[Samba] Samba fileserver member corrupt smb.ldb after joining 4.8.4 Samba DC

Waishon waishon009 at gmail.com
Fri Aug 24 21:41:54 UTC 2018 

Hi again,

I think I found out something interesting:
When running "ntacl get" with debug = 10, I get the following output on the
machine where it works:

posix_get_nt_acl: called for file /srv/profiles/
Opening cache file at /var/cache/samba/gencache.tdb
Opening cache file at /var/run/samba/gencache_notrans.tdb
uid 0 -> sid S-1-22-1-0 <12210>
gid 100513 -> sid S-1-5-21-3981408749-3007518722-157077061-513
canonicalise_acl: Access ace entries before arrange :

And this is the output when it won't work:

Opening cache file at /var/cache/samba/gencache.tdb

Opening cache file at /var/run/samba/gencache_notrans.tdb

uid_to_sid: winbind failed to find a sid for uid 0

Attempting to register passdb backend smbpasswd

So it seems that winbind isn't able to find a matching group for the uid 0
(root). Why is this the case?

wbinfo --uid-info=0 show on both systems the same output:

failed to call wbcGetpwuid: WBC_ERR_DOMAIN_NOT_FOUND

Could not get info for uid 0


Maybe that helps to find where the issue is?

Am Freitag, 24. August 2018 schrieb Waishon :

> Hi,
>
> yes I get exactly this output.
>
> And I've read the Wiki. As mentioned before it worked already. That's the
> strange thing :)
>
> Am Freitag, 24. August 2018 schrieb Rowland Penny via samba :
>
>> On Fri, 24 Aug 2018 22:06:01 +0200
>> Waishon <waishon009 at gmail.com> wrote:
>>
>> > Hi,
>> >
>> > thanks for your suggestions. Do you think this is causes the
>> > stacktrace above? . I just added "REALM" as a placeholder and it
>> > worked on a DC that was provisioned using Samba 4.7.3 and upgraded
>> > afterwards to Samba 4.8.4 absolutely fine with this config and the
>> > command "samba-tool ntacl get /srv/profiles" returns the correct ACLs
>> > of this directory.
>> >
>> > When I interprete this correctly it seems that the Fileserver is
>> > unable to find the DomainSID. Normally the command "ntacl get" should
>> > return the ACLs and not that stacktrace, should'nt it :).
>> >
>>
>> Does 'wbinfo -D SAMDOM'
>> Return something like this:
>>
>> Name              : SAMDOM
>> Alt_Name          : samdom.example.com
>> SID               : S-1-5-21-1768301897-3342589593-1064908849
>> Active Directory  : Yes
>> Native            : Yes
>> Primary           : Yes
>>
>> Also have you read this:
>>
>> https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>

More information about the samba mailing list