[Samba] Samba fileserver member corrupt smb.ldb after joining 4.8.4 Samba DC
Waishon
waishon009 at gmail.com
Fri Aug 24 19:07:54 UTC 2018
If it's imported here's the DC-Provision log too:
service-samba-dc | Looking up IPv4 addresses
service-samba-dc | More than one IPv4 address
found. Using 192.168.188.2
service-samba-dc | Looking up IPv6 addresses
service-samba-dc | No IPv6 address will be assigned
service-samba-dc | Setting up share.ldb
service-samba-dc | Setting up secrets.ldb
service-samba-dc | Setting up the registry
service-samba-dc | Setting up the privileges database
service-samba-dc | Setting up idmap db
service-samba-dc | Setting up SAM db
service-samba-dc | Setting up sam.ldb partitions
and settings
service-samba-dc | Setting up sam.ldb rootDSE
service-samba-dc | Pre-loading the Samba 4 and AD schema
service-samba-dc | Unable to determine the
DomainSID, can not enforce uniqueness constraint on local domainSIDs
service-samba-dc |
service-samba-dc | Adding DomainDN:
DC=subdomain,DC=domain,DC=de
service-samba-dc | Adding configuration container
service-samba-dc | Setting up sam.ldb schema
service-samba-dc | Setting up sam.ldb configuration data
service-samba-dc | Setting up display specifiers
service-samba-dc | Modifying display specifiers
and extended rights
service-samba-dc | Adding users container
service-samba-dc | Modifying users container
service-samba-dc | Adding computers container
service-samba-dc | Modifying computers container
service-samba-dc | Setting up sam.ldb data
service-samba-dc | Setting up well known security
principals
service-samba-dc | Setting up sam.ldb users and groups
service-samba-dc | Setting up self join
service-samba-dc | Adding DNS accounts
service-samba-dc | Creating
CN=MicrosoftDNS,CN=System,DC=subdomain,DC=domain,DC=de
service-samba-dc | Creating DomainDnsZones and
ForestDnsZones partitions
service-samba-dc | Populating DomainDnsZones and
ForestDnsZones partitions
service-samba-dc | Setting up sam.ldb rootDSE
marking as synchronized
service-samba-dc | Fixing provision GUIDs
service-samba-dc | A Kerberos configuration
suitable for Samba AD has been generated at
/var/lib/samba/private/krb5.conf
service-samba-dc | Merge the contents of this
file with your system krb5.conf or replace it with this one. Do not
create a symlink!
service-samba-dc | Setting up fake yp server settings
service-samba-dc | Once the above files are
installed, your Samba AD server will be ready to use
service-samba-dc | Server Role: active
directory domain controller
service-samba-dc | Hostname: DC-1
service-samba-dc | NetBIOS Domain: REALM
service-samba-dc | DNS Domain:
subdomain.domain.de
service-samba-dc | DOMAIN SID:
S-1-5-21-2386618402-376715021-633914752
2018-08-24 20:54 GMT+02:00, Waishon <waishon009 at gmail.com>:
> Hello,
>
> I'm trying to join a samba-fileserver to a 4.8.4 Domain Controller. Both
> are installed from the Debian Unstable Sources.
> I've setup some scripts that allows me to provision the latest
> samba-version for testing purposes on two VMs. The following configs where
> working absolutly fine when provisioning a Samba-DC version 4.7.3 and I was
> able to do profile roaming, but since the DC is version 4.8.4 the following
> error occours:
>
> After provisioning the samba-dc as described in the Samba-Wiki I installed
> the samba-fileserver on a seperate VM and tried to join it to the DC using
> "net ads join <REALM>". That works absolutly fine and wbinfo --ping-dc is
> able to reach the DC. The SID -> UID Mapping using nsswitch also works
> without any problems.
>
> [global]
> security = ADS
> workgroup = schule
> realm = subdomain.domain.de
> log file = /var/log/samba/%m.log
> log level = 1
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> idmap config schule : backend = rid
> idmap config schule : range = 100000-200000
> winbind nss info = template
> template shell = /bin/bash
> template homedir = /home/%U
> username map = /etc/samba/user.map
>
> Now I set up a Share for Windows Profile Roaming:
> [Profiles]
> comment = User profiles
> path = /srv/profiles
> read only = no
> store dos attributes = Yes
> guest ok = no
> browseable = Yes
> create mask = 0600
> directory mask = 0700
> csc policy = disable
> valid users = @"Realm\Domain Users"
> oplocks = no
>
> But when trying to access this share Windows gives a permission denied,
> altough the permissions are the same as in the working version 4.7.4.
>
> I found out that samba-tool ntacl get /srv/profiles gives the following
> error:
> pdb backend samba_dsdb:tdb:///var/lib/samba/private/sam.ldb did not
> correctly init (error was NT_STATUS_UNSUCCESSFUL)
> PANIC (pid 1076): pdb_get_methods: failed to get pdb methods for backend
> samba_dsdb:tdb:///var/lib/samba/private/sam.ldb
>
> BACKTRACE: 37 stack frames:
> #0 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(log_stack_trace+0x1f)
> [0x7f60a977e42f]
> #1 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(smb_panic_s3+0x20)
> [0x7f60a578b650]
> #2 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0x2f)
> [0x7f60a977e50f]
> #3 /usr/lib/x86_64-linux-gnu/libsamba-passdb.so.0(+0x3eddb)
> [0x7f60a583addb]
> #4 /usr/lib/x86_64-linux-gnu/libsamba-passdb.so.0(+0x4122d)
> [0x7f60a583d22d]
> #5 /usr/lib/x86_64-linux-gnu/libsamba-passdb.so.0(+0x38277)
> [0x7f60a5834277]
> #6 /usr/lib/x86_64-linux-gnu/libsamba-passdb.so.0(uid_to_sid+0x89)
> [0x7f60a5836519]
> #7 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x18a7ba)
> [0x7f60a4cc57ba]
> #8
> /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(posix_get_nt_acl+0x245)
> [0x7f60a4cc7025]
> #9
> /usr/lib/python2.7/dist-packages/samba/samba3/smbd.x86_64-linux-gnu.so(+0x3ac5)
> [0x7f60a4e9cac5]
> #10 /usr/bin/python2.7(PyEval_EvalFrameEx+0x6066) [0x555a1ee43a86]
> #11 /usr/bin/python2.7(PyEval_EvalCodeEx+0x669) [0x555a1ee3b9e9]
> #12 /usr/bin/python2.7(PyEval_EvalFrameEx+0x58fe) [0x555a1ee4331e]
> #13 /usr/bin/python2.7(PyEval_EvalCodeEx+0x669) [0x555a1ee3b9e9]
> #14 /usr/bin/python2.7(+0x105d58) [0x555a1ee59d58]
> #15 /usr/bin/python2.7(PyObject_Call+0x36) [0x555a1ee235e6]
> #16 /usr/bin/python2.7(PyEval_EvalFrameEx+0x2807) [0x555a1ee40227]
> #17 /usr/bin/python2.7(PyEval_EvalCodeEx+0x669) [0x555a1ee3b9e9]
> #18 /usr/bin/python2.7(+0x105b99) [0x555a1ee59b99]
> #19 /usr/bin/python2.7(PyObject_Call+0x36) [0x555a1ee235e6]
> #20 /usr/bin/python2.7(PyEval_EvalFrameEx+0x2807) [0x555a1ee40227]
> #21 /usr/bin/python2.7(PyEval_EvalCodeEx+0x669) [0x555a1ee3b9e9]
> #22 /usr/bin/python2.7(+0x105b99) [0x555a1ee59b99]
> #23 /usr/bin/python2.7(PyObject_Call+0x36) [0x555a1ee235e6]
> #24 /usr/bin/python2.7(PyEval_EvalFrameEx+0x2807) [0x555a1ee40227]
> #25 /usr/bin/python2.7(PyEval_EvalCodeEx+0x669) [0x555a1ee3b9e9]
> #26 /usr/bin/python2.7(+0x105b99) [0x555a1ee59b99]
> #27 /usr/bin/python2.7(PyObject_Call+0x36) [0x555a1ee235e6]
> #28 /usr/bin/python2.7(PyEval_EvalFrameEx+0x2807) [0x555a1ee40227]
> #29 /usr/bin/python2.7(PyEval_EvalCodeEx+0x669) [0x555a1ee3b9e9]
> #30 /usr/bin/python2.7(PyEval_EvalCode+0x16) [0x555a1ee3b376]
> #31 /usr/bin/python2.7(+0x11b54f) [0x555a1ee6f54f]
> #32 /usr/bin/python2.7(PyRun_FileExFlags+0x84) [0x555a1ee69ec4]
> #33 /usr/bin/python2.7(PyRun_SimpleFileExFlags+0x177) [0x555a1ee69487]
> #34 /usr/bin/python2.7(Py_Main+0x56b) [0x555a1ee0d1cb]
> #35 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xe7)
> [0x7f60a9f88b17]
> #36 /usr/bin/python2.7(_start+0x2a) [0x555a1ee0cb8a]
> Can not dump core: corepath not set up
>
> And samba-tool ntacl sysvolcheck gives:
> ERROR(runtime): uncaught exception - samdb_domain_sid failed
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
> 176, in _run
> return self.run(*args, **kwargs)
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 265,
> in run
> domain_sid = security.dom_sid(samdb.domain_sid)
> File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 583, in
> get_domain_sid
> return dsdb._samdb_get_domain_sid(self)
>
> Both commands works perfectly on a DC and Fileserver combination which are
> provisioned with Samba 4.7.3.
>
> I also tried to join an older samba 4.6.7 on my notebook, but thereĆs the
> same error as above.
>
> Does anybody have an idea why this happens and how to solve this issue?
>
More information about the samba
mailing list