[Samba] Erros in Samba 4 DC

Rowland penny rpenny at samba.org
Thu Aug 22 18:42:20 UTC 2019 

On 22/08/2019 19:22, Marcio Demetrio Bacci via samba wrote:
> Hi,
>
> I noticed some problems in my DC2 (secondary) Logs, as below:
>
> root at samba4-dc2:/var/log/samba# tail log.samba
>
> ago 22 14:55:21 samba4-dc2 samba[2812]: [2019/08/22 14:55:21.106213,  0]
> ../lib/util/util_runcmd.c:316(…andler)
> ago 22 14:55:21 samba4-dc2 samba[2812]:   /usr/sbin/samba_dnsupdate: GENSEC
> backend 'krb5' registered
> ago 22 14:55:21 samba4-dc2 samba[2812]: [2019/08/22 14:55:21.106248,  0]
> ../lib/util/util_runcmd.c:316(…andler)
> ago 22 14:55:21 samba4-dc2 samba[2812]:   /usr/sbin/samba_dnsupdate: GENSEC
> backend 'fake_gssapi_krb5' …istered
> ago 22 14:56:13 samba4-dc2 samba[2812]: [2019/08/22 14:56:13.779939,  0]
> ../lib/util/util_runcmd.c:316(…andler)
> ago 22 14:56:13 samba4-dc2 samba[2812]:   /usr/sbin/rndc: Failed to exec
> child - No such file or directory
> ago 22 14:56:13 samba4-dc2 samba[2812]: [2019/08/22 14:56:13.781786,  0]
> ../source4/dsdb/dns/dns_update…c_done)
> ago 22 14:56:13 samba4-dc2 samba[2812]:
> ../source4/dsdb/dns/dns_update.c:91: Failed rndc update - NT_…CESSFUL
> ago 22 14:56:25 samba4-dc2 samba[2811]: [2019/08/22 14:56:25.466999,  0]
> ../lib/util/util_runcmd.c:316(…andler)
> ago 22 14:56:25 samba4-dc2 samba[2811]:   /usr/sbin/samba_kcc: ldb_wrap
> open of secrets.ldb
Are you using Bind9, if so, post your named.conf files (the ones from 
/etc/bind)
>
> root at samba4-dc2:/var/log/samba# tail syslog
>
> Aug 22 15:04:28 samba4-dc2 smbd[17917]:     Right[  0]:
> SeRemoteInteractiveLogonRight
> Aug 22 15:04:31 samba4-dc2 smbd[17918]: [2019/08/22 15:04:31.678220,  0]
> ../source4/auth/unix_token.c:79(security_token_to_unix_token)
> Aug 22 15:04:31 samba4-dc2 smbd[17918]:   Unable to convert first SID
> (S-1-5-21-1712526294-259020848-313593124-9877) in user token to a UID.
> Conversion was returned as type 0, full token:
> Aug 22 15:04:31 samba4-dc2 smbd[17918]: [2019/08/22 15:04:31.679042,  0]
> ../libcli/security/security_token.c:63(security_token_debug)
> Aug 22 15:04:31 samba4-dc2 smbd[17918]:   Security token SIDs (6):
> Aug 22 15:04:31 samba4-dc2 smbd[17918]:     SID[  0]:
> S-1-5-21-1712526294-259020848-313593124-9877
> Aug 22 15:04:31 samba4-dc2 smbd[17918]:     SID[  1]:
> S-1-5-21-1712526294-259020848-313593124-515
> Aug 22 15:04:31 samba4-dc2 smbd[17918]:     SID[  2]: S-1-1-0
> Aug 22 15:04:31 samba4-dc2 smbd[17918]:     SID[  3]: S-1-5-2
> Aug 22 15:04:31 samba4-dc2 smbd[17918]:     SID[  4]: S-1-5-11
> Aug 22 15:04:31 samba4-dc2 smbd[17918]:     SID[  5]: S-1-5-32-554
> Aug 22 15:04:31 samba4-dc2 smbd[17918]:    Privileges (0x          800000):
> Aug 22 15:04:31 samba4-dc2 smbd[17918]:     Privilege[  0]:
> SeChangeNotifyPrivilege
> Aug 22 15:04:31 samba4-dc2 smbd[17918]:    Rights (0x             400):
> Aug 22 15:04:31 samba4-dc2 smbd[17918]:     Right[  0]:
> SeRemoteInteractiveLogonRight
> Aug 22 15:04:41 samba4-dc2 smbd[17923]: [2019/08/22 15:04:41.911678,  0]
> ../source4/auth/unix_token.c:79(security_token_to_unix_token)
> Aug 22 15:04:41 samba4-dc2 smbd[17923]:   Unable to convert first SID
> (S-1-5-21-1712526294-259020848-313593124-9846) in user token to a UID.
> Conversion was returned as type 0, full token:
> Aug 22 15:04:41 samba4-dc2 smbd[17923]: [2019/08/22 15:04:41.912554,  0]
> ../libcli/security/security_token.c:63(security_token_debug)
> Aug 22 15:04:41 samba4-dc2 smbd[17923]:   Security token SIDs (6):
> Aug 22 15:04:41 samba4-dc2 smbd[17923]:     SID[  0]:
> S-1-5-21-1712526294-259020848-313593124-9846
> Aug 22 15:04:41 samba4-dc2 smbd[17923]:     SID[  1]:
> S-1-5-21-1712526294-259020848-313593124-515
> Aug 22 15:04:41 samba4-dc2 smbd[17923]:     SID[  2]: S-1-1-0
> Aug 22 15:04:41 samba4-dc2 smbd[17923]:     SID[  3]: S-1-5-2
> Aug 22 15:04:41 samba4-dc2 smbd[17923]:     SID[  4]: S-1-5-11
> Aug 22 15:04:41 samba4-dc2 smbd[17923]:     SID[  5]: S-1-5-32-554
> Aug 22 15:04:41 samba4-dc2 smbd[17923]:    Privileges (0x          800000):
> Aug 22 15:04:41 samba4-dc2 smbd[17923]:     Privilege[  0]:
> SeChangeNotifyPrivilege
> Aug 22 15:04:41 samba4-dc2 smbd[17923]:    Rights (0x             400):
> Aug 22 15:04:41 samba4-dc2 smbd[17923]:     Right[  0]:
> SeRemoteInteractiveLogonRight
> Aug 22 15:04:57 samba4-dc2 smbd[17925]: [2019/08/22 15:04:57.666287,  0]
> ../source4/auth/unix_token.c:79(security_token_to_unix_token)
> Aug 22 15:04:57 samba4-dc2 smbd[17925]:   Unable to convert first SID
> (S-1-5-21-1712526294-259020848-313593124-9200) in user token to a UID.
> Conversion was returned as type 0, full token:
> Aug 22 15:04:57 samba4-dc2 smbd[17925]: [2019/08/22 15:04:57.667152,  0]
> ../libcli/security/security_token.c:63(security_token_debug)
> Aug 22 15:04:57 samba4-dc2 smbd[17925]:   Security token SIDs (6):
> Aug 22 15:04:57 samba4-dc2 smbd[17925]:     SID[  0]:
> S-1-5-21-1712526294-259020848-313593124-9200
> Aug 22 15:04:57 samba4-dc2 smbd[17925]:     SID[  1]:
> S-1-5-21-1712526294-259020848-313593124-515
> Aug 22 15:04:57 samba4-dc2 smbd[17925]:     SID[  2]: S-1-1-0
> Aug 22 15:04:57 samba4-dc2 smbd[17925]:     SID[  3]: S-1-5-2
> Aug 22 15:04:57 samba4-dc2 smbd[17925]:     SID[  4]: S-1-5-11
> Aug 22 15:04:57 samba4-dc2 smbd[17925]:     SID[  5]: S-1-5-32-554
> Aug 22 15:04:57 samba4-dc2 smbd[17925]:    Privileges (0x          800000):
> Aug 22 15:04:57 samba4-dc2 smbd[17925]:     Privilege[  0]:
> SeChangeNotifyPrivilege
> Aug 22 15:04:57 samba4-dc2 smbd[17925]:    Rights (0x             400):
> Aug 22 15:04:57 samba4-dc2 smbd[17925]:     Right[  0]:
> SeRemoteInteractiveLogonRight
>
>
> /etc/init.d/samba-ad-dc status
> ● samba-ad-dc.service - Samba AD Daemon
>     Loaded: loaded (/lib/systemd/system/samba-ad-dc.service; enabled; vendor
> preset: enabled)
>     Active: active (running) since Tue 2019-08-20 06:15:09 -03; 2 days ago
>       Docs: man:samba(8)
>             man:samba(7)
>             man:smb.conf(5)
>   Main PID: 2799 (samba)
>     Status: "samba: ready to serve connections..."
>      Tasks: 12 (limit: 4915)
>     CGroup: /system.slice/samba-ad-dc.service
>             ├─2799 /usr/sbin/samba
>             ├─2801 /usr/sbin/samba
>             ├─2802 /usr/sbin/samba
>             ├─2803 /usr/sbin/samba
>             ├─2804 /usr/sbin/samba
>             ├─2806 /usr/sbin/samba
>             ├─2807 /usr/sbin/samba
>             ├─2808 /usr/sbin/samba
>             ├─2810 /usr/sbin/samba
>             ├─2811 /usr/sbin/samba
>             ├─2812 /usr/sbin/samba
>             └─2813 /usr/sbin/samba
>
> ago 22 14:55:21 samba4-dc2 samba[2812]: [2019/08/22 14:55:21.106213,  0]
> ../lib/util/util_runcmd.c:316(…andler)
> ago 22 14:55:21 samba4-dc2 samba[2812]:   /usr/sbin/samba_dnsupdate: GENSEC
> backend 'krb5' registered
> ago 22 14:55:21 samba4-dc2 samba[2812]: [2019/08/22 14:55:21.106248,  0]
> ../lib/util/util_runcmd.c:316(…andler)
> ago 22 14:55:21 samba4-dc2 samba[2812]:   /usr/sbin/samba_dnsupdate: GENSEC
> backend 'fake_gssapi_krb5' …istered
> ago 22 14:56:13 samba4-dc2 samba[2812]: [2019/08/22 14:56:13.779939,  0]
> ../lib/util/util_runcmd.c:316(…andler)
> ago 22 14:56:13 samba4-dc2 samba[2812]:   /usr/sbin/rndc: Failed to exec
> child - No such file or directory
> ago 22 14:56:13 samba4-dc2 samba[2812]: [2019/08/22 14:56:13.781786,  0]
> ../source4/dsdb/dns/dns_update…c_done)
> ago 22 14:56:13 samba4-dc2 samba[2812]:
> ../source4/dsdb/dns/dns_update.c:91: Failed rndc update - NT_…CESSFUL
> ago 22 14:56:25 samba4-dc2 samba[2811]: [2019/08/22 14:56:25.466999,  0]
> ../lib/util/util_runcmd.c:316(…andler)
> ago 22 14:56:25 samba4-dc2 samba[2811]:   /usr/sbin/samba_kcc: ldb_wrap
> open of secrets.ldb
> Hint: Some lines were ellipsized, use -l to show in full.

Why oh why would anything not print the entire output and then tell you 
how to get it ?

Why not just print the entire output ?

>
> How could you resolve these errors?
>
> Regards,
>
> Márcio Bacci

Is winbind installed ?

Rowland

More information about the samba mailing list