[Samba] why does add_local_groups come up in only one system's logs?

L.P.H. van Belle belle at bazuin.nl
Tue Aug 9 13:58:05 UTC 2016 

Hai, 

If you want to try to avoid that bug. 
Go here http://downloads.van-belle.nl/samba4/ 
Get the 4.4.5 packages for jessie there. 
Read the readme.txt and install them. 

And see if you problem is still there. 

The are compiled with the lated ldb from debian stretch. 
Which should fix your problem. 



Greetz, 

Louis




> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens francis picabia
> Verzonden: dinsdag 9 augustus 2016 15:43
> Aan: Rowland Penny
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] why does add_local_groups come up in only one
> system's logs?
> 
> On Mon, Aug 8, 2016 at 4:16 PM, Rowland Penny <rpenny at samba.org> wrote:
> 
> > On Mon, 8 Aug 2016 15:27:44 -0300
> > francis picabia <fpicabia at gmail.com> wrote:
> >
> > > OK, that was my bad for copy/pasting some config lines I found with
> > > a report of "this works!" on a bug report (only the second login
> > > connects bug).
> > >
> > > I've included the domain and fixed the range so it won't overlap with
> > > Unix IDs.
> > >
> > > #  grep idmap /etc/samba/smb.conf
> > >    idmap config MYDOM : backend = rid
> > >    idmap config MYDOM : range = 70000-99999999
> > >
> > > I eliminated the "valid users =" line from the homes section.
> > >
> > > On Debian, there are a couple of difference services.  I read that
> > > with 4.2, it can
> > > run its own winbind service.  So I wondered if that can make a
> > > difference.
> >
> > I think you could be getting confused here. If you run Samba as a DC,
> > then yes, from 4.2.0, the separate winbindd binary is used instead of
> > the 'winbind' built into the samba binary.
> > On a domain member that is joined to AD, you will need to run
> > the winbindd binary as well.
> >
> > >
> > > If I stop winbind, and restart samba...
> > >
> > > # /etc/init.d/samba restart
> > > [ ok ] Restarting nmbd (via systemctl): nmbd.service.
> > > [ ok ] Restarting smbd (via systemctl): smbd.service.
> > > [ ok ] Restarting samba-ad-dc (via systemctl): samba-ad-dc.service.
> > > # ps auxww | grep winbind
> > > root     19867  0.0  0.0  12764   948 pts/0    S+   14:13   0:00 grep
> > > winbind
> > >
> >
> > This shows that 'winbindd' isn't running, if I run a similar command on
> > a domain member:
> >
> > rowland at devstation:~$ ps ax | grep winbind
> >  2334 ?        Ss     0:11 /usr/local/samba/sbin/winbindd
> >  2532 ?        S      0:00 /usr/local/samba/sbin/winbindd
> >  2535 ?        S      0:00 /usr/local/samba/sbin/winbindd
> >  2536 ?        S      0:01 /usr/local/samba/sbin/winbindd
> >  4731 ?        S      0:00 /usr/local/samba/sbin/winbindd
> > 17044 pts/7    S+     0:00 grep winbind
> >
> > > Then I can connect with smbclient to the system where I never could
> > > before. That would be fine except that ssh requires winbind.
> > > If I stop /etc/init.d/samba and launch nmbd, smbd and winbind as
> > > services on their own, then ssh login with AD credentials works,
> > > but I cannot connect with smbclient.
> >
> > If try to connect from a DC to devstation with smbclient, I get this:
> >
> > root at dc1:~# smbclient -L //devstation -UAdministrator
> > Enter Administrator's password:
> > Domain=[SAMDOM] OS=[Windows 6.1] Server=[Samba 4.4.4]
> >
> >         Sharename       Type      Comment
> >         ---------       ----      -------
> >         homes           Disk
> >         data2           Disk
> >         IPC$            IPC       IPC Service (Samba 4 Client
> devstation)
> >         root            Disk      Home directory of root
> > Domain=[SAMDOM] OS=[Windows 6.1] Server=[Samba 4.4.4]
> >
> >         Server               Comment
> >         ---------            -------
> >         DESKTOP-GVRV8IE
> >         DEVSTATION           Samba 4 Client devstation
> >
> >         Workgroup            Master
> >         ---------            -------
> >         SAMDOM               DESKTOP-GVRV8IE
> >
> > > The other system running with winbind allows both smbclient
> > > and ssh connections.
> > >
> > > On the problem system:
> > >
> > > Winbind on, and smbclient fails.
> > > Winbind off, and smbclient connects.
> > >
> > > It doesn't matter if winbind is in /etc/nsswitch.conf
> > > The good working system does not have winbind in the nsswitch.conf
> > >
> > > Both systems have the same packages containing winbind in the name.
> > >
> >
> > I would check everything, if they are running the same OS and Samba
> > version etc, then you should get the same results etc, provided Samba
> > is running as the same thing i.e. a domain member
> >
> >
> I'm fairly certain I'm encountering this bug:
> 
> https://bugzilla.samba.org/show_bug.cgi?id=10604
> 
> On the first server which was "working properly", it actually fails once
> with the getpwuid(4294967295) failed type of error, and on the second
> auth attempt, it works.
> 
> On the second server which never works while winbind is running,
> I'm always seeing the getpwuid failed error.
> 
> Just like the bug report, I find the second server works if winbind stops.
> My symptoms and error match this bug report very well.
> 
> There were some users chiming in who said their drive mapping
> always failed rather than only in the first auth attempt.
> 
> This samba bug report was where I got the previous range values starting
> at
> 1000
> as a supposed fix.
> 
> In fact, the Debian bug report says this magic set of idmap values is a
> workaround:
> 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803001
> 
> I don't believe in magic.
> 
> Maybe I'll need to take this up on a Debian group
> unless there is a better suggestion on a solution.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list