[Samba] Sernet Samba 4.2.9 sometimes missing acl_xattr

Sascha Kasch sascha.kasch at albertbauer.com
Tue Mar 8 15:44:52 UTC 2016

dear list,

we have a little problem with our samba server. it fails to load 
acl_xattr.so out of nothing and affects new connections as they cannot 
be established.
samba throws:

[2016/03/08 15:41:25.973874,  0] ../lib/util/modules.c:48(load_module)
   Error loading module 
/usr/lib/x86_64-linux-gnu/samba/libsmbregistry-samba4.so: version 
`SAMBA_4.2.9_SERNET_DEBIAN_8.JESSIE' not found (
required by /usr/lib/x86_64-linux-gnu/samba/vfs/acl_xattr.so)
[2016/03/08 15:41:25.973934,  0] ../source3/smbd/vfs.c:184(vfs_init_custom)
   error probing vfs module 'acl_xattr': NT_STATUS_UNSUCCESSFUL
[2016/03/08 15:41:25.973956,  0] ../source3/smbd/vfs.c:349(smbd_vfs_init)
   smbd_vfs_init: vfs_init_custom failed for acl_xattr

but the same time:

$ls -la /usr/lib/x86_64-linux-gnu/samba/vfs/acl_xattr.so
-rw-r--r-- 1 root root 31432 Mär  3 11:08 

ls -la /usr/lib/x86_64-linux-gnu/samba/libsmbregistry-samba4.so
-rw-r--r-- 1 root root 121264 Mär  3 11:08 

restarting the samba service helps but sometimes it just wont load that 
module. it does that since version 4.2.7 (sernet packages).
currently installed:

ii  sernet-samba 99:4.2.9-8                  amd64        SMB/CIFS file, 
print, and login server for Unix
ii  sernet-samba-client 99:4.2.9-8                  amd64        a 
LanManager-like simple client for Unix
ii  sernet-samba-common 99:4.2.9-8                  all          Samba 
common files used by both the server and the client
ii  sernet-samba-keyring 1.4                         all          GnuPG 
archive keys of the SerNet Samba archive
ii  sernet-samba-libs:amd64 99:4.2.9-8                  amd64        
Samba common library files used by both the server and the client
ii  sernet-samba-libsmbclient0:amd64 99:4.2.9-8                  
amd64        Shared library that allows applications to talk to SMB servers

and our smb.conf:

     workgroup = domain.com
     server string = %h server
     smb ports = 445
     log level = 1
     os level = 60
     security = user
     case sensitive = no
     domain logons = yes
     domain master = no
     usershare max shares = 0
     unix extensions = no
     getwd cache = yes
     encrypt passwords = true
     guest account = nobody
     logon path =
     printcap name = cups
     ea support = yes
     vfs object = acl_xattr

     ldap admin dn = "cn=admin,dc=domain,dc=com"
     passdb backend = ldapsam:"ldap://ldap.domain.com"
     ldap machine suffix = ou=systems
     ldap suffix = dc=domain,dc=com
     ldap timeout = 30
     ldap ssl = off

     idmap config * : backend = tdb
     idmap config * : range = 1000000-1999999

     idmap config DOMAIN : backend = ldap
     idmap config DOMAIN : range = 3000000-3999999
     idmap config DOMAIN : read only = yes
     idmap config DOMAIN : ldap_url = "ldap://ldap.domain.com"
     idmap config DOMAIN : ldap_base_dn = ou=idmaps,dc=domain,dc=com
     idmap config DOMAIN : ldap_user_dn = cn=admin,dc=domain,dc=com

     path = /daten/pvpl01/pvpl01
     browsable = yes
     read only = no
     valid users = @support
     admin users = @support
     inherit permissions = yes
     veto files = /Thumbs.db/
     delete veto files = yes
     inherit acls = yes
     map archive = no
     map readonly = no
     store dos attributes = yes

     path = /daten/pmpl_library/pmpl-library
     copy = pvpl01

Do we miss something here? Currently there is no access from Windows 
Machines so we can safely disable that module but still interested whats 
the problem here.

tia and cheers,

More information about the samba mailing list