[Samba] samba ad errors in log

Rowland penny rpenny at samba.org
Sat Oct 24 15:11:49 UTC 2020


On 24/10/2020 15:44, Sonic via samba wrote:
> I'm seeing a lot of these errors from a Samba 4.13.0 DC running on
> Debian Buster, the smb.conf is untouched from that which was created
> via a classic upgrade.
> ===============================
> Oct 24 10:25:43 srvr01 samba[26688]: [2020/10/24 10:25:43.886363,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> Oct 24 10:25:43 srvr01 samba[26688]:   /usr/local/samba/sbin/samba_dnsupdate:
> dns_tkey_gssnegotiate: TKEY is unacceptable
> Oct 24 10:25:43 srvr01 samba[26688]: [2020/10/24 10:25:43.970786,  0]
> ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> Oct 24 10:25:43 srvr01 samba[26688]:   /usr/local/samba/sbin/samba_dnsupdate:
> dns_tkey_gssnegotiate: TKEY is unacceptable
> Oct 24 10:25:43 srvr01 samba[26688]: [2020/10/24 10:25:43.996118,  0]
> ../../source4/dsdb/dns/dns_update.c:86(dnsupdate_nameupdate_done)
> Oct 24 10:25:43 srvr01 samba[26688]:   dnsupdate_nameupdate_done: Failed DNS
> update with exit code 2
> Oct 24 10:32:15 srvr01 smbd[18336]: [2020/10/24 10:32:15.313981,  0]
> ../../source3/smbd/service.c:169(chdir_current_service)
> Oct 24 10:32:15 srvr01 smbd[18336]:   chdir_current_service:
> vfs_ChDir(/usr/local/samba/var/locks/sysvol) failed: Permission denied. Current
> token: uid=5035,
> Oct 24 10:32:15 srvr01 smbd[18336]: [2020/10/24 10:32:15.343201,  0]
> ../../source3/smbd/service.c:169(chdir_current_service)
> Oct 24 10:32:15 srvr01 smbd[18336]:   chdir_current_service:
> vfs_ChDir(/usr/local/samba/var/locks/sysvol) failed: Permission denied. Current
> token: uid=5035,
> Oct 24 10:32:15 srvr01 smbd[18336]: [2020/10/24 10:32:15.343972,  0]
> ../../source3/smbd/service.c:169(chdir_current_service)
> Oct 24 10:32:15 srvr01 smbd[18336]:   chdir_current_service:
> vfs_ChDir(/usr/local/samba/var/locks/sysvol) failed: Permission denied. Current
> token: uid=5035,
> Oct 24 10:32:15 srvr01 smbd[18336]: [2020/10/24 10:32:15.344623,  0]
> ../../source3/smbd/service.c:169(chdir_current_service)
> Oct 24 10:32:15 srvr01 smbd[18336]:   chdir_current_service:
> vfs_ChDir(/usr/local/samba/var/locks/sysvol) failed: Permission denied. Current
> token: uid=5035,
> Oct 24 10:32:15 srvr01 smbd[18336]: [2020/10/24 10:32:15.345268,  0]
> ../../source3/smbd/service.c:169(chdir_current_service)
> Oct 24 10:32:15 srvr01 smbd[18336]:   chdir_current_service:
> vfs_ChDir(/usr/local/samba/var/locks/sysvol) failed: Permission denied. Current
> token: uid=5035,
> Oct 24 10:32:15 srvr01 smbd[18336]: [2020/10/24 10:32:15.345987,  0]
> ../../source3/smbd/service.c:169(chdir_current_service)
> Oct 24 10:32:15 srvr01 smbd[18336]:   chdir_current_service:
> vfs_ChDir(/usr/local/samba/var/locks/sysvol) failed: Permission denied. Current
> token: uid=5035,
> Oct 24 10:32:15 srvr01 smbd[18336]: [2020/10/24 10:32:15.347542,  0]
> ../../source3/smbd/service.c:169(chdir_current_service)
> Oct 24 10:32:15 srvr01 smbd[18336]:   chdir_current_service:
> vfs_ChDir(/usr/local/samba/var/locks/sysvol) failed: Permission denied. Current
> token: uid=5035,
> Oct 24 10:32:15 srvr01 smbd[18336]: [2020/10/24 10:32:15.348141,  0]
> ../../source3/smbd/service.c:169(chdir_current_service)
> Oct 24 10:32:15 srvr01 smbd[18336]:   chdir_current_service:
> vfs_ChDir(/usr/local/samba/var/locks/sysvol) failed: Permission denied. Current
> token: uid=5035,
> Oct 24 10:32:15 srvr01 smbd[18336]: [2020/10/24 10:32:15.348730,  0]
> ../../source3/smbd/service.c:169(chdir_current_service)
> Oct 24 10:32:15 srvr01 smbd[18336]:   chdir_current_service:
> vfs_ChDir(/usr/local/samba/var/locks/sysvol) failed: Permission denied. Current
> token: uid=5035,
> Oct 24 10:32:15 srvr01 smbd[18336]: [2020/10/24 10:32:15.349318,  0]
> ../../source3/smbd/service.c:169(chdir_current_service)
> Oct 24 10:32:15 srvr01 smbd[18336]:   chdir_current_service:
> vfs_ChDir(/usr/local/samba/var/locks/sysvol) failed: Permission denied. Current
> token: uid=5035,
> Oct 24 10:32:15 srvr01 smbd[18336]: [2020/10/24 10:32:15.350016,  0]
> ../../source3/smbd/service.c:169(chdir_current_service)
> Oct 24 10:32:15 srvr01 smbd[18336]:   chdir_current_service:
> vfs_ChDir(/usr/local/samba/var/locks/sysvol) failed: Permission denied. Current
> token: uid=5035,
> Oct 24 10:32:30 srvr01 smbd[18336]: [2020/10/24 10:32:30.390516,  0]
> ../../source3/smbd/service.c:169(chdir_current_service)
> Oct 24 10:32:30 srvr01 smbd[18336]:   chdir_current_service:
> vfs_ChDir(/usr/local/samba/var/locks/sysvol) failed: Permission denied. Current
> token: uid=5035,
> Oct 24 10:32:50 srvr01 named[24228]: samba_dlz: starting transaction on zone
> example.com
> Oct 24 10:32:50 srvr01 named[24228]: client @0x7fd0fc01a040
> 192.168.7.176#64721: update 'example.com/IN' denied
> Oct 24 10:32:50 srvr01 named[24228]: samba_dlz: cancelling transaction on zone
> example.com
> Oct 24 10:32:50 srvr01 named[24228]: samba_dlz: starting transaction on zone
> example.com
> Oct 24 10:32:50 srvr01 named[24228]: client @0x7fd0fc01a040
> 192.168.7.176#63427: update 'example.com/IN' denied
> Oct 24 10:32:50 srvr01 named[24228]: samba_dlz: cancelling transaction on zone
> example.com
> ===============================
> Any clues as to why?

You seem to have three things going wrong there, the keytab that 
samba-dnsupdate is using isn't being accepted, user '5035' is being 
denied access to sysvol and a client is being denied updating its record.

Does the DC use itself as the first nameserver in /etc/resolv.conf ?

Who is user '5035' ?

What is '192.168.7.176' ? A Windows client or what ? Is anything else 
updating the dns in AD ?

Rowland






More information about the samba mailing list