Jonathan Gazeley

Upgrading samba breaks it

I have a samba fileserver which has been happily running for a couple of years with identical config but on different versions of samba, and on Fedora and CentOS.

The latest incarnation was running samba 3.2.11.

But the other day, my samba package was upgraded to 3.4.1

Samba shares on the server immediately stopped working and access is immediately denied to all users.

I looked at the config and nothing has changed during the upgrade.

I looked at the logs and no access attempts are recorded; no errors are logged.

I noticed that the new template config file is a little different from previous versions, so I made the necessary changes and migrated my config to the new file. No change to samba’s behaviour at all.

For a while I wondered if I had a rogue samba server on my network, but stopping my samba service causes requests to time out rather than be denied. So it’s definitely my samba daemon that’s responding, but goodness knows why it behaving like this.

Restarting samba puts the following in the log file:

[2009/10/02 10:33:54,  0] smbd/server.c:1065(main)
smbd version 3.4.1-0.41.fc11 started.
Copyright Andrew Tridgell and the Samba Team 1992-2009
[2009/10/02 10:33:54,  0] smbd/server.c:457(smbd_open_one_socket)
smbd_open_once_socket: open_socket_in: Address already in use
[2009/10/02 10:33:54,  0] smbd/server.c:457(smbd_open_one_socket)
smbd_open_once_socket: open_socket_in: Address already in use

I will keep hunting until I find what’s caused this. Unfortunately I can’t watch any of my recorded TV programmes until then!

I’ll post back here when I’ve tracked it down.

Update: I managed to get Samba working again. Sort of. This is a snippet from my now-working smb.conf:

# ----------------------- Standalone Server Options ------------------------
#
# Scurity can be set to user, share(deprecated) or server(deprecated)
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.

security = user
#       passdb backend = tdbsam
passdb backend = smbpasswd

As you can see, I simply reverted to the older smbpasswd authentication after yum upgraded Samba and switched to tdbsam and my shares magically sprung back to life. It’s a shame, because I don’t like going backwards. I like going forwards – hence I run Fedora.

I can confirm that this “fix” works with the latest version of Samba at the time of writing – version 3.4.2.

So despite the claim that tdbsam requires no extra configuration, clearly there’s more to it than that. I will once again post back here when I’ve found a way to enable tdbsam without breaking everything. 🙂

An imposter

That Doesn’t Fit: Make an image where something doesn’t fit. An odd one out from a set of objects. Or a situation containing a visual version of a non sequitur.

SSH tunnelling to your home network

SSH tunelling is no big secret, and there are loads of guides out there that explain how it is done in generic terms. This guide is slightly different, as it explains how to tunnel to hosts that are not publicly addressable.

For example, if you have a Linux server as your home network gateway then you can simply open ports on it, e.g. port 80 for a web server.

If you want to access a service on a computer on your network other than your server, you will have to set up port forwarding.

But there’s another way. Today while I was at work, I needed to change something on my home network printer’s web interface. The printer has a private IP address in the range 192.168.0.0/24 and there is no port forwarding set up (why would I want to share my printer’s control panel on the internet?).

Supposing my server is called jonathangazeley.com then I can enter a command like this from my work PC:

ssh -f jonathan@jonathangazeley.com -L 2000:192.168.0.105:80 -N

This command sets up port 2000 on localhost to point to port 80 on my printer at home.

Then I open my browser at work and navigate to http://localhost:2000

Hey presto, I can now see my printer’s config page remotely. As a nice by-product, the connection is also encrypted by the ssh protocol.

Configuring sendmail to use a Smart Host

Chances are if you have a Linux server in your home, you’ll want it to be able to send you emails, e.g. its daily logwatch or the output from cron jobs.

But most ISPs block SMTP so you can’t directly send emails from your server to wherever they need to go, which is what the default config of sendmail does.

So you need to tell sendmail to forward its mail through something called a Smart Host, which is just an SMTP server that your ISP runs.

First, find out from your ISP what their Smart Host or SMTP server is called. This is usually available somewhere on their website.

Now open up /etc/mail/sendmail.mc for editing. Locate the following block, remove the dnl markers and change the name of the server to match your ISP’s.

dnl # Uncomment and edit the following line if your outgoing mail needs to
dnl # be sent out through an external mail server:
dnl #
define(`SMART_HOST', `mail.my-isp.com')

After editing, you have to run the /etc/mail/make program to write the sendmail config file. Then restart the sendmail daemon.

service sendmail restart

Your server is now capable of sending outoing mail through an external mail server. But there’s one final tweak. Open /etc/aliases and change the very last line so that you receive root’s mail.

# Person who should get root's mail
root:           me@jonathangazeley.com

More experiments with film

After reasonable success with my first roll of film, I’ve now had my second roll developed. Here are the best shots from that selection.

I’m rather pleased with the compositions and the way the lens behaves. But I’m not so keen on the noise in dark areas of the film, so next time I will try a lower ISO film. These were shot with ISO400, and next time I will try ISO200. Watch this space!

Information overload

They are always talking about information overload when working in IT.

So imagine the explosion that nearly occurred in my head when I took a break from writing perl, stepped out of my office, and saw this…

Post Office woes

The Post Office really is an inconvenient organisation.

Last night I sold two items on eBay and consequently had two (fairly large) parcels to post. This was around 9pm so I put the parcels to one side, and decided to post them on my way to work in the morning – pushing my bike and carrying the parcels to the post office on Lodge Causeway – around half a mile away from my home.

When I got there, the post office was shut and there was no visible sign with the opening hours, because the shutters were opaque. Useless.

I didn’t know the whereabouts of any other post offices in the area, so I decided to proceed onwards on my bike, and post the parcels in Broadmead – which is on my route to work, although around 5 miles away.

So I cycled cautiously and slowly, and eventually arrived at Broadmead, thankfully not having dropped either of the parcels. I got to the post office around 9am, but according to the sign, it doesn’t open until 9:30am. Useless!

Of course these post offices both shut at the end of the working day too, so I have no way of posting anything unless I take time out of my working day – and since the Queens Road post office was closed last year, that involves a decent walk from my office. It also means taking all my parcels to work in the first place.

And while I’m on the topic, how about the opening hours of the Royal Mail parcel collection depots? Usually something like 8am until 12 noon. How come these open so early? Why can’t they open normal post offices at this time?

Why can’t they have any services open in the evening, when people actually want to use them? Because they’re useless.

</rant>

First, a badly-focused self portrait:

And an uninspiring shot from my balcony – a view that has appeared on this blog many times before.

I think I’m going to have fun with this lens.