[Samba] why does add_local_groups come up in only one system's logs?
L.P.H. van Belle
belle at bazuin.nl
Tue Aug 9 14:15:53 UTC 2016
In addition.
UID 4294967295 = nobody
So in my options the bug "report" is not a bug.
Its a mis configuration.
You can test this ..
Set in smb.conf
Guest account = nobody
And check again, what happens now?
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens L.P.H. van Belle
> Verzonden: dinsdag 9 augustus 2016 15:58
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] why does add_local_groups come up in only one
> system's logs?
>
> Hai,
>
> If you want to try to avoid that bug.
> Go here http://downloads.van-belle.nl/samba4/
> Get the 4.4.5 packages for jessie there.
> Read the readme.txt and install them.
>
> And see if you problem is still there.
>
> The are compiled with the lated ldb from debian stretch.
> Which should fix your problem.
>
>
>
> Greetz,
>
> Louis
>
>
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens francis picabia
> > Verzonden: dinsdag 9 augustus 2016 15:43
> > Aan: Rowland Penny
> > CC: samba at lists.samba.org
> > Onderwerp: Re: [Samba] why does add_local_groups come up in only one
> > system's logs?
> >
> > On Mon, Aug 8, 2016 at 4:16 PM, Rowland Penny <rpenny at samba.org> wrote:
> >
> > > On Mon, 8 Aug 2016 15:27:44 -0300
> > > francis picabia <fpicabia at gmail.com> wrote:
> > >
> > > > OK, that was my bad for copy/pasting some config lines I found with
> > > > a report of "this works!" on a bug report (only the second login
> > > > connects bug).
> > > >
> > > > I've included the domain and fixed the range so it won't overlap
> with
> > > > Unix IDs.
> > > >
> > > > # grep idmap /etc/samba/smb.conf
> > > > idmap config MYDOM : backend = rid
> > > > idmap config MYDOM : range = 70000-99999999
> > > >
> > > > I eliminated the "valid users =" line from the homes section.
> > > >
> > > > On Debian, there are a couple of difference services. I read that
> > > > with 4.2, it can
> > > > run its own winbind service. So I wondered if that can make a
> > > > difference.
> > >
> > > I think you could be getting confused here. If you run Samba as a DC,
> > > then yes, from 4.2.0, the separate winbindd binary is used instead of
> > > the 'winbind' built into the samba binary.
> > > On a domain member that is joined to AD, you will need to run
> > > the winbindd binary as well.
> > >
> > > >
> > > > If I stop winbind, and restart samba...
> > > >
> > > > # /etc/init.d/samba restart
> > > > [ ok ] Restarting nmbd (via systemctl): nmbd.service.
> > > > [ ok ] Restarting smbd (via systemctl): smbd.service.
> > > > [ ok ] Restarting samba-ad-dc (via systemctl): samba-ad-dc.service.
> > > > # ps auxww | grep winbind
> > > > root 19867 0.0 0.0 12764 948 pts/0 S+ 14:13 0:00
> grep
> > > > winbind
> > > >
> > >
> > > This shows that 'winbindd' isn't running, if I run a similar command
> on
> > > a domain member:
> > >
> > > rowland at devstation:~$ ps ax | grep winbind
> > > 2334 ? Ss 0:11 /usr/local/samba/sbin/winbindd
> > > 2532 ? S 0:00 /usr/local/samba/sbin/winbindd
> > > 2535 ? S 0:00 /usr/local/samba/sbin/winbindd
> > > 2536 ? S 0:01 /usr/local/samba/sbin/winbindd
> > > 4731 ? S 0:00 /usr/local/samba/sbin/winbindd
> > > 17044 pts/7 S+ 0:00 grep winbind
> > >
> > > > Then I can connect with smbclient to the system where I never could
> > > > before. That would be fine except that ssh requires winbind.
> > > > If I stop /etc/init.d/samba and launch nmbd, smbd and winbind as
> > > > services on their own, then ssh login with AD credentials works,
> > > > but I cannot connect with smbclient.
> > >
> > > If try to connect from a DC to devstation with smbclient, I get this:
> > >
> > > root at dc1:~# smbclient -L //devstation -UAdministrator
> > > Enter Administrator's password:
> > > Domain=[SAMDOM] OS=[Windows 6.1] Server=[Samba 4.4.4]
> > >
> > > Sharename Type Comment
> > > --------- ---- -------
> > > homes Disk
> > > data2 Disk
> > > IPC$ IPC IPC Service (Samba 4 Client
> > devstation)
> > > root Disk Home directory of root
> > > Domain=[SAMDOM] OS=[Windows 6.1] Server=[Samba 4.4.4]
> > >
> > > Server Comment
> > > --------- -------
> > > DESKTOP-GVRV8IE
> > > DEVSTATION Samba 4 Client devstation
> > >
> > > Workgroup Master
> > > --------- -------
> > > SAMDOM DESKTOP-GVRV8IE
> > >
> > > > The other system running with winbind allows both smbclient
> > > > and ssh connections.
> > > >
> > > > On the problem system:
> > > >
> > > > Winbind on, and smbclient fails.
> > > > Winbind off, and smbclient connects.
> > > >
> > > > It doesn't matter if winbind is in /etc/nsswitch.conf
> > > > The good working system does not have winbind in the nsswitch.conf
> > > >
> > > > Both systems have the same packages containing winbind in the name.
> > > >
> > >
> > > I would check everything, if they are running the same OS and Samba
> > > version etc, then you should get the same results etc, provided Samba
> > > is running as the same thing i.e. a domain member
> > >
> > >
> > I'm fairly certain I'm encountering this bug:
> >
> > https://bugzilla.samba.org/show_bug.cgi?id=10604
> >
> > On the first server which was "working properly", it actually fails once
> > with the getpwuid(4294967295) failed type of error, and on the second
> > auth attempt, it works.
> >
> > On the second server which never works while winbind is running,
> > I'm always seeing the getpwuid failed error.
> >
> > Just like the bug report, I find the second server works if winbind
> stops.
> > My symptoms and error match this bug report very well.
> >
> > There were some users chiming in who said their drive mapping
> > always failed rather than only in the first auth attempt.
> >
> > This samba bug report was where I got the previous range values starting
> > at
> > 1000
> > as a supposed fix.
> >
> > In fact, the Debian bug report says this magic set of idmap values is a
> > workaround:
> >
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803001
> >
> > I don't believe in magic.
> >
> > Maybe I'll need to take this up on a Debian group
> > unless there is a better suggestion on a solution.
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list