[Samba] sys_setgroups failed on Solaris 11

Teddy Brown tbrown at ctg.queensu.ca
Thu Jun 7 14:04:41 UTC 2018 

Hi, 
I'm trying to create a new Samba server to share files. We currently have an instance of Samba 3.6 on another server which we are using but need to retire that server. 

I recently set up a new AD domain on Samba 4.3.11 on Ubuntu 16.04. There are two domain controllers. Most of the PCs are joined to this AD domain. 

Our user accounts and group memberships are maintained in an LDAP directory. On our Linux servers SSSD is used to authenticate and authorize and Solaris servers use nsswitch ldap directly. 

I've followed the instructions here to join the new Samba server (Samba 4.4.14 on Solaris 11.3) to the AD domain. 
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member 

My hope is to use AD for authentication, but for the users & groups to be read by the Samba server OS as if our users were on Unix/Linux directly. Our current Samba 3.6 works this way. We assign permissions in Unix. We don't assign permissions using Windows. 

Anyways, when I connect it seems work when I authenticate but then it bails on sys_setgroups. 

Not sure what to look for now. What information should I provide for help? 

# 
# smb.conf 
#======================= Global Settings ===================================== 
[global] 
security = ADS 
workgroup = MYDOMAIN-AD 
server string = Samba Server on LEX 
server role = standalone server 
log file = /var/samba/log/log.%m 
max log size = 50 
realm = MYDOMAIN-AD.CTG.QUEENSU.CA 
passdb backend = tdbsam 

interfaces = 10.1.21.220/16 
bind interfaces only = yes 
wins support = no 

idmap config * : backend = tdb 
idmap config * : range = 3000-7999 

idmap config MYDOMAIN-AD : backend = nss 
idmap config MYDOMAIn-AD : range = 100000-999999 

# 
# 
# some output from: smbd -i -d3 
....snip... 
ldb_wrap open of secrets.ldb 
check_ntlm_password: winbind authentication for user [teddy] succeeded 
check_ntlm_password: authentication for user [teddy] -> [teddy] -> [teddy] succeeded 
NTLMSSP Sign/Seal - Initialising with flags: 
Got NTLMSSP neg_flags=0xe2088215 
NTLMSSP Sign/Seal - Initialising with flags: 
Got NTLMSSP neg_flags=0xe2088215 
Adding homes service for user 'teddy' using home directory: '/home/teddy' 
adding home's share [teddy] for user 'teddy' at '/home/teddy' 
Allowed connection from 10.0.61.1 (10.0.61.1) 
Connect path is '/tmp' for service [IPC$] 
Initialising default vfs hooks 
Initialising custom vfs hooks from [/[Default VFS]/] 
PANIC (pid 23738): sys_setgroups failed 
BACKTRACE: 22 stack frames: 
....snip.... 

-- 
Teddy Brown 
Senior Applications Developer 
Systems Analyst 
Canadian Cancer Trials Group 
Queen's University 
10 Stuart St, Kingston ON, K7L 3N6 
(613) 533-6430 
Follow us: [ https://twitter.com/CDNCancerTrials ] [ https://www.linkedin.com/company/canadiancancertrialsgroup |   ] [ http://www.cctg.ca/ |  cctg.ca  ]

More information about the samba mailing list