[Samba] Doman join issues

Praveen Ghimire PGhimire at sundata.com.au
Mon May 6 11:12:17 UTC 2019

Hi Rowland,

Sorry about the confusion. It is Ubuntu 18.04 with Samba 4.7.6

I have a script that installs the following

apt-get install -y acl attr autoconf bind9utils bison build-essential \
  debhelper dnsutils docbook-xml docbook-xsl flex gdb libjansson-dev \
  libacl1-dev libaio-dev libarchive-dev libattr1-dev libblkid-dev libbsd-dev \
  libcap-dev libcups2-dev libgnutls28-dev libjson-perl \
  libldap2-dev libncurses5-dev libpam0g-dev libparse-yapp-perl \
  libpopt-dev libreadline-dev nettle-dev perl perl-modules pkg-config \
  python-all-dev python-crypto python-dbg python-dev python-dnspython \
  python3-dnspython python-markdown python3-markdown \
  python3-dev xsltproc zlib1g-dev liblmdb-dev lmdb-utils libnss-winbind
apt-get install -y krb5-user
apt-get install -y python-gpgme python3-gpgme

I found that the python-gpgme and pythom3-gpgme gave error about dependencies. Apart from I am just installing samba, samba-common and bind9

The current production server (non-AD) is running Ubuntu 16.04 (Samba 4.3.11). Our plan is to run up a new Ubuntu 18.04 server ,transfer the config.  Then let the server run for a few days to make sure everything works fine pre-migration. Then migrate to AD

I have been testing the above in an Ubuntu 18.04 environment. It seems to work i.e. joining machines to domain, accessing shares etc. I then run the classicupgrade. The issues I've highlighted is post the classicupgrade.

To classicupgrade, I followed the document about the upgrade. Basically check duplicate RIDs, remove well know group etc. Then run the following

samba-tool domain classicupgrade --dbdir=/var/lib/samba.PDC/dbdir ....... choosing BIND_DLZ

I've stopped UFW and disabled apparmor

Praveen Ghimire

-----Original Message-----
From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny via samba
Sent: Monday, 6 May 2019 8:26 PM
To: samba at lists.samba.org
Subject: Re: [Samba] Doman join issues

On Mon, 6 May 2019 09:47:44 +0000
Praveen Ghimire via samba <samba at lists.samba.org> wrote:

> Hi Louis,
> Thank you for that.
> I don’t have a /var/lib/samba/bind-dns/dns/ , only have 
> /var/lib/samba/private/dns.
> Apparmor is now stopped and masked. I had masked the smbd and nmbd 
> post the migration, have masked the winbind now.
> Have edited samba and bind as per your suggestion, changed the 
> named.conf.options and krb5.conf
> Rebooted the server post the changes and tried to join a windows 7 
> machine again, same message in the logs. I used my account this time
> I suspect an issue here, especially the last line. This is from the
> log. (samba log)
> Adding homes service for user 'LIN\pghimire' using home directory:
> '/home/LIN/pghimire' get_auth_event_server: Failed to find 
> 'auth_event' registered on the message bus to send JSON authentication 
> events to: NT_STATUS_OBJECT_NAME_NOT_FOUND [2019/05/06 
> 09:39:15.172941, 2] 
> ../source3/modules/vfs_acl_xattr.c:236(connect_acl_xattr)
> connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' 
> and 'force unknown acl user = true' for service IPC$
> [2019/05/06 09:39:15.174415,
> 4] ../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec ctx 
> (1153, 100) - sec_ctx_stack_ndx = 0 [2019/05/06 09:39:15.174700, 0] 
> ../source3/lib/util.c:815(smb_panic_s3) PANIC (pid 351):
> sys_setgroups failed

You originally posted you are using Ubuntu 18.04, was this a typo:

Samba Version 4.6.7

Should it have been 4.7.6 ?

You shouldn't be getting a panic, is anything getting in the way ?
I would stop Aparmor and any firewall, double check you have all the required packages installed.
You mentioned that you started this as a migration, but from what ?
Did you run the classicupgrade tool and if so how ?
Did you provision a new domain and if so how ?
Did you do something else ??


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com ______________________________________________________________________

More information about the samba mailing list