[Samba] Successes an failures with Samba 4.3.9 and FreeBSD-10.3
David STIEVENARD
stievenard.david at gmail.com
Tue Jul 12 01:00:28 UTC 2016
Hi
On 07/11/2016 04:10 PM, Rowland penny wrote:
>
> See inline comments
>
> On 11/07/16 06:32, Zaphod Beeblebrox wrote:
>> So... I've been running Samba 3.6 for too long and I upgraded. I did
>> save
>> my packages for 3.6, but I don't _think_ I'm going back.
>>
>> Points for the group:
>>
>> - Samba 4.4.x is broken on FreeBSD. I forget exactly, but it
>> seems to
>> be a known problem (tm), so I'll move on.
>
> What is wrong with Samba 4.4.x on FreeBSD ?
Here's the info I collected
I added this bug, with the package version of 4.4.3_1 on FreeBSD 10.3,
the domain provisioning fails
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209787
There is also this bug
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209707
There are in total 38 bugs in the list, and it seems that the port
maintainer is quite busy with all of this.
>
>> - Whether I use BIND9_DLZ or I use SAMBA_INTERNAL, samba_dnsupdate
>> complains. Strange thing, tho: all the domains seem to lookup
>> fine. I
>> can't exactly find the problem here.
>
>
> I understand this is a known problem and can possibly be 'fixed' by
> adding 'allow dns updates = nonsecure and secure' to smb.conf on the DC.
I confirm, this information made my test work
>
>> - BIG ONE: wbinfo isn't working and (related, for me) idmap isn't
>> either.
>>
>> ... so on that last one, wbinfo -u or -g print nothing (not even
>> errors).
>> wbinfo -D HOME or -t are fine. wbinfo -i adminsitrator prints out the
>> unhelpful
>
> This is regression from the 'badlock' patches and should have been
> fixed in 4.4.3, see release notes here:
>
> https://www.samba.org/samba/history/samba-4.4.3.html
>
>>
>> [2:282:582]root at vr:/var/log/samba4> wbinfo -i administrator
>> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
>> Could not get info for user administrator
>>
>> ... which aparently WBC_ERR_DOMAIN_NOT_FOUND is just the default
>> error (or
>> that's what I read in one place).
>>
>> Now... this is pretty bupkis, because ldbsearch finds the SID for
>> administrator _and_ for my login just fine. In addition, ldbedit
>> lets me
>> change my xidNumber. I did so. when I re-ldbedit... it's changed.
>
> And this where lots of people make the same mistake, don't change the
> 'xidNumber' attribute in idmap.ldb, add a 'uidNumber' attribute to the
> users object in sam.ldb.
>
> Rowland
>
>>
>> ... but this doesn't change the uid that files are created with. Sigh.
>> More reading said that there's another SID ... the SID for the "group of
>> me" ... and I have instructions for wbinfo to find that SID so I can
>> ldbedit it. But you see my problem: wbinfo for finding SIDs is broke.
>>
>> Now... I've put my time into this. I've broken out ktrace and log
>> level =
>> 10. I've put a whole afternoon into this. Log stuff is a _bit_
>> interesting. When I wbinfo -i zbeeble, I get:
>>
>> [2016/07/11 01:10:37.408526, 1, pid=24476, effective(0, 0), real(0, 0)]
>> ../librpc/ndr/ndr.c:439(ndr_print_function_debu
>> g)
>> wbint_LookupName: struct wbint_LookupName
>> in: struct wbint_LookupName
>> domain : *
>> domain : 'HOME'
>> name : *
>> name : 'ZBEEBLE'
>> flags : 0x00000008 (8)
>> [2016/07/11 01:10:37.414175, 1, pid=24476, effective(0, 0), real(0, 0)]
>> ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
>> wbint_LookupName: struct wbint_LookupName
>> out: struct wbint_LookupName
>> type : *
>> type : SID_NAME_USE_NONE (0)
>> sid : *
>> sid : S-0-0
>> result : NT_STATUS_UNSUCCESSFUL
>>
>> but further on in the file (probably coming from a random SMB file
>> access)
>> I see:
>>
>> Parsing value for key
>> [IDMAP/SID2XID/S-1-5-21-3505373935-2275348003-3197909400-1104]:
>> value=[3000016:B]
>> [2016/07/11 01:10:56.209343, 10, pid=24476, effective(0, 0), real(0, 0)]
>> ../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid)
>> Parsing value for key
>> [IDMAP/SID2XID/S-1-5-21-3505373935-2275348003-3197909400-1104]:
>> id=[3000016], endptr=[:B]
>> [2016/07/11 01:10:56.209352, 10, pid=24476, effective(0, 0), real(0, 0),
>> class=winbind] ../source3/winbindd/wb_sids2xids.c:106(wb_sids2xids_send)
>> SID 1: S-1-5-21-3505373935-2275348003-3197909400-513
>>
>> ... which is curious because 3000016 is the wrong, old or automatically
>> assigned UID and the SID there is my SID.
>>
>>
>> ... all very frustrating.
>>
>>
>> At least my Shield TV talks to the box. Sigh.
>
>
Unfortunatly I'm facing another problem : freenas 9.10 has a problem to
join a samba 4.3.9 domain on freebsd 10.3
https://forums.freenas.org/index.php?threads/ad-auth-fails-after-upgrade.42836/#post-279550
https://bugs.freenas.org/issues/15823
this post seems to have the solution :
https://forums.freenas.org/index.php?threads/ad-auth-fails-after-upgrade.42836/#post-279550
but I didn't get it yet.
More information about the samba
mailing list