[Samba] Erros in Samba 4 DC

L.P.H. van Belle belle at bazuin.nl
Fri Aug 23 06:53:53 UTC 2019


Same for you.

Can you run : 
https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh 
And post the output, anonimize it where needed. 

And install acl, its not installed by default, where its needed for samba-ad-dc and members. 

Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Marcio Demetrio Bacci via samba
> Verzonden: vrijdag 23 augustus 2019 2:30
> Aan: Rowland penny
> CC: sambalist
> Onderwerp: Re: [Samba] Erros in Samba 4 DC
> 
> Hi,
> 
> >.Is winbind installed ?
> >No, because the Samba tutorial said that for DC it was not necessary.
> 
> Sorry, Winbind is instaled, only packages libpam-winbind 
> libnss-winbind
> libpam-krb5  aren't installed,
> 
> I have follwed the tutorial:
> https://wiki.samba.org/index.php/Distribution-specific_Package
> _Installation#Debian
> 
> Regards,
> 
> Márcio Bacci
> 
> Em qui, 22 de ago de 2019 às 20:11, Marcio Demetrio Bacci <
> marciobacci at gmail.com> escreveu:
> 
> > Hi,
> >
> > >Are you using Bind9, if so, post your named.conf files 
> (the ones from
> > /etc/bind)
> > No, I'm using DNS Internal.
> >
> >
> > >Is winbind installed ?
> > No, because the Samba tutorial said that for DC it was not 
> necessary.
> >
> > Regards,
> >
> > Márcio Bacci
> >
> > Em qui, 22 de ago de 2019 às 15:43, Rowland penny via samba <
> > samba at lists.samba.org> escreveu:
> >
> >> On 22/08/2019 19:22, Marcio Demetrio Bacci via samba wrote:
> >> > Hi,
> >> >
> >> > I noticed some problems in my DC2 (secondary) Logs, as below:
> >> >
> >> > root at samba4-dc2:/var/log/samba# tail log.samba
> >> >
> >> > ago 22 14:55:21 samba4-dc2 samba[2812]: [2019/08/22 
> 14:55:21.106213,  0]
> >> > ../lib/util/util_runcmd.c:316(?andler)
> >> > ago 22 14:55:21 samba4-dc2 samba[2812]:   
> /usr/sbin/samba_dnsupdate:
> >> GENSEC
> >> > backend 'krb5' registered
> >> > ago 22 14:55:21 samba4-dc2 samba[2812]: [2019/08/22 
> 14:55:21.106248,  0]
> >> > ../lib/util/util_runcmd.c:316(?andler)
> >> > ago 22 14:55:21 samba4-dc2 samba[2812]:   
> /usr/sbin/samba_dnsupdate:
> >> GENSEC
> >> > backend 'fake_gssapi_krb5' ?istered
> >> > ago 22 14:56:13 samba4-dc2 samba[2812]: [2019/08/22 
> 14:56:13.779939,  0]
> >> > ../lib/util/util_runcmd.c:316(?andler)
> >> > ago 22 14:56:13 samba4-dc2 samba[2812]:   
> /usr/sbin/rndc: Failed to exec
> >> > child - No such file or directory
> >> > ago 22 14:56:13 samba4-dc2 samba[2812]: [2019/08/22 
> 14:56:13.781786,  0]
> >> > ../source4/dsdb/dns/dns_update?c_done)
> >> > ago 22 14:56:13 samba4-dc2 samba[2812]:
> >> > ../source4/dsdb/dns/dns_update.c:91: Failed rndc update 
> - NT_?CESSFUL
> >> > ago 22 14:56:25 samba4-dc2 samba[2811]: [2019/08/22 
> 14:56:25.466999,  0]
> >> > ../lib/util/util_runcmd.c:316(?andler)
> >> > ago 22 14:56:25 samba4-dc2 samba[2811]:   
> /usr/sbin/samba_kcc: ldb_wrap
> >> > open of secrets.ldb
> >> Are you using Bind9, if so, post your named.conf files 
> (the ones from
> >> /etc/bind)
> >> >
> >> > root at samba4-dc2:/var/log/samba# tail syslog
> >> >
> >> > Aug 22 15:04:28 samba4-dc2 smbd[17917]:     Right[  0]:
> >> > SeRemoteInteractiveLogonRight
> >> > Aug 22 15:04:31 samba4-dc2 smbd[17918]: [2019/08/22 
> 15:04:31.678220,  0]
> >> > ../source4/auth/unix_token.c:79(security_token_to_unix_token)
> >> > Aug 22 15:04:31 samba4-dc2 smbd[17918]:   Unable to 
> convert first SID
> >> > (S-1-5-21-1712526294-259020848-313593124-9877) in user 
> token to a UID.
> >> > Conversion was returned as type 0, full token:
> >> > Aug 22 15:04:31 samba4-dc2 smbd[17918]: [2019/08/22 
> 15:04:31.679042,  0]
> >> > ../libcli/security/security_token.c:63(security_token_debug)
> >> > Aug 22 15:04:31 samba4-dc2 smbd[17918]:   Security token 
> SIDs (6):
> >> > Aug 22 15:04:31 samba4-dc2 smbd[17918]:     SID[  0]:
> >> > S-1-5-21-1712526294-259020848-313593124-9877
> >> > Aug 22 15:04:31 samba4-dc2 smbd[17918]:     SID[  1]:
> >> > S-1-5-21-1712526294-259020848-313593124-515
> >> > Aug 22 15:04:31 samba4-dc2 smbd[17918]:     SID[  2]: S-1-1-0
> >> > Aug 22 15:04:31 samba4-dc2 smbd[17918]:     SID[  3]: S-1-5-2
> >> > Aug 22 15:04:31 samba4-dc2 smbd[17918]:     SID[  4]: S-1-5-11
> >> > Aug 22 15:04:31 samba4-dc2 smbd[17918]:     SID[  5]: 
> S-1-5-32-554
> >> > Aug 22 15:04:31 samba4-dc2 smbd[17918]:    Privileges (0x
> >> 800000):
> >> > Aug 22 15:04:31 samba4-dc2 smbd[17918]:     Privilege[  0]:
> >> > SeChangeNotifyPrivilege
> >> > Aug 22 15:04:31 samba4-dc2 smbd[17918]:    Rights (0x    
>          400):
> >> > Aug 22 15:04:31 samba4-dc2 smbd[17918]:     Right[  0]:
> >> > SeRemoteInteractiveLogonRight
> >> > Aug 22 15:04:41 samba4-dc2 smbd[17923]: [2019/08/22 
> 15:04:41.911678,  0]
> >> > ../source4/auth/unix_token.c:79(security_token_to_unix_token)
> >> > Aug 22 15:04:41 samba4-dc2 smbd[17923]:   Unable to 
> convert first SID
> >> > (S-1-5-21-1712526294-259020848-313593124-9846) in user 
> token to a UID.
> >> > Conversion was returned as type 0, full token:
> >> > Aug 22 15:04:41 samba4-dc2 smbd[17923]: [2019/08/22 
> 15:04:41.912554,  0]
> >> > ../libcli/security/security_token.c:63(security_token_debug)
> >> > Aug 22 15:04:41 samba4-dc2 smbd[17923]:   Security token 
> SIDs (6):
> >> > Aug 22 15:04:41 samba4-dc2 smbd[17923]:     SID[  0]:
> >> > S-1-5-21-1712526294-259020848-313593124-9846
> >> > Aug 22 15:04:41 samba4-dc2 smbd[17923]:     SID[  1]:
> >> > S-1-5-21-1712526294-259020848-313593124-515
> >> > Aug 22 15:04:41 samba4-dc2 smbd[17923]:     SID[  2]: S-1-1-0
> >> > Aug 22 15:04:41 samba4-dc2 smbd[17923]:     SID[  3]: S-1-5-2
> >> > Aug 22 15:04:41 samba4-dc2 smbd[17923]:     SID[  4]: S-1-5-11
> >> > Aug 22 15:04:41 samba4-dc2 smbd[17923]:     SID[  5]: 
> S-1-5-32-554
> >> > Aug 22 15:04:41 samba4-dc2 smbd[17923]:    Privileges (0x
> >> 800000):
> >> > Aug 22 15:04:41 samba4-dc2 smbd[17923]:     Privilege[  0]:
> >> > SeChangeNotifyPrivilege
> >> > Aug 22 15:04:41 samba4-dc2 smbd[17923]:    Rights (0x    
>          400):
> >> > Aug 22 15:04:41 samba4-dc2 smbd[17923]:     Right[  0]:
> >> > SeRemoteInteractiveLogonRight
> >> > Aug 22 15:04:57 samba4-dc2 smbd[17925]: [2019/08/22 
> 15:04:57.666287,  0]
> >> > ../source4/auth/unix_token.c:79(security_token_to_unix_token)
> >> > Aug 22 15:04:57 samba4-dc2 smbd[17925]:   Unable to 
> convert first SID
> >> > (S-1-5-21-1712526294-259020848-313593124-9200) in user 
> token to a UID.
> >> > Conversion was returned as type 0, full token:
> >> > Aug 22 15:04:57 samba4-dc2 smbd[17925]: [2019/08/22 
> 15:04:57.667152,  0]
> >> > ../libcli/security/security_token.c:63(security_token_debug)
> >> > Aug 22 15:04:57 samba4-dc2 smbd[17925]:   Security token 
> SIDs (6):
> >> > Aug 22 15:04:57 samba4-dc2 smbd[17925]:     SID[  0]:
> >> > S-1-5-21-1712526294-259020848-313593124-9200
> >> > Aug 22 15:04:57 samba4-dc2 smbd[17925]:     SID[  1]:
> >> > S-1-5-21-1712526294-259020848-313593124-515
> >> > Aug 22 15:04:57 samba4-dc2 smbd[17925]:     SID[  2]: S-1-1-0
> >> > Aug 22 15:04:57 samba4-dc2 smbd[17925]:     SID[  3]: S-1-5-2
> >> > Aug 22 15:04:57 samba4-dc2 smbd[17925]:     SID[  4]: S-1-5-11
> >> > Aug 22 15:04:57 samba4-dc2 smbd[17925]:     SID[  5]: 
> S-1-5-32-554
> >> > Aug 22 15:04:57 samba4-dc2 smbd[17925]:    Privileges (0x
> >> 800000):
> >> > Aug 22 15:04:57 samba4-dc2 smbd[17925]:     Privilege[  0]:
> >> > SeChangeNotifyPrivilege
> >> > Aug 22 15:04:57 samba4-dc2 smbd[17925]:    Rights (0x    
>          400):
> >> > Aug 22 15:04:57 samba4-dc2 smbd[17925]:     Right[  0]:
> >> > SeRemoteInteractiveLogonRight
> >> >
> >> >
> >> > /etc/init.d/samba-ad-dc status
> >> > ??? samba-ad-dc.service - Samba AD Daemon
> >> >     Loaded: loaded 
> (/lib/systemd/system/samba-ad-dc.service; enabled;
> >> vendor
> >> > preset: enabled)
> >> >     Active: active (running) since Tue 2019-08-20 
> 06:15:09 -03; 2 days
> >> ago
> >> >       Docs: man:samba(8)
> >> >             man:samba(7)
> >> >             man:smb.conf(5)
> >> >   Main PID: 2799 (samba)
> >> >     Status: "samba: ready to serve connections..."
> >> >      Tasks: 12 (limit: 4915)
> >> >     CGroup: /system.slice/samba-ad-dc.service
> >> >             ??????2799 /usr/sbin/samba
> >> >             ??????2801 /usr/sbin/samba
> >> >             ??????2802 /usr/sbin/samba
> >> >             ??????2803 /usr/sbin/samba
> >> >             ??????2804 /usr/sbin/samba
> >> >             ??????2806 /usr/sbin/samba
> >> >             ??????2807 /usr/sbin/samba
> >> >             ??????2808 /usr/sbin/samba
> >> >             ??????2810 /usr/sbin/samba
> >> >             ??????2811 /usr/sbin/samba
> >> >             ??????2812 /usr/sbin/samba
> >> >             ??????2813 /usr/sbin/samba
> >> >
> >> > ago 22 14:55:21 samba4-dc2 samba[2812]: [2019/08/22 
> 14:55:21.106213,  0]
> >> > ../lib/util/util_runcmd.c:316(?andler)
> >> > ago 22 14:55:21 samba4-dc2 samba[2812]:   
> /usr/sbin/samba_dnsupdate:
> >> GENSEC
> >> > backend 'krb5' registered
> >> > ago 22 14:55:21 samba4-dc2 samba[2812]: [2019/08/22 
> 14:55:21.106248,  0]
> >> > ../lib/util/util_runcmd.c:316(?andler)
> >> > ago 22 14:55:21 samba4-dc2 samba[2812]:   
> /usr/sbin/samba_dnsupdate:
> >> GENSEC
> >> > backend 'fake_gssapi_krb5' ?istered
> >> > ago 22 14:56:13 samba4-dc2 samba[2812]: [2019/08/22 
> 14:56:13.779939,  0]
> >> > ../lib/util/util_runcmd.c:316(?andler)
> >> > ago 22 14:56:13 samba4-dc2 samba[2812]:   
> /usr/sbin/rndc: Failed to exec
> >> > child - No such file or directory
> >> > ago 22 14:56:13 samba4-dc2 samba[2812]: [2019/08/22 
> 14:56:13.781786,  0]
> >> > ../source4/dsdb/dns/dns_update?c_done)
> >> > ago 22 14:56:13 samba4-dc2 samba[2812]:
> >> > ../source4/dsdb/dns/dns_update.c:91: Failed rndc update 
> - NT_?CESSFUL
> >> > ago 22 14:56:25 samba4-dc2 samba[2811]: [2019/08/22 
> 14:56:25.466999,  0]
> >> > ../lib/util/util_runcmd.c:316(?andler)
> >> > ago 22 14:56:25 samba4-dc2 samba[2811]:   
> /usr/sbin/samba_kcc: ldb_wrap
> >> > open of secrets.ldb
> >> > Hint: Some lines were ellipsized, use -l to show in full.
> >>
> >> Why oh why would anything not print the entire output and 
> then tell you
> >> how to get it ?
> >>
> >> Why not just print the entire output ?
> >>
> >> >
> >> > How could you resolve these errors?
> >> >
> >> > Regards,
> >> >
> >> > Márcio Bacci
> >>
> >> Is winbind installed ?
> >>
> >> Rowland
> >>
> >>
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/options/samba
> >>
> >
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 




More information about the samba mailing list