[Samba] Samba 4 AD share: Access denied
Ryan Ashley
ryana at reachtechfp.com
Mon Jul 28 16:33:08 MDT 2014
More information in another winbind log. I attempted to login to a
remote Windows 7 box with a normal user account which is in both groups
and should get both drives. Windows logs access denied and does not map
the drives, and I get this in the logs. At this point I am fairly sure
winbind is having issues speaking to the DC due to a missing module
which I can find nothing about online. I did use Google for a while
today and cannot find a match for the phrases below, so I am stuck.
log.wb-TRUEVINE:
[2014/07/28 18:24:52.880743, 3]
../source3/winbindd/winbindd_ads.c:597(query_user)
ads: query_user
[2014/07/28 18:24:52.883979, 1]
../source3/winbindd/winbindd_ads.c:710(query_user)
nss_get_info_cached failed: NT_STATUS_NOT_FOUND
log.winbind-idmap:
[2014/07/28 18:24:52.883979, 3]
../lib/krb5_wrap/krb5_samba.c:266(ads_cleanup_expired_creds)
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect]
expiration Mon, 28 Jul 2014 20:14:44 EDT
[2014/07/28 18:24:52.883991, 0]
../source3/winbindd/winbindd.c:266(winbindd_sig_term_handler)
Got sig[15] terminate (is_parent=0)
[2014/07/28 18:24:52.884011, 3]
../source3/winbindd/idmap.c:230(idmap_init_domain)
idmap backend ad not found
[2014/07/28 18:24:52.884072, 3]
../source3/winbindd/idmap.c:235(idmap_init_domain)
Could not probe idmap module ad
On 7/28/2014 11:16 AM, Ryan Ashley wrote:
> Found the problem, I believe
>
> [2014/07/28 10:14:44.828015, 3]
> ../lib/krb5_wrap/krb5_samba.c:266(ads_cleanup_expired_creds)
> ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect]
> expiration Mon, 28 Jul 2014 20:14:44 EDT
> [2014/07/28 10:31:37.274435, 0]
> ../source3/winbindd/winbindd.c:266(winbindd_sig_term_handler)
> Got sig[15] terminate (is_parent=0)
> [2014/07/28 11:02:32.032341, 3]
> ../source3/winbindd/idmap.c:230(idmap_init_domain)
> idmap backend ad not found
> [2014/07/28 11:02:32.051673, 3]
> ../source3/winbindd/idmap.c:235(idmap_init_domain)
> Could not probe idmap module ad
>
> As you can see, winbind is having issues with AD. What could cause
> this? Currently I have set share permissions in Linux to 777 and am
> running S4 4.1.10 from the v4-1-stable branch. Is this something I can
> fix?
>
> On 07/28/2014 10:19 AM, Ryan Ashley wrote:
>> Great, so by doing "git clone git://git.samba.org/samba.git
>> samba-master" I am by default cloning the testing branch. I am going
>> to do a checkout on stable and try again.
>>
>> On 07/28/2014 10:11 AM, Rowland Penny wrote:
>>> On 28/07/14 15:00, Ryan Ashley wrote:
>>>> Odd, but it says I am using 4.2.0, which is higher than 4.1.8.
>>>>
>>>> root at fs01:/usr/src/samba-master# samba-tool -V
>>>> 4.2.0pre1-GIT-d097898
>>>> root at fs01:/usr/src/samba-master# winbindd -V
>>>> Version 4.2.0pre1-GIT-d097898
>>>> root at fs01:/usr/src/samba-master# nmbd -V
>>>> Version 4.2.0pre1-GIT-d097898
>>>> root at fs01:/usr/src/samba-master#
>>>>
>>>> I normally clone, configure, and build. Is the stable branch not
>>>> default? Am I building a testing branch? Should I checkout on the
>>>> stable branch?
>>>>
>>>> On 07/28/2014 09:50 AM, Rowland Penny wrote:
>>>>> On 28/07/14 14:41, Ryan Ashley wrote:
>>>>>> Alright, I was poking around this morning trying to make this
>>>>>> work, and noticed something odd. Loads of zombie nmbd processes.
>>>>>> Check out the dump below and tell me, what is going on here? Is
>>>>>> this my problem?
>>>>>>
>>>>>> root at fs01:~# ps x
>>>>>> PID TTY STAT TIME COMMAND
>>>>>> 1 ? Ss 0:02 init [2]
>>>>>> 2 ? S 0:00 [kthreadd]
>>>>>> 3 ? S 0:00 [ksoftirqd/0]
>>>>>> 5 ? S 0:00 [kworker/u:0]
>>>>>> 6 ? S 0:00 [migration/0]
>>>>>> 7 ? S 0:01 [watchdog/0]
>>>>>> 8 ? S< 0:00 [cpuset]
>>>>>> 9 ? S< 0:00 [khelper]
>>>>>> 10 ? S 0:00 [kdevtmpfs]
>>>>>> 11 ? S< 0:00 [netns]
>>>>>> 12 ? S 0:00 [xenwatch]
>>>>>> 13 ? S 0:00 [xenbus]
>>>>>> 14 ? S 0:01 [sync_supers]
>>>>>> 15 ? S 0:00 [bdi-default]
>>>>>> 16 ? S< 0:00 [kintegrityd]
>>>>>> 17 ? S< 0:00 [kblockd]
>>>>>> 19 ? S 0:00 [khungtaskd]
>>>>>> 20 ? S 0:00 [kswapd0]
>>>>>> 21 ? SN 0:00 [ksmd]
>>>>>> 22 ? SN 0:00 [khugepaged]
>>>>>> 23 ? S 0:00 [fsnotify_mark]
>>>>>> 24 ? S< 0:00 [crypto]
>>>>>> 173 ? S 0:00 [jbd2/xvda1-8]
>>>>>> 174 ? S< 0:00 [ext4-dio-unwrit]
>>>>>> 183 ? S 0:00 [kworker/u:1]
>>>>>> 313 ? Ss 0:00 udevd --daemon
>>>>>> 420 ? S 0:00 udevd --daemon
>>>>>> 425 ? S 0:00 udevd --daemon
>>>>>> 433 ? S 0:00 [khubd]
>>>>>> 438 ? S< 0:00 [kpsmoused]
>>>>>> 445 ? S< 0:00 [ata_sff]
>>>>>> 471 ? S 0:00 [scsi_eh_0]
>>>>>> 472 ? S 0:00 [scsi_eh_1]
>>>>>> 1295 ? S 0:00 [jbd2/xvda2-8]
>>>>>> 1296 ? S< 0:00 [ext4-dio-unwrit]
>>>>>> 1297 ? S 0:01 [flush-202:0]
>>>>>> 1298 ? S 0:00 [jbd2/xvda9-8]
>>>>>> 1299 ? S< 0:00 [ext4-dio-unwrit]
>>>>>> 1300 ? S 0:00 [jbd2/xvda10-8]
>>>>>> 1301 ? S< 0:00 [ext4-dio-unwrit]
>>>>>> 1302 ? S 0:00 [jbd2/xvda8-8]
>>>>>> 1303 ? S< 0:00 [ext4-dio-unwrit]
>>>>>> 1307 ? S 0:00 [jbd2/xvda11-8]
>>>>>> 1308 ? S< 0:00 [ext4-dio-unwrit]
>>>>>> 1309 ? S 0:00 [jbd2/xvda3-8]
>>>>>> 1310 ? S< 0:00 [ext4-dio-unwrit]
>>>>>> 1311 ? S 0:00 [jbd2/xvda4-8]
>>>>>> 1312 ? S< 0:00 [ext4-dio-unwrit]
>>>>>> 1313 ? S 0:00 [jbd2/xvda5-8]
>>>>>> 1314 ? S< 0:00 [ext4-dio-unwrit]
>>>>>> 1315 ? S 0:00 [jbd2/xvda6-8]
>>>>>> 1316 ? S< 0:00 [ext4-dio-unwrit]
>>>>>> 1317 ? S 0:00 [jbd2/xvda7-8]
>>>>>> 1318 ? S< 0:00 [ext4-dio-unwrit]
>>>>>> 1319 ? S 0:00 [jbd2/xvdb1-8]
>>>>>> 1320 ? S< 0:00 [ext4-dio-unwrit]
>>>>>> 1780 ? Sl 0:00 /usr/sbin/rsyslogd -c5
>>>>>> 1811 ? Ss 0:00 /usr/sbin/acpid
>>>>>> 1903 ? Ss 0:00 /usr/sbin/cron
>>>>>> 1998 ? Ss 0:00 /usr/sbin/sshd
>>>>>> 2022 tty1 Ss+ 0:00 /sbin/getty 38400 tty1
>>>>>> 2023 tty2 Ss+ 0:00 /sbin/getty 38400 tty2
>>>>>> 2024 tty3 Ss+ 0:00 /sbin/getty 38400 tty3
>>>>>> 2025 tty4 Ss+ 0:00 /sbin/getty 38400 tty4
>>>>>> 2026 tty5 Ss+ 0:00 /sbin/getty 38400 tty5
>>>>>> 2027 tty6 Ss+ 0:00 /sbin/getty 38400 tty6
>>>>>> 2041 ? Ss 0:03 nmbd
>>>>>> 2043 ? Ss 0:03 smbd
>>>>>> 2045 ? Ss 0:00 winbindd
>>>>>> 2046 ? S 0:02 winbindd
>>>>>> 2047 ? S 0:00 winbindd
>>>>>> 2048 ? S 0:00 winbindd
>>>>>> 2049 ? S 0:00 smbd
>>>>>> 2067 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2085 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2109 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2127 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2145 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2163 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2185 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2203 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2223 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2241 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2263 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2281 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2299 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2317 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2339 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2357 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2375 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2393 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2415 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2433 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2451 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2469 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2491 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2509 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2527 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2545 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2567 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2585 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2603 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2621 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2643 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2661 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2679 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2697 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2719 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2737 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2755 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2773 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2795 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2813 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2831 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2849 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2871 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2889 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2907 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2925 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2946 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2964 ? Z 0:00 [nmbd] <defunct>
>>>>>> 2982 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3000 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3022 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3040 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3058 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3076 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3098 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3116 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3134 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3152 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3174 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3192 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3210 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3228 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3250 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3268 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3285 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3303 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3325 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3343 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3361 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3380 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3402 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3420 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3438 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3456 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3574 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3592 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3610 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3628 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3650 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3668 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3686 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3704 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3726 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3744 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3762 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3780 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3802 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3820 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3838 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3856 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3878 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3896 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3914 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3932 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3954 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3972 ? Z 0:00 [nmbd] <defunct>
>>>>>> 3990 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4008 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4030 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4048 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4066 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4084 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4106 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4124 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4142 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4160 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4182 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4200 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4220 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4238 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4261 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4279 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4297 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4315 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4337 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4355 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4373 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4391 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4413 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4431 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4449 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4467 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4489 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4507 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4525 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4543 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4565 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4583 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4601 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4619 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4641 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4659 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4677 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4694 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4716 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4734 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4752 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4770 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4792 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4811 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4829 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4847 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4869 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4887 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4905 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4923 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4945 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4963 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4981 ? Z 0:00 [nmbd] <defunct>
>>>>>> 4999 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5021 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5039 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5057 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5075 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5097 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5115 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5133 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5151 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5173 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5191 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5209 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5227 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5249 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5267 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5285 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5303 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5325 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5343 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5361 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5379 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5525 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5543 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5571 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5589 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5611 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5630 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5648 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5666 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5688 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5706 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5724 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5742 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5764 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5782 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5800 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5818 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5840 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5858 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5876 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5894 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5916 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5934 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5952 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5970 ? Z 0:00 [nmbd] <defunct>
>>>>>> 5992 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6010 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6028 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6046 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6068 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6086 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6104 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6122 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6144 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6161 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6179 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6197 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6219 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6238 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6256 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6274 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6296 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6314 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6332 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6350 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6372 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6390 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6408 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6426 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6448 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6466 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6484 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6502 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6524 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6542 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6560 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6578 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6600 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6618 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6636 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6654 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6676 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6694 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6712 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6730 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6752 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6770 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6789 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6807 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6829 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6847 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6852 ? S 0:01 [kworker/0:0]
>>>>>> 6867 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6885 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6906 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6924 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6942 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6960 ? Z 0:00 [nmbd] <defunct>
>>>>>> 6982 ? Z 0:00 [nmbd] <defunct>
>>>>>> 7000 ? Z 0:00 [nmbd] <defunct>
>>>>>> 7018 ? Z 0:00 [nmbd] <defunct>
>>>>>> 7036 ? Z 0:00 [nmbd] <defunct>
>>>>>> 7058 ? Z 0:00 [nmbd] <defunct>
>>>>>> 7076 ? Z 0:00 [nmbd] <defunct>
>>>>>> 7094 ? Z 0:00 [nmbd] <defunct>
>>>>>> 7112 ? Z 0:00 [nmbd] <defunct>
>>>>>> 7134 ? Z 0:00 [nmbd] <defunct>
>>>>>> 7152 ? Z 0:00 [nmbd] <defunct>
>>>>>> 7170 ? Z 0:00 [nmbd] <defunct>
>>>>>> 7188 ? Z 0:00 [nmbd] <defunct>
>>>>>> 7210 ? Z 0:00 [nmbd] <defunct>
>>>>>> 7228 ? Z 0:00 [nmbd] <defunct>
>>>>>> 7246 ? Z 0:00 [nmbd] <defunct>
>>>>>> 7264 ? Z 0:00 [nmbd] <defunct>
>>>>>> 7286 ? Z 0:00 [nmbd] <defunct>
>>>>>> 7304 ? Z 0:00 [nmbd] <defunct>
>>>>>> 7322 ? Z 0:00 [nmbd] <defunct>
>>>>>> 7340 ? Z 0:00 [nmbd] <defunct>
>>>>>> 7458 ? Z 0:00 [nmbd] <defunct>
>>>>>> 7476 ? Z 0:00 [nmbd] <defunct>
>>>>>> 7494 ? Z 0:00 [nmbd] <defunct>
>>>>>> 7512 ? Z 0:00 [nmbd] <defunct>
>>>>>> 7534 ? Z 0:00 [nmbd] <defunct>
>>>>>> 7552 ? Z 0:00 [nmbd] <defunct>
>>>>>> 7569 ? Z 0:00 [nmbd] <defunct>
>>>>>> 7587 ? Z 0:00 [nmbd] <defunct>
>>>>>> 7609 ? Z 0:00 [nmbd] <defunct>
>>>>>> 7627 ? Z 0:00 [nmbd] <defunct>
>>>>>> 7645 ? Z 0:00 [nmbd] <defunct>
>>>>>> 7665 ? Z 0:00 [nmbd] <defunct>
>>>>>> 7676 ? S 0:00 [kworker/0:2]
>>>>>> 7687 ? Z 0:00 [nmbd] <defunct>
>>>>>> 7697 ? Ss 0:00 sshd: root at pts/0
>>>>>> 7699 pts/0 Ss 0:00 -bash
>>>>>> 7711 ? S 0:00 [kworker/0:1]
>>>>>> 7718 ? S 0:00 [flush-202:16]
>>>>>> 7721 pts/0 R+ 0:00 ps x
>>>>>>
>>>>>> On 07/28/2014 09:18 AM, Ryan Ashley wrote:
>>>>>>> I have never even played with apparmor. I do my Debian installs
>>>>>>> using a net CD and doing the expert 64bit install. I disable
>>>>>>> recommended and suggested packages and install only exactly what
>>>>>>> I need, so I do not have apparmor or selinux. Good thought
>>>>>>> though. I also tried disabling the firewall on a test PC and
>>>>>>> still no go. This has NEVER happened before so I am lost.
>>>>>>>
>>>>>>> So where else should I look? The system in question is a domain
>>>>>>> member server, can resolve users and groups, and can set ACLs
>>>>>>> with user and groups from AD. It is simply denying access to
>>>>>>> group members of said shares.
>>>>>>>
>>>>>>> On 07/28/2014 05:02 AM, Rowland Penny wrote:
>>>>>>>> On 27/07/14 16:28, Ryan Ashley wrote:
>>>>>>>>> I understand and I should have stated more clearly that I have
>>>>>>>>> been going through those results for over a week now. Nothing
>>>>>>>>> seems to help. Funny thing is that creating a second virtual
>>>>>>>>> file-server and using share authentication works fine. Yet
>>>>>>>>> another reason I am leaning towards group issues. If the
>>>>>>>>> file-server is share-level the Windows 7 boxes are happy. As
>>>>>>>>> soon as it goes AD and uses AD groups, they stop working. I
>>>>>>>>> have not tried user-level security yet. Then again I may have
>>>>>>>>> user-level and share-level confused. It has been a long week.
>>>>>>>>> I will keep searching but so far nothing I have found and
>>>>>>>>> tried works.
>>>>>>>>>
>>>>>>>>> Is there a way to get an actual reason for the denial? If it
>>>>>>>>> flat-out told me a reason I could troubleshoot. Right now I am
>>>>>>>>> just shooting in random directions hoping to hit something
>>>>>>>>> since all I get is "Access Denied". Is it possible to see is
>>>>>>>>> S4 is denying the connection via a log or something, or if
>>>>>>>>> Windows 7 is being stupid... again?
>>>>>>>>>
>>>>>>>>> On 7/27/2014 10:57 AM, Rowland Penny wrote:
>>>>>>>>>> On 27/07/14 15:15, Ryan Ashley wrote:
>>>>>>>>>>> That solution is for Windows 8. That also is not our issue.
>>>>>>>>>>> The WIndows 7 Pro 64bit workstations see the server and
>>>>>>>>>>> shares, and they map the shares according to group policy,
>>>>>>>>>>> but then everybody gets access denied, despite being in the
>>>>>>>>>>> domain groups for which the shares were created. Funny thing
>>>>>>>>>>> is that if I logon as domain admin, I get to access the
>>>>>>>>>>> shares. Due to this, I fully believe the S4 server is
>>>>>>>>>>> ignoring or not accounting for group membership. The
>>>>>>>>>>> "reachfp" account is the domain admin. This is also the
>>>>>>>>>>> default owner of files on the shares. The group
>>>>>>>>>>> "administration" contains many members and does not grant
>>>>>>>>>>> access, despite the group being granted full control. This
>>>>>>>>>>> lead e into believing I am still dealing with a permissions
>>>>>>>>>>> issue and not another issue. If it was the other issue, I
>>>>>>>>>>> would assume domain admin could not see the share or access
>>>>>>>>>>> it. Is that about right?
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>> You are missing the point, I probably could have chosen a
>>>>>>>>>> better target but I only spent about 30secs on the search:
>>>>>>>>>>
>>>>>>>>>> windows 7 64 bit access denied samba
>>>>>>>>>>
>>>>>>>>>> This returns About 116,000 results, here's another one:
>>>>>>>>>>
>>>>>>>>>> http://www.sevenforums.com/network-sharing/242602-can-t-connect-samba-share-win-7-ultimate-64-bit.html
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Try looking into this before dismissing it out of hand and
>>>>>>>>>> insisting that samba is the problem.
>>>>>>>>>>
>>>>>>>>>> Rowland
>>>>>>>>>
>>>>>>>> OK, after more thought and re-reading your posts, a thought has
>>>>>>>> popped into my head, apparmor, do you have this running on the
>>>>>>>> server ?
>>>>>>>> I have been caught out by this a few times, not being allowed
>>>>>>>> to do things that I thought I should be able to do, or packages
>>>>>>>> not running correctly because they were not allowed access, in
>>>>>>>> every case it was apparmor. As I could never get apparmor to
>>>>>>>> play ball with me (I thought that I had found all rights that
>>>>>>>> needed modding and then another one would pop its head up and
>>>>>>>> what is in the logs bares no resemblance to what you need to
>>>>>>>> put in the conf file), I now disable apparmor straight after
>>>>>>>> installing a new system.
>>>>>>>>
>>>>>>>> Rowland
>>>>>>>>
>>>>>>>
>>>>>>
>>>>> Somebody else reported this problem, he went to 4.1.8 and the
>>>>> zombie nmbd problem went away, if you upgrade to the latest samba4
>>>>> you may hit two birds with one stone, the nmbd problem and your
>>>>> group problem ;-)
>>>>>
>>>>> Rowland
>>>>
>>> Hi, what you are using is not the stable branch, it is the branch
>>> that will become the next release i.e. 4.2. This does not mean that
>>> you shouldn't use it, it just means that it could be upgraded at any
>>> time until it is 'frozen' just before release. These upgrades
>>> 'could' break something, not saying they will, just that they could,
>>> for production use I would use the latest version from here:
>>>
>>> https://ftp.samba.org/pub/samba/stable/
>>>
>>> Rowland
>>>
>>
>
More information about the samba
mailing list