[Samba] GPO / Sysvol problems
L.P.H. van Belle
belle at bazuin.nl
Fri Jan 25 08:05:16 UTC 2019
Hi Gregory,
I see few things, start here :
from smb.conf remove : map to guest = Bad User
This enabled on a domain member or other domain server is really a no go.
This makes debugging really hard.
interpret_string_addr_internal: getaddrinfo failed for name
> freenas.ad.abc.local (flags 1026) [hostname nor servname
> provided, or not known]
Looks like there are resolving problems.
On the server run :
Command result.
hostname -s hostname
hostname -f hostname.fqdn.tld
hostname -d fqdn.tld
Check /etc/resolv.conf should look bit like this.:
search ad.abc.local
nameserver ip_of_DC
/etc/hosts should contain
127.0.0.1 localhost
Ip_server hostname.fqdn.tld hostname
These need to be fixed first before you can even look at the profile problems.
Try above, if its not working, show the log also again.
I've not talked about this part yet.
[2019/01/24 10:36:41.307733, 3]
> ../source3/smbd/msdfs.c:1008(get_referred_path)
> get_referred_path: |rm-profiles| in dfs path
> \rm-freenas\rm-profiles is not a dfs root.
> [2019/01/24 10:36:41.307752, 3]
> ../source3/smbd/smb2_server.c:3115(smbd_smb2_request_error_ex)
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex:
> idx[1] status[NT_STATUS_NOT_FOUND] || at
> ../source3/smbd/smb2_ioctl.c:309
> [2019/01/24 10:36:41.308242, 3]
> ../lib/util/access.c:361(allow_access)
> Allowed connection from 10.8.20.60 (10.8.20.60)
> [2019/01/24 10:36:41.308296, 3]
> ../source3/smbd/service.c:595(make_connection_snum)
> Connect path is '/mnt/abc-zfs-01/ad-profiles' for service
> [rm-profiles]
Or
[2019/01/24 10:36:40.226842, 3]
> ../source3/param/loadparm.c:1598(lp_add_ipc)
> adding IPC service
> [2019/01/24 10:36:40.227541, 3]
> ../source3/smbd/password.c:144(register_homes_share)
> Adding homes service for user 'AD\desktop-ad-test$' using
> home directory: '/home/AD/desktop-ad-test_'
This "computer" gets a homedir?
[2019/01/24 10:36:41.378677, 3]
> ../source3/smbd/smb2_server.c:3115(smbd_smb2_request_error_ex)
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex:
> idx[1] status[NT_STATUS_INVALID_INFO_CLASS] || at
> ../source3/smbd/smb2_getinfo.c:154
> [2019/01/24 10:36:41.382830, 2]
> ../source3/smbd/close.c:789(close_normal_file)
And the most important one i think.
> AD\toysales01 closed file
> user-profiles/toysales01.V6/6A6DCA49-668C-4DD1-8A7F-9D5B61E8EE
> 92.tmp (numopen=0) NT_STATUS_OK
> [2019/01/24 10:36:41.385800, 3]
> ../source3/smbd/nttrans.c:2036(smbd_do_query_security_desc)
> smbd_do_query_security_desc: sd_size = 48.
> [2019/01/24 10:36:41.385816, 3]
> ../source3/smbd/smb2_server.c:3115(smbd_smb2_request_error_ex)
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex:
> idx[1] status[NT_STATUS_BUFFER_TOO_SMALL] | +info| at
> ../source3/smbd/smb2_getinfo.c:171
> [2019/01/24 10:36:41.388014, 3]
> ../source3/smbd/nttrans.c:2036(smbd_do_query_security_desc)
> smbd_do_query_security_desc: sd_size = 48.
> [2019/01/24 10:36:50.919650, 3]
> ../source3/smbd/service.c:1120(close_cnum)
> 10.8.20.60 (ipv4:10.8.20.60:52251) closed connection to service IPC$
A "about same problem"
https://lists.samba.org/archive/samba/2018-October/219106.html
His solution.
I restarted the setup with this documentation
https://www.tecmint.com/install-samba4-active-directory-ubuntu/ . The
problem was that pam was badly set and could not recognize samba users.
For example: id Administrator, did not recognize by the user.
BIG NOTE HERE: id Administrator should NEVER work.
Yes its possible, but thats a complete different config and not supported.
Why id Administrator should never work, because Administrator = root = 0
Which samba version where you running.
It looks a bit like : https://forge.univention.org/bugzilla/show_bug.cgi?id=34973
For me, this looks like a problem due to resolving issues.
That needs to be fixed first.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Gregory Sloop via samba
> Verzonden: donderdag 24 januari 2019 21:32
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] GPO / Sysvol problems
>
> And this is some Samba logs from a connect where the profile
> isn't handled properly.
>
> Near the end, it looks like Samba resets this connection...
> (I could be wrong - I know nothing about how to read Samba logs.)
>
> ---
> [2019/01/24 10:36:38.097773, 3]
> ../lib/util/access.c:361(allow_access)
> Allowed connection from 10.8.20.60 (10.8.20.60)
> [2019/01/24 10:36:38.097869, 3]
> ../source3/smbd/oplock.c:1329(init_oplocks)
> init_oplocks: initializing messages.
> [2019/01/24 10:36:38.097940, 3]
> ../source3/smbd/process.c:1959(process_smb)
> Transaction 0 of length 178 (0 toread)
> [2019/01/24 10:36:38.098082, 3]
> ../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot)
> Selected protocol SMB3_11
> [2019/01/24 10:36:38.633900, 3]
> ../lib/util/util_net.c:256(interpret_string_addr_internal)
> interpret_string_addr_internal: getaddrinfo failed for name
> freenas.ad.abc.local (flags 1026) [hostname nor servname
> provided, or not known]
> [2019/01/24 10:36:38.633920, 3]
> ../source3/lib/util_sock.c:1187(get_mydnsfullname)
> get_mydnsfullname: getaddrinfo failed for name
> freenas.ad.abc.local [Success]
> [2019/01/24 10:36:39.141647, 3]
> ../lib/util/util_net.c:256(interpret_string_addr_internal)
> interpret_string_addr_internal: getaddrinfo failed for name
> freenas.ad.abc.local (flags 1026) [hostname nor servname
> provided, or not known]
> [2019/01/24 10:36:39.141662, 3]
> ../source3/lib/util_sock.c:1187(get_mydnsfullname)
> get_mydnsfullname: getaddrinfo failed for name
> freenas.ad.abc.local [Success]
> [2019/01/24 10:36:39.142241, 3]
> ../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'gssapi_spnego' registered
> [2019/01/24 10:36:39.142266, 3]
> ../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'gssapi_krb5' registered
> [2019/01/24 10:36:39.142278, 3]
> ../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'gssapi_krb5_sasl' registered
> [2019/01/24 10:36:39.142292, 3]
> ../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'spnego' registered
> [2019/01/24 10:36:39.142302, 3]
> ../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'schannel' registered
> [2019/01/24 10:36:39.142313, 3]
> ../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'naclrpc_as_system' registered
> [2019/01/24 10:36:39.142322, 3]
> ../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'sasl-EXTERNAL' registered
> [2019/01/24 10:36:39.142333, 3]
> ../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'ntlmssp' registered
> [2019/01/24 10:36:39.142342, 3]
> ../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'ntlmssp_resume_ccache' registered
> [2019/01/24 10:36:39.142351, 3]
> ../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'http_basic' registered
> [2019/01/24 10:36:39.142360, 3]
> ../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'http_ntlm' registered
> [2019/01/24 10:36:39.142369, 3]
> ../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'krb5' registered
> [2019/01/24 10:36:39.142379, 3]
> ../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'fake_gssapi_krb5' registered
> [2019/01/24 10:36:39.681807, 3]
> ../lib/util/util_net.c:256(interpret_string_addr_internal)
> interpret_string_addr_internal: getaddrinfo failed for name
> freenas.ad.abc.local (flags 1026) [hostname nor servname
> provided, or not known]
> [2019/01/24 10:36:39.681821, 3]
> ../source3/lib/util_sock.c:1187(get_mydnsfullname)
> get_mydnsfullname: getaddrinfo failed for name
> freenas.ad.abc.local [Success]
> [2019/01/24 10:36:40.217351, 3]
> ../lib/util/util_net.c:256(interpret_string_addr_internal)
> interpret_string_addr_internal: getaddrinfo failed for name
> freenas.ad.abc.local (flags 1026) [hostname nor servname
> provided, or not known]
> [2019/01/24 10:36:40.217370, 3]
> ../source3/lib/util_sock.c:1187(get_mydnsfullname)
> get_mydnsfullname: getaddrinfo failed for name
> freenas.ad.abc.local [Success]
> [2019/01/24 10:36:40.220635, 3]
> ../auth/kerberos/kerberos_pac.c:409(kerberos_decode_pac)
> Found account name from PAC: DESKTOP-AD-TEST$ []
> [2019/01/24 10:36:40.220656, 3]
> ../source3/auth/user_krb5.c:51(get_user_from_kerberos_info)
> Kerberos ticket principal name is [DESKTOP-AD-TEST$@AD.ABC.LOCAL]
> [2019/01/24 10:36:40.225072, 3]
> ../source3/param/loadparm.c:3856(lp_load_ex)
> lp_load_ex: refreshing parameters
> [2019/01/24 10:36:40.225141, 3]
> ../source3/param/loadparm.c:543(init_globals)
> Initialising global parameters
> [2019/01/24 10:36:40.225251, 3]
> ../source3/param/loadparm.c:2770(lp_do_section)
> Processing section "[global]"
> [2019/01/24 10:36:40.226327, 2]
> ../source3/param/loadparm.c:2787(lp_do_section)
> Processing section "[rm-profiles]"
> [2019/01/24 10:36:40.226584, 2]
> ../source3/param/loadparm.c:2787(lp_do_section)
> Processing section "[abc-share1]"
> [2019/01/24 10:36:40.226842, 3]
> ../source3/param/loadparm.c:1598(lp_add_ipc)
> adding IPC service
> [2019/01/24 10:36:40.227541, 3]
> ../source3/smbd/password.c:144(register_homes_share)
> Adding homes service for user 'AD\desktop-ad-test$' using
> home directory: '/home/AD/desktop-ad-test_'
> [2019/01/24 10:36:40.231677, 3]
> ../lib/util/access.c:361(allow_access)
> Allowed connection from 10.8.20.60 (10.8.20.60)
> [2019/01/24 10:36:40.231737, 3]
> ../source3/smbd/service.c:595(make_connection_snum)
> Connect path is '/tmp' for service [IPC$]
> [2019/01/24 10:36:40.231765, 3]
> ../source3/smbd/vfs.c:113(vfs_init_default)
> Initialising default vfs hooks
> [2019/01/24 10:36:40.231777, 3]
> ../source3/smbd/vfs.c:139(vfs_init_custom)
> Initialising custom vfs hooks from [/[Default VFS]/]
> [2019/01/24 10:36:40.231904, 3]
> ../source3/smbd/service.c:841(make_connection_snum)
> 10.8.20.60 (ipv4:10.8.20.60:52251) connect to service IPC$
> initially as user AD\desktop-ad-test$ (uid=21606, gid=20515)
> (pid 67748)
> [2019/01/24 10:36:40.233495, 3]
> ../source3/rpc_server/srv_pipe.c:748(api_pipe_bind_req)
> api_pipe_bind_req: srvsvc -> srvsvc rpc service
> [2019/01/24 10:36:40.233511, 3]
> ../source3/rpc_server/srv_pipe.c:356(check_bind_req)
> check_bind_req for srvsvc context_id=0
> [2019/01/24 10:36:40.233520, 3]
> ../source3/rpc_server/srv_pipe.c:399(check_bind_req)
> check_bind_req: srvsvc -> srvsvc rpc service
> [2019/01/24 10:36:40.234149, 3]
> ../source3/rpc_server/srv_pipe.c:1528(api_rpcTNP)
> api_rpcTNP: rpc command: SRVSVC_NETSHAREGETINFO
> [2019/01/24 10:36:40.780134, 3]
> ../lib/util/util_net.c:256(interpret_string_addr_internal)
> interpret_string_addr_internal: getaddrinfo failed for name
> freenas.ad.abc.local (flags 1026) [hostname nor servname
> provided, or not known]
> [2019/01/24 10:36:40.780148, 3]
> ../source3/lib/util_sock.c:1187(get_mydnsfullname)
> get_mydnsfullname: getaddrinfo failed for name
> freenas.ad.abc.local [Success]
> [2019/01/24 10:36:41.295431, 3]
> ../lib/util/util_net.c:256(interpret_string_addr_internal)
> interpret_string_addr_internal: getaddrinfo failed for name
> freenas.ad.abc.local (flags 1026) [hostname nor servname
> provided, or not known]
> [2019/01/24 10:36:41.295446, 3]
> ../source3/lib/util_sock.c:1187(get_mydnsfullname)
> get_mydnsfullname: getaddrinfo failed for name
> freenas.ad.abc.local [Success]
> [2019/01/24 10:36:41.296440, 3]
> ../auth/kerberos/kerberos_pac.c:409(kerberos_decode_pac)
> Found account name from PAC: toysales01 []
> [2019/01/24 10:36:41.296458, 3]
> ../source3/auth/user_krb5.c:51(get_user_from_kerberos_info)
> Kerberos ticket principal name is [toysales01 at AD.ABC.LOCAL]
> [2019/01/24 10:36:41.300497, 3]
> ../source3/param/loadparm.c:3856(lp_load_ex)
> lp_load_ex: refreshing parameters
> [2019/01/24 10:36:41.300544, 3]
> ../source3/param/loadparm.c:543(init_globals)
> Initialising global parameters
> [2019/01/24 10:36:41.300636, 3]
> ../source3/param/loadparm.c:2770(lp_do_section)
> Processing section "[global]"
> [2019/01/24 10:36:41.301696, 2]
> ../source3/param/loadparm.c:2787(lp_do_section)
> Processing section "[rm-profiles]"
> [2019/01/24 10:36:41.301946, 2]
> ../source3/param/loadparm.c:2787(lp_do_section)
> Processing section "[abc-share1]"
> [2019/01/24 10:36:41.302203, 3]
> ../source3/param/loadparm.c:1598(lp_add_ipc)
> adding IPC service
> [2019/01/24 10:36:41.302908, 3]
> ../source3/smbd/password.c:144(register_homes_share)
> Adding homes service for user 'AD\toysales01' using home
> directory: '/home/AD/toysales01'
> [2019/01/24 10:36:41.307024, 3]
> ../lib/util/access.c:361(allow_access)
> Allowed connection from 10.8.20.60 (10.8.20.60)
> [2019/01/24 10:36:41.307079, 3]
> ../source3/smbd/service.c:595(make_connection_snum)
> Connect path is '/tmp' for service [IPC$]
> [2019/01/24 10:36:41.307105, 3]
> ../source3/smbd/vfs.c:113(vfs_init_default)
> Initialising default vfs hooks
> [2019/01/24 10:36:41.307115, 3]
> ../source3/smbd/vfs.c:139(vfs_init_custom)
> Initialising custom vfs hooks from [/[Default VFS]/]
> [2019/01/24 10:36:41.307213, 3]
> ../source3/smbd/service.c:841(make_connection_snum)
> 10.8.20.60 (ipv4:10.8.20.60:52251) connect to service IPC$
> initially as user AD\toysales01 (uid=21133, gid=20513) (pid 67748)
> [2019/01/24 10:36:41.307733, 3]
> ../source3/smbd/msdfs.c:1008(get_referred_path)
> get_referred_path: |rm-profiles| in dfs path
> \rm-freenas\rm-profiles is not a dfs root.
> [2019/01/24 10:36:41.307752, 3]
> ../source3/smbd/smb2_server.c:3115(smbd_smb2_request_error_ex)
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex:
> idx[1] status[NT_STATUS_NOT_FOUND] || at
> ../source3/smbd/smb2_ioctl.c:309
> [2019/01/24 10:36:41.308242, 3]
> ../lib/util/access.c:361(allow_access)
> Allowed connection from 10.8.20.60 (10.8.20.60)
> [2019/01/24 10:36:41.308296, 3]
> ../source3/smbd/service.c:595(make_connection_snum)
> Connect path is '/mnt/abc-zfs-01/ad-profiles' for service
> [rm-profiles]
> [2019/01/24 10:36:41.308328, 3]
> ../source3/smbd/vfs.c:113(vfs_init_default)
> Initialising default vfs hooks
> [2019/01/24 10:36:41.308338, 3]
> ../source3/smbd/vfs.c:139(vfs_init_custom)
> Initialising custom vfs hooks from [/[Default VFS]/]
> [2019/01/24 10:36:41.308349, 3]
> ../source3/smbd/vfs.c:139(vfs_init_custom)
> Initialising custom vfs hooks from [streams_xattr]
> [2019/01/24 10:36:41.308575, 3]
> ../lib/util/modules.c:167(load_module_absolute_path)
> load_module_absolute_path: Module
> '/usr/local/lib/shared-modules/vfs/streams_xattr.so' loaded
> [2019/01/24 10:36:41.308595, 3]
> ../source3/smbd/vfs.c:139(vfs_init_custom)
> Initialising custom vfs hooks from [zfsacl]
> [2019/01/24 10:36:41.308899, 3]
> ../lib/util/modules.c:167(load_module_absolute_path)
> load_module_absolute_path: Module
> '/usr/local/lib/shared-modules/vfs/zfsacl.so' loaded
> [2019/01/24 10:36:41.308917, 3]
> ../source3/smbd/vfs.c:139(vfs_init_custom)
> Initialising custom vfs hooks from [zfs_space]
> [2019/01/24 10:36:41.318027, 3]
> ../lib/util/modules.c:167(load_module_absolute_path)
> load_module_absolute_path: Module
> '/usr/local/lib/shared-modules/vfs/zfs_space.so' loaded
> [2019/01/24 10:36:41.318207, 2]
> ../source3/smbd/service.c:841(make_connection_snum)
> 10.8.20.60 (ipv4:10.8.20.60:52251) connect to service
> rm-profiles initially as user AD\toysales01 (uid=21133,
> gid=20513) (pid 67748)
> [2019/01/24 10:36:41.323899, 2]
> ../source3/smbd/open.c:1404(open_file)
> AD\toysales01 opened file
> user-profiles/toysales01.V6/6A6DCA49-668C-4DD1-8A7F-9D5B61E8EE
> 92.tmp read=No write=Yes (numopen=1)
> [2019/01/24 10:36:41.359714, 3]
> ../source3/smbd/smb2_write.c:212(smb2_write_complete_internal)
> smb2: fnum 135800876, file
> user-profiles/toysales01.V6/6A6DCA49-668C-4DD1-8A7F-9D5B61E8EE
> 92.tmp, length=65536 offset=0 wrote=65536
> [2019/01/24 10:36:41.377982, 3]
> ../source3/smbd/smb2_write.c:212(smb2_write_complete_internal)
> smb2: fnum 135800876, file
> user-profiles/toysales01.V6/6A6DCA49-668C-4DD1-8A7F-9D5B61E8EE
> 92.tmp, length=200 offset=0 wrote=200
> [2019/01/24 10:36:41.378677, 3]
> ../source3/smbd/smb2_server.c:3115(smbd_smb2_request_error_ex)
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex:
> idx[1] status[NT_STATUS_INVALID_INFO_CLASS] || at
> ../source3/smbd/smb2_getinfo.c:154
> [2019/01/24 10:36:41.382830, 2]
> ../source3/smbd/close.c:789(close_normal_file)
> AD\toysales01 closed file
> user-profiles/toysales01.V6/6A6DCA49-668C-4DD1-8A7F-9D5B61E8EE
> 92.tmp (numopen=0) NT_STATUS_OK
> [2019/01/24 10:36:41.385800, 3]
> ../source3/smbd/nttrans.c:2036(smbd_do_query_security_desc)
> smbd_do_query_security_desc: sd_size = 48.
> [2019/01/24 10:36:41.385816, 3]
> ../source3/smbd/smb2_server.c:3115(smbd_smb2_request_error_ex)
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex:
> idx[1] status[NT_STATUS_BUFFER_TOO_SMALL] | +info| at
> ../source3/smbd/smb2_getinfo.c:171
> [2019/01/24 10:36:41.388014, 3]
> ../source3/smbd/nttrans.c:2036(smbd_do_query_security_desc)
> smbd_do_query_security_desc: sd_size = 48.
> [2019/01/24 10:36:50.919650, 3]
> ../source3/smbd/service.c:1120(close_cnum)
> 10.8.20.60 (ipv4:10.8.20.60:52251) closed connection to service IPC$
> [2019/01/24 10:36:56.279328, 3]
> ../source3/smbd/service.c:1120(close_cnum)
> 10.8.20.60 (ipv4:10.8.20.60:52251) closed connection to service IPC$
> [2019/01/24 10:36:56.279475, 2]
> ../source3/smbd/service.c:1120(close_cnum)
> 10.8.20.60 (ipv4:10.8.20.60:52251) closed connection to
> service rm-profiles
> [2019/01/24 10:36:56.283783, 3]
> ../source3/smbd/server_exit.c:248(exit_server_common)
> Server exit (NT_STATUS_CONNECTION_RESET)
> [2019/01/24 10:36:56.360475, 3]
> ../source3/lib/util_procid.c:54(pid_to_procid)
> pid_to_procid: messaging_dgm_get_unique failed: No such
> file or directory
>
> ---
>
> I'm glad to provide more logs, but this seems like the most
> relevant portions.
> [This is a "full" log, I can step up verbosity to "debug," if needed.]
>
> Thanks!
>
> -Greg
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list