown parameter "winbind sequence directory"
>
> But i have another device which is running the same version of samba same
> smb.conf but that not showing this error
>
> please, figure out this issue.
>
>
> Regards,
>
> Vigneshdhanraj G

Can you upgrade your Samba version ? 4.0 went EOL at the beginning of
August.

If you cannot upgrade or upgrading doesn't fix the issue, can you please
tell us what OS you are using and also post your smb.conf

Rowland

[VigneshDhanraj G]

I am using debian wheezy and

available= yes
restrict anonymous= 0
server string= VIGNESH
Workgroup= WORKGROUP
security= user
domain master= auto
preferred master= auto
local master= yes
os level= 20
invalid users= bin daemon adm sync shutdown halt mail news uucp gopher
map to guest= Bad User
host msdfs= yes
strict allocate= yes
encrypt passwords= yes
passdb backend= smbpasswd
printcap name= lpstat
printable= no
load printers= yes
max smbd processes= 500
getwd cache= yes
syslog= 0
use sendfile= yes
browse directory= /tmp/samba
winbind sequence directory= /tmp/samba
log level= 0
max log size= 50
unix extensions= no
veto files= /.AppleDouble/.AppleDB/.bin/.AppleDesktop/Network Trash
Folder/Temporary Items/:2eDS_Store/
dos charset= ascii
state directory= /mnt/system/samba/system

[VigneshDhanraj G]

i am using krb5-user package from debian. Is browse directory and winbind
sequence directory is supported by samba??

If not what is the alternative for these?? please help me regarding this
issue.

[Rowland Penny]

You can very easily upgrade Samba to 4.1.17 by adding backports to your
/etc/apt/sources.list file

However, if that is your *exact* smb.conf, well, it is the weirdest one
I have ever seen. If you remove all the defaults, you end up with this:

server string= VIGNESH
Workgroup= WORKGROUP

invalid users= bin daemon adm sync shutdown halt mail news uucp gopher
map to guest= Bad User

strict allocate= yes

passdb backend= smbpasswd
printcap name= lpstat

max smbd processes= 500

syslog= 0
use sendfile= yes

max log size= 50
unix extensions= no
veto files= /.AppleDouble/.AppleDB/.bin/.AppleDesktop/Network Trash
Folder/Temporary Items/:2eDS_Store/
dos charset= ascii
state directory= /mnt/system/samba/system

There are also these two lines, the left hand side commands do not seem
to exist.

browse directory= /tmp/samba
winbind sequence directory= /tmp/samba

You don't seem to have '[global]' or any shares, it seems to refer to a
standalone server. It also doesn't seem to have any of the lines needed
to connect to an AD DC.

I would suggest you go and have a read here:
https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server

[VigneshDhanraj G]

Thanks Rowland.

I will try to upgrade samba. I removed that two lines browse directory and
winbind sequence directory from smb.conf now it is working fine.

can i upgrade samba from 4.0.25 to latest samba 4.3.0 or upgrade to 4.1.17?

Regards,

Vigneshdhanraj G

[Rowland Penny]

On 23/09/15 11:01, VigneshDhanraj G wrote:
> Thanks Rowland.
>
> I will try to upgrade samba. I removed that two lines browse directory
> and winbind sequence directory from smb.conf now it is working fine.
>
> can i upgrade samba from 4.0.25 to latest samba 4.3.0 or upgrade to
> 4.1.17?
>
> Regards,
>
> Vigneshdhanraj G
>
> On Mon, Sep 21, 2015 at 4:16 PM, Rowland Penny

> <rowlandpe...@gmail.com <mailto:rowlandpe...@gmail.com>>

You should be able to update to either, but I would go to 4.1.17 first

[VigneshDhanraj G]

Hi Rowland,

I updated samba from 40.25 to 4.1.20, now ftp is not working.

[Rowland Penny]

On 09/10/15 15:28, VigneshDhanraj G wrote:
> Hi Rowland,
>
> I updated samba from 40.25 to 4.1.20, now ftp is not working.
>

Very cryptic, why isn't ftp working ?
ftp is not part of Samba, but should work with it.
Have you changed your smb.conf to something that looks like the one here:

https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server

Is the computer joined to the domain?

[VigneshDhanraj G]

Hi Rowland,

Thanks for the help.

Yes, Joined to the domain, ftp uses pam authentication. After upgrading
samba i found ftp pam authentication not working

/etc/pam.d/ftp contains

#%PAM-1.0
auth sufficient /lib/security/pam_smbpass.so
auth sufficient /lib/security/pam_winbind.so cached_login
auth required /lib/security/pam_winbind.so krb5_auth
account required /lib/security/pam_nologin.so
account sufficient /lib/security/pam_smbpass.so
account required /lib/security/pam_winbind.so
password sufficient /lib/security/pam_smbpass.so
password required /lib/security/pam_winbind.so
session required /lib/security/pam_unix.so

here, we want to change anything?

Regards,

Vigneshdhanraj


On Mon, Oct 12, 2015 at 12:54 PM, VigneshDhanraj G <
vigneshd...@gmail.com> wrote:

> Hi Rowland,
> Yes, Joined to the domain, ftp uses pam authentication. After upgrading
> samba

[VigneshDhanraj G]

Hi Rowland,
Yes, Joined to the domain, ftp uses pam authentication. After upgrading
samba

On Fri, Oct 9, 2015 at 8:08 PM, Rowland Penny <rowlandpe...@gmail.com>
wrote:

[Rowland Penny]

On 12/10/15 08:27, VigneshDhanraj G wrote:
> Hi Rowland,
>

> Thanks for the help.
>
> Yes, Joined to the domain, ftp uses pam authentication. After
> upgrading samba i found ftp pam authentication not working
>
> /etc/pam.d/ftp contains
>
> #%PAM-1.0
> auth sufficient /lib/security/pam_smbpass.so
> auth sufficient /lib/security/pam_winbind.so cached_login
> auth required /lib/security/pam_winbind.so krb5_auth
> account required /lib/security/pam_nologin.so
> account sufficient /lib/security/pam_smbpass.so
> account required /lib/security/pam_winbind.so
> password sufficient /lib/security/pam_smbpass.so
> password required /lib/security/pam_winbind.so
> session required /lib/security/pam_unix.so
>
> here, we want to change anything?
>
>

OK, I have installed proftpd on a Debian Jessie Samba 4.3.0 domain
member and set it up to use AD for authentication and it works for me
(note, I did not use ldap authentication, I used PAM)

My PAM setup is this:

/etc/pam.d/proftpd

auth required pam_listfile.so item=user sense=deny
file=/etc/ftpusers onerr=succeed
@include common-auth
@include common-account
@include common-session

/etc/pam.d/common-auth

auth [success=3 default=ignore] pam_krb5.so minimum_uid=1000
auth [success=2 default=ignore] pam_unix.so nullok_secure
try_first_pass
auth [success=1 default=ignore] pam_winbind.so krb5_auth
krb5_ccache_type=FILE cached_login try_first_pass
auth requisite pam_deny.so
auth required pam_permit.so

/etc/pam.d/common-account

account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so
account [success=1 new_authtok_reqd=done default=ignore] pam_winbind.so
account requisite pam_deny.so
account required pam_permit.so
account required pam_krb5.so minimum_uid=1000

/etc/pam.d/common-session

session [default=1] pam_permit.so
session requisite pam_deny.so
session required pam_permit.so
session optional pam_krb5.so minimum_uid=1000
session required pam_unix.so
session optional pam_winbind.so
session optional pam_ck_connector.so nox11

My /etc/proftpd/proftpd.conf # most of the commented lines removed

# Includes DSO modules
Include /etc/proftpd/modules.conf

UseIPv6 off
IdentLookups off

ServerName "My Server Name"
ServerType standalone
DeferWelcome off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks on

TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200

DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"

DenyFilter \*.*/

DefaultRoot ~

Port 21

<IfModule mod_dynmasq.c>
# DynMasqRefresh 28800
</IfModule>

MaxInstances 30

User proftpd
Group nogroup
Umask 022 022
AllowOverwrite on
PersistentPasswd off

# This is required to use both PAM-based authentication and local passwords
AuthOrder mod_auth_pam.c* mod_auth_unix.c
AuthPAMConfig proftpd
AuthPAM On

TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log

<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>

<IfModule mod_ratio.c>
Ratios off
</IfModule>

<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine off
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>

Include /etc/proftpd/conf.d/

[VigneshDhanraj G]

Even basic authentication is not working. which works on 4.0.25 after
upgrade it fails. i uses same proftpd.conf same as yours. my /etc/pam.d/ftp
is
auth sufficient /lib/security/pam_smbpass.so
account required /lib/security/pam_nologin.so
account required /lib/security/pam_smbpass.so
password required /lib/security/pam_smbpass.so
session required /lib/security/pam_unix.so

after i disabled AD connection. Basic authentication also fails.