[Samba] Erros in Samba 4 DC
Rowland penny
rpenny at samba.org
Thu Aug 22 18:42:20 UTC 2019
On 22/08/2019 19:22, Marcio Demetrio Bacci via samba wrote:
> Hi,
>
> I noticed some problems in my DC2 (secondary) Logs, as below:
>
> root at samba4-dc2:/var/log/samba# tail log.samba
>
> ago 22 14:55:21 samba4-dc2 samba[2812]: [2019/08/22 14:55:21.106213, 0]
> ../lib/util/util_runcmd.c:316(…andler)
> ago 22 14:55:21 samba4-dc2 samba[2812]: /usr/sbin/samba_dnsupdate: GENSEC
> backend 'krb5' registered
> ago 22 14:55:21 samba4-dc2 samba[2812]: [2019/08/22 14:55:21.106248, 0]
> ../lib/util/util_runcmd.c:316(…andler)
> ago 22 14:55:21 samba4-dc2 samba[2812]: /usr/sbin/samba_dnsupdate: GENSEC
> backend 'fake_gssapi_krb5' …istered
> ago 22 14:56:13 samba4-dc2 samba[2812]: [2019/08/22 14:56:13.779939, 0]
> ../lib/util/util_runcmd.c:316(…andler)
> ago 22 14:56:13 samba4-dc2 samba[2812]: /usr/sbin/rndc: Failed to exec
> child - No such file or directory
> ago 22 14:56:13 samba4-dc2 samba[2812]: [2019/08/22 14:56:13.781786, 0]
> ../source4/dsdb/dns/dns_update…c_done)
> ago 22 14:56:13 samba4-dc2 samba[2812]:
> ../source4/dsdb/dns/dns_update.c:91: Failed rndc update - NT_…CESSFUL
> ago 22 14:56:25 samba4-dc2 samba[2811]: [2019/08/22 14:56:25.466999, 0]
> ../lib/util/util_runcmd.c:316(…andler)
> ago 22 14:56:25 samba4-dc2 samba[2811]: /usr/sbin/samba_kcc: ldb_wrap
> open of secrets.ldb
Are you using Bind9, if so, post your named.conf files (the ones from
/etc/bind)
>
> root at samba4-dc2:/var/log/samba# tail syslog
>
> Aug 22 15:04:28 samba4-dc2 smbd[17917]: Right[ 0]:
> SeRemoteInteractiveLogonRight
> Aug 22 15:04:31 samba4-dc2 smbd[17918]: [2019/08/22 15:04:31.678220, 0]
> ../source4/auth/unix_token.c:79(security_token_to_unix_token)
> Aug 22 15:04:31 samba4-dc2 smbd[17918]: Unable to convert first SID
> (S-1-5-21-1712526294-259020848-313593124-9877) in user token to a UID.
> Conversion was returned as type 0, full token:
> Aug 22 15:04:31 samba4-dc2 smbd[17918]: [2019/08/22 15:04:31.679042, 0]
> ../libcli/security/security_token.c:63(security_token_debug)
> Aug 22 15:04:31 samba4-dc2 smbd[17918]: Security token SIDs (6):
> Aug 22 15:04:31 samba4-dc2 smbd[17918]: SID[ 0]:
> S-1-5-21-1712526294-259020848-313593124-9877
> Aug 22 15:04:31 samba4-dc2 smbd[17918]: SID[ 1]:
> S-1-5-21-1712526294-259020848-313593124-515
> Aug 22 15:04:31 samba4-dc2 smbd[17918]: SID[ 2]: S-1-1-0
> Aug 22 15:04:31 samba4-dc2 smbd[17918]: SID[ 3]: S-1-5-2
> Aug 22 15:04:31 samba4-dc2 smbd[17918]: SID[ 4]: S-1-5-11
> Aug 22 15:04:31 samba4-dc2 smbd[17918]: SID[ 5]: S-1-5-32-554
> Aug 22 15:04:31 samba4-dc2 smbd[17918]: Privileges (0x 800000):
> Aug 22 15:04:31 samba4-dc2 smbd[17918]: Privilege[ 0]:
> SeChangeNotifyPrivilege
> Aug 22 15:04:31 samba4-dc2 smbd[17918]: Rights (0x 400):
> Aug 22 15:04:31 samba4-dc2 smbd[17918]: Right[ 0]:
> SeRemoteInteractiveLogonRight
> Aug 22 15:04:41 samba4-dc2 smbd[17923]: [2019/08/22 15:04:41.911678, 0]
> ../source4/auth/unix_token.c:79(security_token_to_unix_token)
> Aug 22 15:04:41 samba4-dc2 smbd[17923]: Unable to convert first SID
> (S-1-5-21-1712526294-259020848-313593124-9846) in user token to a UID.
> Conversion was returned as type 0, full token:
> Aug 22 15:04:41 samba4-dc2 smbd[17923]: [2019/08/22 15:04:41.912554, 0]
> ../libcli/security/security_token.c:63(security_token_debug)
> Aug 22 15:04:41 samba4-dc2 smbd[17923]: Security token SIDs (6):
> Aug 22 15:04:41 samba4-dc2 smbd[17923]: SID[ 0]:
> S-1-5-21-1712526294-259020848-313593124-9846
> Aug 22 15:04:41 samba4-dc2 smbd[17923]: SID[ 1]:
> S-1-5-21-1712526294-259020848-313593124-515
> Aug 22 15:04:41 samba4-dc2 smbd[17923]: SID[ 2]: S-1-1-0
> Aug 22 15:04:41 samba4-dc2 smbd[17923]: SID[ 3]: S-1-5-2
> Aug 22 15:04:41 samba4-dc2 smbd[17923]: SID[ 4]: S-1-5-11
> Aug 22 15:04:41 samba4-dc2 smbd[17923]: SID[ 5]: S-1-5-32-554
> Aug 22 15:04:41 samba4-dc2 smbd[17923]: Privileges (0x 800000):
> Aug 22 15:04:41 samba4-dc2 smbd[17923]: Privilege[ 0]:
> SeChangeNotifyPrivilege
> Aug 22 15:04:41 samba4-dc2 smbd[17923]: Rights (0x 400):
> Aug 22 15:04:41 samba4-dc2 smbd[17923]: Right[ 0]:
> SeRemoteInteractiveLogonRight
> Aug 22 15:04:57 samba4-dc2 smbd[17925]: [2019/08/22 15:04:57.666287, 0]
> ../source4/auth/unix_token.c:79(security_token_to_unix_token)
> Aug 22 15:04:57 samba4-dc2 smbd[17925]: Unable to convert first SID
> (S-1-5-21-1712526294-259020848-313593124-9200) in user token to a UID.
> Conversion was returned as type 0, full token:
> Aug 22 15:04:57 samba4-dc2 smbd[17925]: [2019/08/22 15:04:57.667152, 0]
> ../libcli/security/security_token.c:63(security_token_debug)
> Aug 22 15:04:57 samba4-dc2 smbd[17925]: Security token SIDs (6):
> Aug 22 15:04:57 samba4-dc2 smbd[17925]: SID[ 0]:
> S-1-5-21-1712526294-259020848-313593124-9200
> Aug 22 15:04:57 samba4-dc2 smbd[17925]: SID[ 1]:
> S-1-5-21-1712526294-259020848-313593124-515
> Aug 22 15:04:57 samba4-dc2 smbd[17925]: SID[ 2]: S-1-1-0
> Aug 22 15:04:57 samba4-dc2 smbd[17925]: SID[ 3]: S-1-5-2
> Aug 22 15:04:57 samba4-dc2 smbd[17925]: SID[ 4]: S-1-5-11
> Aug 22 15:04:57 samba4-dc2 smbd[17925]: SID[ 5]: S-1-5-32-554
> Aug 22 15:04:57 samba4-dc2 smbd[17925]: Privileges (0x 800000):
> Aug 22 15:04:57 samba4-dc2 smbd[17925]: Privilege[ 0]:
> SeChangeNotifyPrivilege
> Aug 22 15:04:57 samba4-dc2 smbd[17925]: Rights (0x 400):
> Aug 22 15:04:57 samba4-dc2 smbd[17925]: Right[ 0]:
> SeRemoteInteractiveLogonRight
>
>
> /etc/init.d/samba-ad-dc status
> ● samba-ad-dc.service - Samba AD Daemon
> Loaded: loaded (/lib/systemd/system/samba-ad-dc.service; enabled; vendor
> preset: enabled)
> Active: active (running) since Tue 2019-08-20 06:15:09 -03; 2 days ago
> Docs: man:samba(8)
> man:samba(7)
> man:smb.conf(5)
> Main PID: 2799 (samba)
> Status: "samba: ready to serve connections..."
> Tasks: 12 (limit: 4915)
> CGroup: /system.slice/samba-ad-dc.service
> ├─2799 /usr/sbin/samba
> ├─2801 /usr/sbin/samba
> ├─2802 /usr/sbin/samba
> ├─2803 /usr/sbin/samba
> ├─2804 /usr/sbin/samba
> ├─2806 /usr/sbin/samba
> ├─2807 /usr/sbin/samba
> ├─2808 /usr/sbin/samba
> ├─2810 /usr/sbin/samba
> ├─2811 /usr/sbin/samba
> ├─2812 /usr/sbin/samba
> └─2813 /usr/sbin/samba
>
> ago 22 14:55:21 samba4-dc2 samba[2812]: [2019/08/22 14:55:21.106213, 0]
> ../lib/util/util_runcmd.c:316(…andler)
> ago 22 14:55:21 samba4-dc2 samba[2812]: /usr/sbin/samba_dnsupdate: GENSEC
> backend 'krb5' registered
> ago 22 14:55:21 samba4-dc2 samba[2812]: [2019/08/22 14:55:21.106248, 0]
> ../lib/util/util_runcmd.c:316(…andler)
> ago 22 14:55:21 samba4-dc2 samba[2812]: /usr/sbin/samba_dnsupdate: GENSEC
> backend 'fake_gssapi_krb5' …istered
> ago 22 14:56:13 samba4-dc2 samba[2812]: [2019/08/22 14:56:13.779939, 0]
> ../lib/util/util_runcmd.c:316(…andler)
> ago 22 14:56:13 samba4-dc2 samba[2812]: /usr/sbin/rndc: Failed to exec
> child - No such file or directory
> ago 22 14:56:13 samba4-dc2 samba[2812]: [2019/08/22 14:56:13.781786, 0]
> ../source4/dsdb/dns/dns_update…c_done)
> ago 22 14:56:13 samba4-dc2 samba[2812]:
> ../source4/dsdb/dns/dns_update.c:91: Failed rndc update - NT_…CESSFUL
> ago 22 14:56:25 samba4-dc2 samba[2811]: [2019/08/22 14:56:25.466999, 0]
> ../lib/util/util_runcmd.c:316(…andler)
> ago 22 14:56:25 samba4-dc2 samba[2811]: /usr/sbin/samba_kcc: ldb_wrap
> open of secrets.ldb
> Hint: Some lines were ellipsized, use -l to show in full.
Why oh why would anything not print the entire output and then tell you
how to get it ?
Why not just print the entire output ?
>
> How could you resolve these errors?
>
> Regards,
>
> Márcio Bacci
Is winbind installed ?
Rowland
More information about the samba
mailing list