Samba appears broken if password includes parentheses (?)

[mredig]

This issue appears to be caused by the use of parentheses in the Samba password (via inithook). Needs testing and confirmation. - @JedMeister

---

I installed the VM, answered the questions with my password and domain name, connected to webmin, and went to the samba page. It said The configuration file /etc/samba/smb.conf was not found. Most likely Samba is not installed on your system, or your module configuration is incorrect. Based off this issue I tried reinstalling winbind and got this output:

root@dc1 ~# apt-get update && apt-get install winbind
Get:1 http://security.debian.org jessie/updates InRelease [63.1 kB]
Ign http://archive.turnkeylinux.org jessie-security InRelease                                                         
Get:2 http://security.debian.org jessie/updates/main amd64 Packages [414 kB]
Ign http://archive.turnkeylinux.org jessie InRelease                         
Get:3 http://archive.turnkeylinux.org jessie-security Release.gpg [473 B]    
Get:4 http://archive.turnkeylinux.org jessie Release.gpg [455 B]             
Get:5 http://archive.turnkeylinux.org jessie-security Release [5660 B]       
Get:6 http://archive.turnkeylinux.org jessie Release [5633 B]                                             
Ign http://http.debian.net jessie InRelease                                                                               
Get:7 http://archive.turnkeylinux.org jessie-security/main amd64 Packages [1090 B]                                
Get:8 http://archive.turnkeylinux.org jessie/main amd64 Packages [34.5 kB]                           
Get:9 http://http.debian.net jessie Release.gpg [2373 B]                                 
Get:10 http://security.debian.org jessie/updates/contrib amd64 Packages [2506 B]             
Get:11 http://http.debian.net jessie Release [148 kB]                                         
Get:12 http://security.debian.org jessie/updates/contrib Translation-en [1211 B]
Get:13 http://security.debian.org jessie/updates/main Translation-en [218 kB]                               
Get:14 http://http.debian.net jessie/main amd64 Packages [6790 kB]                            
Ign http://archive.turnkeylinux.org jessie-security/main Translation-en                                           
Ign http://archive.turnkeylinux.org jessie/main Translation-en                   
Get:15 http://http.debian.net jessie/contrib amd64 Packages [50.2 kB]            
Get:16 http://http.debian.net jessie/contrib Translation-en [38.5 kB]
Get:17 http://http.debian.net jessie/main Translation-en [4583 kB]
Fetched 12.4 MB in 4s (2798 kB/s)                               
Reading package lists... Done
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages were automatically installed and are no longer required:
  libgssapi3-heimdal libheimntlm0-heimdal libkdc2-heimdal
Use 'apt-get autoremove' to remove them.
The following extra packages will be installed:
  libarchive13 libldb1 liblzo2-2 libpam-smbpass libsmbclient libwbclient0 python-ldb python-samba samba samba-common samba-common-bin samba-dsdb-modules samba-libs samba-vfs-modules smbclient
Suggested packages:
  lrzip bind9 bind9utils ctdb ldb-tools smbldap-tools heimdal-clients cifs-utils libnss-winbind libpam-winbind
The following NEW packages will be installed:
  libarchive13 liblzo2-2 winbind
The following packages will be upgraded:
  libldb1 libpam-smbpass libsmbclient libwbclient0 python-ldb python-samba samba samba-common samba-common-bin samba-dsdb-modules samba-libs samba-vfs-modules smbclient
13 upgraded, 3 newly installed, 0 to remove and 139 not upgraded.
Need to get 10.3 MB of archives.
After this operation, 3772 kB of additional disk space will be used.
Do you want to continue? [Y/n] 
Get:1 http://security.debian.org/ jessie/updates/main libarchive13 amd64 3.1.2-11+deb8u3 [271 kB]
Get:2 http://http.debian.net/debian/ jessie/main liblzo2-2 amd64 2.08-1.2 [54.6 kB]
Get:3 http://security.debian.org/ jessie/updates/main python-ldb amd64 2:1.1.20-0+deb8u1 [30.6 kB]
Get:4 http://security.debian.org/ jessie/updates/main libwbclient0 amd64 2:4.2.14+dfsg-0+deb8u6 [122 kB]
Get:5 http://security.debian.org/ jessie/updates/main python-samba amd64 2:4.2.14+dfsg-0+deb8u6 [1018 kB]
Get:6 http://security.debian.org/ jessie/updates/main samba amd64 2:4.2.14+dfsg-0+deb8u6 [1027 kB]
Get:7 http://security.debian.org/ jessie/updates/main samba-common-bin amd64 2:4.2.14+dfsg-0+deb8u6 [615 kB]
Get:8 http://security.debian.org/ jessie/updates/main libsmbclient amd64 2:4.2.14+dfsg-0+deb8u6 [148 kB]
Get:9 http://security.debian.org/ jessie/updates/main smbclient amd64 2:4.2.14+dfsg-0+deb8u6 [344 kB]
Get:10 http://security.debian.org/ jessie/updates/main libpam-smbpass amd64 2:4.2.14+dfsg-0+deb8u6 [112 kB]
Get:11 http://security.debian.org/ jessie/updates/main samba-common all 2:4.2.14+dfsg-0+deb8u6 [243 kB]
Get:12 http://security.debian.org/ jessie/updates/main samba-dsdb-modules amd64 2:4.2.14+dfsg-0+deb8u6 [308 kB]
Get:13 http://security.debian.org/ jessie/updates/main samba-vfs-modules amd64 2:4.2.14+dfsg-0+deb8u6 [331 kB]
Get:14 http://security.debian.org/ jessie/updates/main samba-libs amd64 2:4.2.14+dfsg-0+deb8u6 [5113 kB]
Get:15 http://security.debian.org/ jessie/updates/main libldb1 amd64 2:1.1.20-0+deb8u1 [111 kB]
Get:16 http://security.debian.org/ jessie/updates/main winbind amd64 2:4.2.14+dfsg-0+deb8u6 [496 kB]
Fetched 10.3 MB in 4s (2442 kB/s)
[master b2b1726] saving uncommitted changes in /etc prior to apt run
 3 files changed, 3 insertions(+), 1 deletion(-)
 create mode 100644 webmin/samba/version
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package liblzo2-2:amd64.
(Reading database ... 30856 files and directories currently installed.)
Preparing to unpack .../liblzo2-2_2.08-1.2_amd64.deb ...
Unpacking liblzo2-2:amd64 (2.08-1.2) ...
Selecting previously unselected package libarchive13:amd64.
Preparing to unpack .../libarchive13_3.1.2-11+deb8u3_amd64.deb ...
Unpacking libarchive13:amd64 (3.1.2-11+deb8u3) ...
Preparing to unpack .../python-ldb_2%3a1.1.20-0+deb8u1_amd64.deb ...
Unpacking python-ldb (2:1.1.20-0+deb8u1) over (2:1.1.17-2+deb8u1) ...
Preparing to unpack .../libwbclient0_2%3a4.2.14+dfsg-0+deb8u6_amd64.deb ...
Unpacking libwbclient0:amd64 (2:4.2.14+dfsg-0+deb8u6) over (2:4.1.17+dfsg-2+deb8u2) ...
Preparing to unpack .../python-samba_2%3a4.2.14+dfsg-0+deb8u6_amd64.deb ...
Unpacking python-samba (2:4.2.14+dfsg-0+deb8u6) over (2:4.1.17+dfsg-2+deb8u2) ...
Preparing to unpack .../samba_2%3a4.2.14+dfsg-0+deb8u6_amd64.deb ...
Unpacking samba (2:4.2.14+dfsg-0+deb8u6) over (2:4.1.17+dfsg-2+deb8u2) ...
dpkg: warning: unable to delete old directory '/var/lib/samba/private': Directory not empty
Preparing to unpack .../samba-common-bin_2%3a4.2.14+dfsg-0+deb8u6_amd64.deb ...
Unpacking samba-common-bin (2:4.2.14+dfsg-0+deb8u6) over (2:4.1.17+dfsg-2+deb8u2) ...
Preparing to unpack .../libsmbclient_2%3a4.2.14+dfsg-0+deb8u6_amd64.deb ...
Unpacking libsmbclient:amd64 (2:4.2.14+dfsg-0+deb8u6) over (2:4.1.17+dfsg-2+deb8u2) ...
Preparing to unpack .../smbclient_2%3a4.2.14+dfsg-0+deb8u6_amd64.deb ...
Unpacking smbclient (2:4.2.14+dfsg-0+deb8u6) over (2:4.1.17+dfsg-2+deb8u2) ...
Preparing to unpack .../libpam-smbpass_2%3a4.2.14+dfsg-0+deb8u6_amd64.deb ...
Unpacking libpam-smbpass:amd64 (2:4.2.14+dfsg-0+deb8u6) over (2:4.1.17+dfsg-2+deb8u2) ...
Preparing to unpack .../samba-common_2%3a4.2.14+dfsg-0+deb8u6_all.deb ...
Unpacking samba-common (2:4.2.14+dfsg-0+deb8u6) over (2:4.1.17+dfsg-2+deb8u2) ...
Preparing to unpack .../samba-dsdb-modules_2%3a4.2.14+dfsg-0+deb8u6_amd64.deb ...
Unpacking samba-dsdb-modules (2:4.2.14+dfsg-0+deb8u6) over (2:4.1.17+dfsg-2+deb8u2) ...
Preparing to unpack .../samba-vfs-modules_2%3a4.2.14+dfsg-0+deb8u6_amd64.deb ...
Unpacking samba-vfs-modules (2:4.2.14+dfsg-0+deb8u6) over (2:4.1.17+dfsg-2+deb8u2) ...
Preparing to unpack .../samba-libs_2%3a4.2.14+dfsg-0+deb8u6_amd64.deb ...
Unpacking samba-libs:amd64 (2:4.2.14+dfsg-0+deb8u6) over (2:4.1.17+dfsg-2+deb8u2) ...
Preparing to unpack .../libldb1_2%3a1.1.20-0+deb8u1_amd64.deb ...
Unpacking libldb1:amd64 (2:1.1.20-0+deb8u1) over (2:1.1.17-2+deb8u1) ...
Selecting previously unselected package winbind.
Preparing to unpack .../winbind_2%3a4.2.14+dfsg-0+deb8u6_amd64.deb ...
Unpacking winbind (2:4.2.14+dfsg-0+deb8u6) ...
Processing triggers for systemd (215-17+deb8u4) ...
Processing triggers for man-db (2.7.0.2-5) ...
Setting up liblzo2-2:amd64 (2.08-1.2) ...
Setting up libarchive13:amd64 (3.1.2-11+deb8u3) ...
Setting up libldb1:amd64 (2:1.1.20-0+deb8u1) ...
Setting up python-ldb (2:1.1.20-0+deb8u1) ...
Setting up libwbclient0:amd64 (2:4.2.14+dfsg-0+deb8u6) ...
Setting up samba-libs:amd64 (2:4.2.14+dfsg-0+deb8u6) ...
Setting up python-samba (2:4.2.14+dfsg-0+deb8u6) ...
Setting up samba-common (2:4.2.14+dfsg-0+deb8u6) ...
Not replacing deleted config file /etc/samba/smb.conf
Install/upgrade will fail. To recover, please try:
 sudo cp /usr/share/samba/smb.conf /etc/samba/smb.conf
 sudo dpkg --configure -a
Setting up samba-common-bin (2:4.2.14+dfsg-0+deb8u6) ...
Setting up samba-dsdb-modules (2:4.2.14+dfsg-0+deb8u6) ...
Setting up samba (2:4.2.14+dfsg-0+deb8u6) ...
Job for smbd.service failed. See 'systemctl status smbd.service' and 'journalctl -xn' for details.
invoke-rc.d: initscript smbd, action "start" failed.
dpkg: error processing package samba (--configure):
 subprocess installed post-installation script returned error exit status 1
Setting up libsmbclient:amd64 (2:4.2.14+dfsg-0+deb8u6) ...
Setting up smbclient (2:4.2.14+dfsg-0+deb8u6) ...
Setting up libpam-smbpass:amd64 (2:4.2.14+dfsg-0+deb8u6) ...
Setting up samba-vfs-modules (2:4.2.14+dfsg-0+deb8u6) ...
dpkg: dependency problems prevent configuration of winbind:
 winbind depends on samba (= 2:4.2.14+dfsg-0+deb8u6); however:
  Package samba is not configured yet.

dpkg: error processing package winbind (--configure):
 dependency problems - leaving unconfigured
Processing triggers for libc-bin (2.19-18+deb8u4) ...
Errors were encountered while processing:
 samba
 winbind
Counting objects: 1297, done.
Compressing objects: 100% (855/855), done.
Writing objects: 100% (1297/1297), done.
Total 1297 (delta 66), reused 0 (delta 0)
E: Sub-process /usr/bin/dpkg returned an error code (1)

I tried doing the same using the default domain.lan and DOMAIN and then webmin worked. I haven't tested beyond this to find out if it's working as an actual DC.

[mredig]

I don't know how to label this for domain controller - sorry.

[a3s7p]

Could you post the output of systemctl status smbd.service and journalctl -xn immediately after the apt-get fails please?

[mredig]

root@dc1 ~# systemctl status smbd.service
* smbd.service - LSB: start Samba SMB/CIFS daemon (smbd)
   Loaded: loaded (/etc/init.d/smbd)
   Active: failed (Result: exit-code) since Sun 2017-06-18 17:02:29 UTC; 21s ago
  Process: 2297 ExecStart=/etc/init.d/smbd start (code=exited, status=1/FAILURE)

Jun 18 17:02:29 dc1 smbd[2297]: Starting SMB/CIFS daemon: smbd failed!
Jun 18 17:02:29 dc1 systemd[1]: smbd.service: control process exited, code=exited status=1
Jun 18 17:02:29 dc1 systemd[1]: Failed to start LSB: start Samba SMB/CIFS daemon (smbd).
Jun 18 17:02:29 dc1 systemd[1]: Unit smbd.service entered failed state.

Aaaaaaaand

root@dc1 ~# journalctl -xn
-- Logs begin at Sun 2017-06-18 17:00:22 UTC, end at Sun 2017-06-18 17:02:29 UTC. --
Jun 18 17:02:29 dc1 systemd[1]: Activated swap /dev/disk/by-uuid/0934e1fd-430d-4a3c-a0b3-731ee56b12c3.
-- Subject: Unit dev-disk-by\x2duuid-0934e1fd\x2d430d\x2d4a3c\x2da0b3\x2d731ee56b12c3.swap has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit dev-disk-by\x2duuid-0934e1fd\x2d430d\x2d4a3c\x2da0b3\x2d731ee56b12c3.swap has finished starting up.
-- 
-- The start-up result is done.
Jun 18 17:02:29 dc1 systemd[1]: Activated swap /dev/sda5.
-- Subject: Unit dev-sda5.swap has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit dev-sda5.swap has finished starting up.
-- 
-- The start-up result is done.
Jun 18 17:02:29 dc1 systemd[1]: Activated swap /dev/disk/by-id/ata-VBOX_HARDDISK_VBce5e2581-42302f80-part5.
-- Subject: Unit dev-disk-by\x2did-ata\x2dVBOX_HARDDISK_VBce5e2581\x2d42302f80\x2dpart5.swap has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit dev-disk-by\x2did-ata\x2dVBOX_HARDDISK_VBce5e2581\x2d42302f80\x2dpart5.swap has finished starting up.
-- 
-- The start-up result is done.
Jun 18 17:02:29 dc1 systemd[1]: Starting inithooks: firstboot and everyboot initialization scripts...
-- Subject: Unit inithooks.service has begun with start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit inithooks.service has begun starting up.
Jun 18 17:02:29 dc1 systemd[1]: Starting LSB: start Samba SMB/CIFS daemon (smbd)...
-- Subject: Unit smbd.service has begun with start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit smbd.service has begun starting up.
Jun 18 17:02:29 dc1 systemd[1]: Started inithooks: firstboot and everyboot initialization scripts.
-- Subject: Unit inithooks.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit inithooks.service has finished starting up.
-- 
-- The start-up result is done.
Jun 18 17:02:29 dc1 smbd[2297]: Starting SMB/CIFS daemon: smbd failed!
Jun 18 17:02:29 dc1 systemd[1]: smbd.service: control process exited, code=exited status=1
Jun 18 17:02:29 dc1 systemd[1]: Failed to start LSB: start Samba SMB/CIFS daemon (smbd).
-- Subject: Unit smbd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit smbd.service has failed.
-- 
-- The result is failed.
Jun 18 17:02:29 dc1 systemd[1]: Unit smbd.service entered failed state.

[DocCyblade]

What VM type are you using (VMWare, Virtual Box, etc..) and did you install via ISO or other type of image.

And you are talking about the Domain Controller appliance correct?

I want to try an recreate your issue on my test lab.

[mredig]

Virtual Box and I first tried the OVA and subsequently tried installing from the ISO with the same results.

My domain name is redacted (i also tried redacted and redacted which I use internally) and domain is REDACTED - domain.lan and DOMAIN appear to work correctly

[mredig]

Okay - I may have something useful here: it appears that if I use a different password, it'll work? The password I was initially using had parentheses in it - other than that, capital, lowercase, and numbers. When I changed to a different password, it appears to have worked even with my custom domain. I'm not certain that the parentheses are the issue, but that so far would be my guess.

[DocCyblade]

Give me about an hour and I'll try to reproduce. I'm in the middle of moving some furniture, when I get back I'll give it a try. Try spinning up something with a password with just numbers and letters to double check the password idea if you have the time.

I'll post back when I have had a chance to spin up one

[mredig]

Using a different password DOES allow me to use webmin and samba! It still had a special character, but it wasn't parentheses.

Of course, I still can't attach my computer to the domain, but that's another issue (and might just be because my computer is a Mac... :P I have no idea how Macs integrate with AD and using samba as the DC might complicate things)

[DocCyblade]

Great to hear it is working. Macs joined to AD domain is tricky I have to do this at work for 802.11X and our wireless. I would look at using the open source project called NoMAD. Due to how macs use AD I don't recommend using it for laptops for authentication (mobile accounts)

[JedMeister]

Ok, so I have built the domain-controller appliance for v14.2, it should be published next week hopefully.

I was seriously close to shutting this issue. However, I'm not really sure if we've actually resolved this specific issue in v14.2!?

To clarify, the specific problem in this case was that the interactive firstboot inithook accepted a parentheses (i.e. a ( or ) ), but it didn't actually work, right?! Once you had reset the password (to something without parentheses, it worked ok.

If that's the case, we probably should repin this issue to v15.0 and when we get to that, tweak the inithook either so it does accept parentheses properly (and work). Or note that it can't accept them and fail if they're included.

[JedMeister]

Clarified subject, added a brief overview of the updated issue (in the OP) and moved to v15.0 milestone.

[JedMeister]

@spaghettimaster - assigned this one to you too. IIRC there is a way to limit which characters the inithooks can receive. If it's not obvious to you, please check with @OnGle

[spaghettimaster]

Hey @JedMeister,

I tested other Samba-based appliances and can reproduce this problem only in the domain-controller.
(apparently, because only this appliance configured in Samba 4 style with the samba-tool)

So I implemented my fix locally. Here is PR.

[JedMeister]

Thanks mate! 👍