[Samba] 4.5 -> 4.8 samba fails to start
Chad William Seys
cwseys at physics.wisc.edu
Mon Jun 18 16:32:07 UTC 2018
Hi all,
I'm trying to upgrade samba from 4.5 to 4.8 and it no longer starts.
This is using the Debian Jessie (4.5.12+dfsg-2+deb9u2) and Debian
testing (4.8.2+dfsg-1) packages.
Below are a log file from the non-starting server, and testparm on
the working 4.5, and again on the non-working 4.8.
I do so an ERROR in the the testparm for 4.8:
idmap range not specified for domain '*'
ERROR: Invalid idmap range for domain *!
If someone could guide me through making samba happy about that, that
would be great.
I may have an usual setup. In 4.5 Samba checks against an MIT
kerberos server for authentication.
Thanks!
Chad.
The last few lines of log.smbd are : (I've got more!)
create_builtin_administrators: Failed to create Administrators
[2018/06/18 06:11:21.308167, 4, pid=19610, effective(0, 0), real(0, 0)]
../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2018/06/18 06:11:21.308250, 3, pid=19610, effective(0, 0), real(0, 0)]
../source3/auth/token_util.c:708(finalize_local_nt_token)
Failed to check for local Administrators membership
(NT_STATUS_INVALID_PARAMETER_MIX)
[2018/06/18 06:11:21.308384, 4, pid=19610, effective(0, 0), real(0, 0)]
../source3/smbd/sec_ctx.c:216(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2018/06/18 06:11:21.308461, 4, pid=19610, effective(0, 0), real(0, 0)]
../source3/smbd/uid.c:491(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2018/06/18 06:11:21.308533, 4, pid=19610, effective(0, 0), real(0, 0)]
../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2018/06/18 06:11:21.308604, 5, pid=19610, effective(0, 0), real(0, 0)]
../libcli/security/security_token.c:53(security_token_debug)
Security token: (NULL)
[2018/06/18 06:11:21.308675, 5, pid=19610, effective(0, 0), real(0, 0)]
../source3/auth/token_util.c:810(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2018/06/18 06:11:21.308838, 5, pid=19610, effective(0, 0), real(0, 0)]
../source3/passdb/pdb_util.c:128(create_builtin_users)
create_builtin_users: Failed to create Users
[2018/06/18 06:11:21.308953, 4, pid=19610, effective(0, 0), real(0, 0)]
../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2018/06/18 06:11:21.309036, 3, pid=19610, effective(0, 0), real(0, 0)]
../source3/auth/token_util.c:751(finalize_local_nt_token)
Failed to check for local Guests membership
(NT_STATUS_INVALID_PARAMETER_MIX)
[2018/06/18 06:11:21.309118, 0]
../source3/auth/auth_util.c:1372(make_new_session_info_guest)
create_local_token failed: NT_STATUS_NO_MEMORY
[2018/06/18 06:11:21.309208, 0, pid=19610, effective(0, 0), real(0, 0)]
../source3/smbd/server.c:1993(main)
ERROR: failed to setup guest info.
Googling get me the most interesting result of a Debian bug. The
reported "resolved" it for themselves by using Samba 4.7 ;) .
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=899269
testparm in 4.5
------------------------------------------------------------------------
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
WARNING: The "syslog" option is deprecated
Processing section "[LabSoftware]"
Processing section "[monitor]"
Processing section "[smb]"
Processing section "[guest]"
Loaded services file OK.
WARNING: some services use vfs_fruit, others don't. Mounting them in
conjunction on OS X clients results in undefined behaviour.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
# Global parameters
[global]
realm = PHYSICS.WISC.EDU
server string = %h server
workgroup = PHYSICS
max log size = 100000
syslog = 0
panic action = /usr/share/samba/panic-action %d
kerberos method = secrets and keytab
map to guest = Bad User
security = ADS
server signing = required
hostname lookups = Yes
dns proxy = No
fruit:nfs_aces = no
idmap config * : backend = tdb
[LabSoftware]
path = /srv/smb/LabSoftware
guest ok = Yes
hosts allow = blah blay blax
smb encrypt = No
[monitor]
path = /srv/monitor
browseable = No
read only = No
vfs objects = btrfs
[smb]
path = /srv/smb
ea support = Yes
inherit acls = Yes
inherit permissions = Yes
read only = No
smb encrypt = desired
msdfs root = Yes
vfs objects = btrfs catia fruit streams_xattr
fruit:encoding = native
[guest]
path = /srv/smb
hide unreadable = Yes
ea support = Yes
guest ok = Yes
inherit acls = Yes
inherit permissions = Yes
read only = No
smb encrypt = desired
msdfs root = Yes
vfs objects = btrfs catia fruit streams_xattr
fruit:encoding = native
-----------------------------------------------
testparm for same config file in 4.8
------------------------------------------------------------------------
# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
WARNING: The "syslog" option is deprecated
Processing section "[monitor]"
Processing section "[smb]"
Processing section "[guest]"
Loaded services file OK.
idmap range not specified for domain '*'
ERROR: Invalid idmap range for domain *!
WARNING: some services use vfs_fruit, others don't. Mounting them in
conjunction on OS X c
lients results in undefined behaviour.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
# Global parameters
[global]
dns proxy = No
hostname lookups = Yes
kerberos method = secrets and keytab
map to guest = Bad User
max log size = 100000
panic action = /usr/share/samba/panic-action %d
realm = PHYSICS.WISC.EDU
security = ADS
server signing = required
server string = %h server
syslog = 0
workgroup = PHYSICS
fruit:nfs_aces = no
idmap config * : backend = tdb
[monitor]
browseable = No
path = /srv/monitor
read only = No
vfs objects = btrfs
[smb]
ea support = Yes
inherit acls = Yes
inherit permissions = Yes
msdfs root = Yes
path = /srv/smb
read only = No
smb encrypt = desired
vfs objects = btrfs catia fruit streams_xattr
fruit:encoding = native
[guest]
ea support = Yes
guest ok = Yes
hide unreadable = Yes
inherit acls = Yes
inherit permissions = Yes
msdfs root = Yes
path = /srv/smb
read only = No
smb encrypt = desired
vfs objects = btrfs catia fruit streams_xattr
fruit:encoding = native
More information about the samba
mailing list