[Samba] chown: changing ownership of 'test': Invalid argument

Ian Coetzee samba at iancoetzee.za.net
Wed Apr 10 07:04:06 UTC 2019

Hi All,

I have a very weird issue on one of my servers. I think I might just be
missing something quite obviously... I will post the config files at the

I have a brand new Debian server running as an LXC container

> root at ho-vpn-ctx-ac01:~# lsb_release -a
> No LSB modules are available.
> Distributor ID:    Debian
> Description:    Debian GNU/Linux 9.8 (stretch)
> Release:    9.8
> Codename:    stretch
> root at ho-vpn-ctx-ac01:~# uname -a
> Linux ho-vpn-ctx-ac01 4.15.18-12-pve #1 SMP PVE 4.15.18-35 (Wed, 13 Mar
> 2019 08:24:42 +0100) x86_64 GNU/Linux
> root at ho-vpn-ctx-ac01:~#

I am running said server as a domain member using the latest packages in
Louis' 4.9 branch

> root at ho-vpn-ctx-ac01:~# net -V
> Version 4.9.6-Debian
> root at ho-vpn-ctx-ac01:~# net ads testjoin
> Join is OK

The join seems to be good, nsswitch is working

> root at ho-vpn-ctx-ac01:~# wbinfo -i ianc
> ianc:*:3201407:3200513::/home/JEOFFICE/ianc:/bin/bash
> root at ho-vpn-ctx-ac01:~# getent passwd ianc
> ianc:*:3201407:3200513::/home/JEOFFICE/ianc:/bin/bash

 Yet when I try to change the ownership of a file to a domain user, it
fails with "Invalid argument"

> root at ho-vpn-ctx-ac01:~# chown -v ianc test
> chown: changing ownership of 'test': Invalid argument
> failed to change ownership of 'test' from root to ianc
> root at ho-vpn-ctx-ac01:~# chown -v jeadmin test
> changed ownership of 'test' from root to jeadmin
> root at ho-vpn-ctx-ac01:~# getent passwd jeadmin
> jeadmin:x:1000:27::/home/jeadmin:/bin/bash

It works however when changing to a local user. So it looks like the issue
might be in samba. This is the first time I have had this problem after
quite a few other servers (a mix between CentOS, Debian and Ubuntu) has
already been joined to the domain using the exact same smb.conf.

On a side note, I am also unable to log into the server using domain
credentials, which I am currently attributing to the same cause.

Can you guys maybe point me in the right direction where I might start to
troubleshoot further?

Kind regards


root at ho-vpn-ctx-ac01:~# cat /etc/samba/smb.conf
   workgroup = JEOFFICE
   security = ADS
   template homedir = /home/%D/%U
   template shell = /bin/bash
   kerberos method = secrets only
   winbind use default domain = true
#   winbind offline logon = true
   winbind enum groups = true

   netbios name = ho-vpn-ctx-ac01

   log file = /var/log/samba/%m.log
   log level = 1

   # Default ID mapping configuration for local BUILTIN accounts
   # and groups on a domain member. The default (*) domain:
   # - must not overlap with any domain ID mapping configuration!
   # - must use an read-write-enabled back end, such as tdb.
   idmap config * : backend = tdb
   idmap config * : range = 70001-80000
   idmap config JEOFFICE : backend = rid
   idmap config JEOFFICE : range = 3200000-3300000

   winbind nss info = template
root at ho-vpn-ctx-ac01:~# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat winbind
group:          compat winbind
shadow:         compat
gshadow:        files

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

More information about the samba mailing list