[Samba] Successes an failures with Samba 4.3.9 and FreeBSD-10.3
Rowland penny
rpenny at samba.org
Mon Jul 11 08:10:40 UTC 2016
See inline comments
On 11/07/16 06:32, Zaphod Beeblebrox wrote:
> So... I've been running Samba 3.6 for too long and I upgraded. I did save
> my packages for 3.6, but I don't _think_ I'm going back.
>
> Points for the group:
>
> - Samba 4.4.x is broken on FreeBSD. I forget exactly, but it seems to
> be a known problem (tm), so I'll move on.
What is wrong with Samba 4.4.x on FreeBSD ?
> - Whether I use BIND9_DLZ or I use SAMBA_INTERNAL, samba_dnsupdate
> complains. Strange thing, tho: all the domains seem to lookup fine. I
> can't exactly find the problem here.
I understand this is a known problem and can possibly be 'fixed' by
adding 'allow dns updates = nonsecure and secure' to smb.conf on the DC.
> - BIG ONE: wbinfo isn't working and (related, for me) idmap isn't either.
>
> ... so on that last one, wbinfo -u or -g print nothing (not even errors).
> wbinfo -D HOME or -t are fine. wbinfo -i adminsitrator prints out the
> unhelpful
This is regression from the 'badlock' patches and should have been fixed
in 4.4.3, see release notes here:
https://www.samba.org/samba/history/samba-4.4.3.html
>
> [2:282:582]root at vr:/var/log/samba4> wbinfo -i administrator
> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for user administrator
>
> ... which aparently WBC_ERR_DOMAIN_NOT_FOUND is just the default error (or
> that's what I read in one place).
>
> Now... this is pretty bupkis, because ldbsearch finds the SID for
> administrator _and_ for my login just fine. In addition, ldbedit lets me
> change my xidNumber. I did so. when I re-ldbedit... it's changed.
And this where lots of people make the same mistake, don't change the
'xidNumber' attribute in idmap.ldb, add a 'uidNumber' attribute to the
users object in sam.ldb.
Rowland
>
> ... but this doesn't change the uid that files are created with. Sigh.
> More reading said that there's another SID ... the SID for the "group of
> me" ... and I have instructions for wbinfo to find that SID so I can
> ldbedit it. But you see my problem: wbinfo for finding SIDs is broke.
>
> Now... I've put my time into this. I've broken out ktrace and log level =
> 10. I've put a whole afternoon into this. Log stuff is a _bit_
> interesting. When I wbinfo -i zbeeble, I get:
>
> [2016/07/11 01:10:37.408526, 1, pid=24476, effective(0, 0), real(0, 0)]
> ../librpc/ndr/ndr.c:439(ndr_print_function_debu
> g)
> wbint_LookupName: struct wbint_LookupName
> in: struct wbint_LookupName
> domain : *
> domain : 'HOME'
> name : *
> name : 'ZBEEBLE'
> flags : 0x00000008 (8)
> [2016/07/11 01:10:37.414175, 1, pid=24476, effective(0, 0), real(0, 0)]
> ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
> wbint_LookupName: struct wbint_LookupName
> out: struct wbint_LookupName
> type : *
> type : SID_NAME_USE_NONE (0)
> sid : *
> sid : S-0-0
> result : NT_STATUS_UNSUCCESSFUL
>
> but further on in the file (probably coming from a random SMB file access)
> I see:
>
> Parsing value for key
> [IDMAP/SID2XID/S-1-5-21-3505373935-2275348003-3197909400-1104]:
> value=[3000016:B]
> [2016/07/11 01:10:56.209343, 10, pid=24476, effective(0, 0), real(0, 0)]
> ../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid)
> Parsing value for key
> [IDMAP/SID2XID/S-1-5-21-3505373935-2275348003-3197909400-1104]:
> id=[3000016], endptr=[:B]
> [2016/07/11 01:10:56.209352, 10, pid=24476, effective(0, 0), real(0, 0),
> class=winbind] ../source3/winbindd/wb_sids2xids.c:106(wb_sids2xids_send)
> SID 1: S-1-5-21-3505373935-2275348003-3197909400-513
>
> ... which is curious because 3000016 is the wrong, old or automatically
> assigned UID and the SID there is my SID.
>
>
> ... all very frustrating.
>
>
> At least my Shield TV talks to the box. Sigh.
More information about the samba
mailing list