[Samba] Doman join issues

Praveen Ghimire PGhimire at sundata.com.au
Mon May 6 02:51:18 UTC 2019 

Hi,

We are running test migration on the following environment in preparation for the prod migration. Any suggestions will be grealty appreciated.

OS: Ubuntu18.04
Hypervisor: Proxmox Container (LXC)
Samba Version 4.6.7
DNS: BIND9_DLZ
AD and File server in the same server. Have gone through the Samba documentation regarding this


We get the following when adding a machine (Windows 7) to the newly migrated domain.
The specified network name is no longer available

The smbd logs has the following

pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2019/05/06 02:25:02.561200,  4] ../source3/lib/privileges.c:98(get_privileges)
  get_privileges: No privileges assigned to SID [S-1-5-21-3936576374-1604348213-1812465911-501]
[2019/05/06 02:25:02.561246,  4] ../source3/lib/privileges.c:98(get_privileges)
  get_privileges: No privileges assigned to SID [S-1-5-21-3936576374-1604348213-1812465911-514]
[2019/05/06 02:25:02.561271,  4] ../source3/lib/privileges.c:98(get_privileges)
  get_privileges: No privileges assigned to SID [S-1-22-2-65534]
[2019/05/06 02:25:02.561297,  4] ../source3/lib/privileges.c:98(get_privileges)
  get_privileges: No privileges assigned to SID [S-1-5-2]
[2019/05/06 02:25:02.561325,  4] ../source3/lib/privileges.c:98(get_privileges)
  get_privileges: No privileges assigned to SID [S-1-5-32-546]
[2019/05/06 02:25:02.561417,  3] ../source3/lib/util.c:1580(set_maxfiles)
  set_maxfiles: setrlimit for RLIMIT_NOFILE for 16424 max files failed with error Operation not permitted
[2019/05/06 02:25:02.561446,  1] ../source3/smbd/files.c:218(file_init_global)
  file_init_global: Information only: requested 16384 open files, 4056 are available.
[2019/05/06 02:25:02.561709,  3] ../source3/rpc_server/svcctl/srv_svcctl_reg.c:565(svcctl_init_winreg)
  Initialise the svcctl registry keys if needed.
[2019/05/06 02:25:02.604284,  2] ../lib/util/tevent_debug.c:66(samba_tevent_debug)
  samba_tevent: EPOLL_CTL_DEL EBADF for fde[0x563f0ea2c850] mpx_fde[(nil)] fd[15] - disabling
[2019/05/06 02:25:50.864718,  3] ../lib/util/access.c:365(allow_access)
  Allowed connection from 192.168.14.153 (192.168.14.153)
[2019/05/06 02:25:51.019398,  3] ../source3/smbd/server.c:872(remove_child_pid)
  ../source3/smbd/server.c:872 Unclean shutdown of pid 543
[2019/05/06 02:25:51.020295,  1] ../source3/smbd/server.c:881(remove_child_pid)
  Scheduled cleanup of brl and lock database after unclean shutdown
[2019/05/06 02:26:05.961525,  3] ../lib/util/access.c:365(allow_access)
  Allowed connection from 192.168.14.153 (192.168.14.153)
[2019/05/06 02:26:06.053086,  3] ../source3/smbd/server.c:872(remove_child_pid)
  ../source3/smbd/server.c:872 Unclean shutdown of pid 552
[2019/05/06 02:26:11.024987,  1] ../source3/smbd/smbd_cleanupd.c:99(smbd_cleanupd_unlock)
  smbd_cleanupd_unlock: Cleaning up brl and lock database after unclean shutdown

The associated machine log has

[2019/05/06 02:25:50.999094,  3] ../source3/smbd/password.c:144(register_homes_share)
  Adding homes service for user 'LIN\Administrator' using home directory: '/home/LIN/administrator'
[2019/05/06 02:25:50.999214,  3] ../source3/param/loadparm.c:1560(lp_add_home)
  adding home's share [Administrator] for user 'LIN\Administrator' at '/data/home/%U/samba'
[2019/05/06 02:25:51.000977,  4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2019/05/06 02:25:51.001127,  3] ../lib/util/access.c:365(allow_access)
  Allowed connection from 192.168.14.153 (192.168.14.153)
[2019/05/06 02:25:51.001202,  3] ../source3/smbd/service.c:595(make_connection_snum)
  Connect path is '/tmp' for service [IPC$]
[2019/05/06 02:25:51.001240,  3] ../source3/smbd/vfs.c:113(vfs_init_default)
  Initialising default vfs hooks
[2019/05/06 02:25:51.001262,  3] ../source3/smbd/vfs.c:139(vfs_init_custom)
  Initialising custom vfs hooks from [/[Default VFS]/]
[2019/05/06 02:25:51.001283,  3] ../source3/smbd/vfs.c:139(vfs_init_custom)
  Initialising custom vfs hooks from [acl_xattr]
[2019/05/06 02:25:51.003453,  3] ../lib/util/modules.c:167(load_module_absolute_path)
  load_module_absolute_path: Module '/usr/lib/x86_64-linux-gnu/samba/vfs/acl_xattr.so' loaded
[2019/05/06 02:25:51.003499,  3] ../source3/smbd/vfs.c:139(vfs_init_custom)
  Initialising custom vfs hooks from [dfs_samba4]
[2019/05/06 02:25:51.009724,  3] ../lib/util/modules.c:167(load_module_absolute_path)
  load_module_absolute_path: Module '/usr/lib/x86_64-linux-gnu/samba/vfs/dfs_samba4.so' loaded
[2019/05/06 02:25:51.009808,  2] ../source3/modules/vfs_acl_xattr.c:236(connect_acl_xattr)
  connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service IPC$
[2019/05/06 02:25:51.011174,  4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
  setting sec ctx (0, 100) - sec_ctx_stack_ndx = 0
[2019/05/06 02:25:51.011225,  0] ../source3/lib/util.c:815(smb_panic_s3)
  PANIC (pid 543): sys_setgroups failed

Smb.conf

[global]
        workgroup = LIN
        realm = LIN.COM
        netbios name = LINSERVER01
        server role = active directory domain controller
        idmap_ldb:use rfc2307 = yes
        log file = /var/log/samba/log.%m
        log level = 4
        winbind nss info = rfc2307
        winbind enum users = yes
        winbind enum groups = yes
        acl allow execute always = True
        server services = -dns
        allow dns updates = nonsecure
        idmap config * : backend = tdb
        idmap config * : range = 4000-7999
        idmap config LIN:backend = ad
        idmap config LIN:schema_mode = rfc2307
        idmap config LIN:range = 10000-999999


root at linserver01:/migration/ad# service --status-all
[ + ]  apparmor
[ + ]  bind9
[ - ]  console-setup.sh
[ + ]  cron
[ + ]  dbus
[ - ]  hwclock.sh
[ - ]  irqbalance
[ - ]  keyboard-setup.sh
[ + ]  kmod
[ - ]  nmbd
[ - ]  plymouth
[ - ]  plymouth-log
[ + ]  postfix
[ + ]  procps
[ - ]  rsync
[ + ]  rsyslog
[ + ]  samba-ad-dc
[ - ]  smbd
[ + ]  ssh
[ + ]  udev
[ + ]  ufw
[ - ]  urandom
[ - ]  uuidd
[ - ]  winbind
[ - ]  x11-common


We are seeing issues with winbind

* winbind.service - Samba Winbind Daemon
   Loaded: loaded (/lib/systemd/system/winbind.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Mon 2019-05-06 02:14:54 UTC; 22min ago
     Docs: man:winbindd(8)
           man:samba(7)
           man:smb.conf(5)
  Process: 145 ExecStart=/usr/sbin/winbindd --foreground --no-process-group $WINBINDOPTIONS (code=exited, status=1/FAILURE)
Main PID: 145 (code=exited, status=1/FAILURE)

May 06 02:14:54 linserver01 systemd[1]: Starting Samba Winbind Daemon...
May 06 02:14:54 linserver01 systemd[1]: winbind.service: Main process exited, code=exited, status=1/FAILURE
May 06 02:14:54 linserver01 systemd[1]: winbind.service: Failed with result 'exit-code'.
May 06 02:14:54 linserver01 systemd[1]: Failed to start Samba Winbind Daemon.


The following in nsswitch
passwd:         files winbind
group:          files winbind
shadow:         compat
gshadow:        files






Regards,
Praveen Ghimire

More information about the samba mailing list