[Samba] Erros in Samba 4 DC

Marcio Demetrio Bacci marciobacci at gmail.com
Thu Aug 22 18:22:05 UTC 2019 

Hi,

I noticed some problems in my DC2 (secondary) Logs, as below:

root at samba4-dc2:/var/log/samba# tail log.samba

ago 22 14:55:21 samba4-dc2 samba[2812]: [2019/08/22 14:55:21.106213,  0]
../lib/util/util_runcmd.c:316(…andler)
ago 22 14:55:21 samba4-dc2 samba[2812]:   /usr/sbin/samba_dnsupdate: GENSEC
backend 'krb5' registered
ago 22 14:55:21 samba4-dc2 samba[2812]: [2019/08/22 14:55:21.106248,  0]
../lib/util/util_runcmd.c:316(…andler)
ago 22 14:55:21 samba4-dc2 samba[2812]:   /usr/sbin/samba_dnsupdate: GENSEC
backend 'fake_gssapi_krb5' …istered
ago 22 14:56:13 samba4-dc2 samba[2812]: [2019/08/22 14:56:13.779939,  0]
../lib/util/util_runcmd.c:316(…andler)
ago 22 14:56:13 samba4-dc2 samba[2812]:   /usr/sbin/rndc: Failed to exec
child - No such file or directory
ago 22 14:56:13 samba4-dc2 samba[2812]: [2019/08/22 14:56:13.781786,  0]
../source4/dsdb/dns/dns_update…c_done)
ago 22 14:56:13 samba4-dc2 samba[2812]:
../source4/dsdb/dns/dns_update.c:91: Failed rndc update - NT_…CESSFUL
ago 22 14:56:25 samba4-dc2 samba[2811]: [2019/08/22 14:56:25.466999,  0]
../lib/util/util_runcmd.c:316(…andler)
ago 22 14:56:25 samba4-dc2 samba[2811]:   /usr/sbin/samba_kcc: ldb_wrap
open of secrets.ldb

root at samba4-dc2:/var/log/samba# tail syslog

Aug 22 15:04:28 samba4-dc2 smbd[17917]:     Right[  0]:
SeRemoteInteractiveLogonRight
Aug 22 15:04:31 samba4-dc2 smbd[17918]: [2019/08/22 15:04:31.678220,  0]
../source4/auth/unix_token.c:79(security_token_to_unix_token)
Aug 22 15:04:31 samba4-dc2 smbd[17918]:   Unable to convert first SID
(S-1-5-21-1712526294-259020848-313593124-9877) in user token to a UID.
Conversion was returned as type 0, full token:
Aug 22 15:04:31 samba4-dc2 smbd[17918]: [2019/08/22 15:04:31.679042,  0]
../libcli/security/security_token.c:63(security_token_debug)
Aug 22 15:04:31 samba4-dc2 smbd[17918]:   Security token SIDs (6):
Aug 22 15:04:31 samba4-dc2 smbd[17918]:     SID[  0]:
S-1-5-21-1712526294-259020848-313593124-9877
Aug 22 15:04:31 samba4-dc2 smbd[17918]:     SID[  1]:
S-1-5-21-1712526294-259020848-313593124-515
Aug 22 15:04:31 samba4-dc2 smbd[17918]:     SID[  2]: S-1-1-0
Aug 22 15:04:31 samba4-dc2 smbd[17918]:     SID[  3]: S-1-5-2
Aug 22 15:04:31 samba4-dc2 smbd[17918]:     SID[  4]: S-1-5-11
Aug 22 15:04:31 samba4-dc2 smbd[17918]:     SID[  5]: S-1-5-32-554
Aug 22 15:04:31 samba4-dc2 smbd[17918]:    Privileges (0x          800000):
Aug 22 15:04:31 samba4-dc2 smbd[17918]:     Privilege[  0]:
SeChangeNotifyPrivilege
Aug 22 15:04:31 samba4-dc2 smbd[17918]:    Rights (0x             400):
Aug 22 15:04:31 samba4-dc2 smbd[17918]:     Right[  0]:
SeRemoteInteractiveLogonRight
Aug 22 15:04:41 samba4-dc2 smbd[17923]: [2019/08/22 15:04:41.911678,  0]
../source4/auth/unix_token.c:79(security_token_to_unix_token)
Aug 22 15:04:41 samba4-dc2 smbd[17923]:   Unable to convert first SID
(S-1-5-21-1712526294-259020848-313593124-9846) in user token to a UID.
Conversion was returned as type 0, full token:
Aug 22 15:04:41 samba4-dc2 smbd[17923]: [2019/08/22 15:04:41.912554,  0]
../libcli/security/security_token.c:63(security_token_debug)
Aug 22 15:04:41 samba4-dc2 smbd[17923]:   Security token SIDs (6):
Aug 22 15:04:41 samba4-dc2 smbd[17923]:     SID[  0]:
S-1-5-21-1712526294-259020848-313593124-9846
Aug 22 15:04:41 samba4-dc2 smbd[17923]:     SID[  1]:
S-1-5-21-1712526294-259020848-313593124-515
Aug 22 15:04:41 samba4-dc2 smbd[17923]:     SID[  2]: S-1-1-0
Aug 22 15:04:41 samba4-dc2 smbd[17923]:     SID[  3]: S-1-5-2
Aug 22 15:04:41 samba4-dc2 smbd[17923]:     SID[  4]: S-1-5-11
Aug 22 15:04:41 samba4-dc2 smbd[17923]:     SID[  5]: S-1-5-32-554
Aug 22 15:04:41 samba4-dc2 smbd[17923]:    Privileges (0x          800000):
Aug 22 15:04:41 samba4-dc2 smbd[17923]:     Privilege[  0]:
SeChangeNotifyPrivilege
Aug 22 15:04:41 samba4-dc2 smbd[17923]:    Rights (0x             400):
Aug 22 15:04:41 samba4-dc2 smbd[17923]:     Right[  0]:
SeRemoteInteractiveLogonRight
Aug 22 15:04:57 samba4-dc2 smbd[17925]: [2019/08/22 15:04:57.666287,  0]
../source4/auth/unix_token.c:79(security_token_to_unix_token)
Aug 22 15:04:57 samba4-dc2 smbd[17925]:   Unable to convert first SID
(S-1-5-21-1712526294-259020848-313593124-9200) in user token to a UID.
Conversion was returned as type 0, full token:
Aug 22 15:04:57 samba4-dc2 smbd[17925]: [2019/08/22 15:04:57.667152,  0]
../libcli/security/security_token.c:63(security_token_debug)
Aug 22 15:04:57 samba4-dc2 smbd[17925]:   Security token SIDs (6):
Aug 22 15:04:57 samba4-dc2 smbd[17925]:     SID[  0]:
S-1-5-21-1712526294-259020848-313593124-9200
Aug 22 15:04:57 samba4-dc2 smbd[17925]:     SID[  1]:
S-1-5-21-1712526294-259020848-313593124-515
Aug 22 15:04:57 samba4-dc2 smbd[17925]:     SID[  2]: S-1-1-0
Aug 22 15:04:57 samba4-dc2 smbd[17925]:     SID[  3]: S-1-5-2
Aug 22 15:04:57 samba4-dc2 smbd[17925]:     SID[  4]: S-1-5-11
Aug 22 15:04:57 samba4-dc2 smbd[17925]:     SID[  5]: S-1-5-32-554
Aug 22 15:04:57 samba4-dc2 smbd[17925]:    Privileges (0x          800000):
Aug 22 15:04:57 samba4-dc2 smbd[17925]:     Privilege[  0]:
SeChangeNotifyPrivilege
Aug 22 15:04:57 samba4-dc2 smbd[17925]:    Rights (0x             400):
Aug 22 15:04:57 samba4-dc2 smbd[17925]:     Right[  0]:
SeRemoteInteractiveLogonRight


/etc/init.d/samba-ad-dc status
● samba-ad-dc.service - Samba AD Daemon
   Loaded: loaded (/lib/systemd/system/samba-ad-dc.service; enabled; vendor
preset: enabled)
   Active: active (running) since Tue 2019-08-20 06:15:09 -03; 2 days ago
     Docs: man:samba(8)
           man:samba(7)
           man:smb.conf(5)
 Main PID: 2799 (samba)
   Status: "samba: ready to serve connections..."
    Tasks: 12 (limit: 4915)
   CGroup: /system.slice/samba-ad-dc.service
           ├─2799 /usr/sbin/samba
           ├─2801 /usr/sbin/samba
           ├─2802 /usr/sbin/samba
           ├─2803 /usr/sbin/samba
           ├─2804 /usr/sbin/samba
           ├─2806 /usr/sbin/samba
           ├─2807 /usr/sbin/samba
           ├─2808 /usr/sbin/samba
           ├─2810 /usr/sbin/samba
           ├─2811 /usr/sbin/samba
           ├─2812 /usr/sbin/samba
           └─2813 /usr/sbin/samba

ago 22 14:55:21 samba4-dc2 samba[2812]: [2019/08/22 14:55:21.106213,  0]
../lib/util/util_runcmd.c:316(…andler)
ago 22 14:55:21 samba4-dc2 samba[2812]:   /usr/sbin/samba_dnsupdate: GENSEC
backend 'krb5' registered
ago 22 14:55:21 samba4-dc2 samba[2812]: [2019/08/22 14:55:21.106248,  0]
../lib/util/util_runcmd.c:316(…andler)
ago 22 14:55:21 samba4-dc2 samba[2812]:   /usr/sbin/samba_dnsupdate: GENSEC
backend 'fake_gssapi_krb5' …istered
ago 22 14:56:13 samba4-dc2 samba[2812]: [2019/08/22 14:56:13.779939,  0]
../lib/util/util_runcmd.c:316(…andler)
ago 22 14:56:13 samba4-dc2 samba[2812]:   /usr/sbin/rndc: Failed to exec
child - No such file or directory
ago 22 14:56:13 samba4-dc2 samba[2812]: [2019/08/22 14:56:13.781786,  0]
../source4/dsdb/dns/dns_update…c_done)
ago 22 14:56:13 samba4-dc2 samba[2812]:
../source4/dsdb/dns/dns_update.c:91: Failed rndc update - NT_…CESSFUL
ago 22 14:56:25 samba4-dc2 samba[2811]: [2019/08/22 14:56:25.466999,  0]
../lib/util/util_runcmd.c:316(…andler)
ago 22 14:56:25 samba4-dc2 samba[2811]:   /usr/sbin/samba_kcc: ldb_wrap
open of secrets.ldb
Hint: Some lines were ellipsized, use -l to show in full.

How could you resolve these errors?

Regards,

Márcio Bacci

More information about the samba mailing list