[Samba] Client Group Policy: talloc_free error

Roy Eastwood spindles7 at gmail.com
Thu Apr 8 15:05:55 UTC 2021 

On 12 March 2021 08:57 Roy Eastwood wrote:
> Since I added the GPO below I now get the following messages in syslog on the client machine (MOGGY):
> Mar 12 00:18:17 moggy winbindd[620]: [2021/03/12 00:18:17.054799,  0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> Mar 12 00:18:17 moggy winbindd[620]:   /usr/sbin/samba-gpupdate: add_local_groups: SID S-1-5-21-4012640977-2272627666-
> 3977488320-5102 -> getpwuid(15102) failed, is nsswitch configured?
> Mar 12 00:18:17 moggy winbindd[620]: [2021/03/12 00:18:17.056451,  0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> Mar 12 00:18:17 moggy winbindd[620]:   /usr/sbin/samba-gpupdate: Traceback (most recent call last):
> Mar 12 00:18:17 moggy winbindd[620]: [2021/03/12 00:18:17.056569,  0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> Mar 12 00:18:17 moggy winbindd[620]:   /usr/sbin/samba-gpupdate:   File "/usr/sbin/samba-gpupdate", line 103, in <module>
> Mar 12 00:18:17 moggy winbindd[620]: [2021/03/12 00:18:17.056599,  0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> Mar 12 00:18:17 moggy winbindd[620]:   /usr/sbin/samba-gpupdate:     apply_gp(lp, creds, logger, store, gp_extensions, opts.force)
> Mar 12 00:18:17 moggy winbindd[620]: [2021/03/12 00:18:17.056625,  0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> Mar 12 00:18:17 moggy winbindd[620]:   /usr/sbin/samba-gpupdate:   File "/usr/lib/python3/dist-packages/samba/gpclass.py", line
> 437, in apply_gp
> Mar 12 00:18:17 moggy winbindd[620]: [2021/03/12 00:18:17.056652,  0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> Mar 12 00:18:17 moggy winbindd[620]:   /usr/sbin/samba-gpupdate:     gpos = get_gpo_list(dc_hostname, creds, lp)
> Mar 12 00:18:17 moggy winbindd[620]: [2021/03/12 00:18:17.056677,  0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> Mar 12 00:18:17 moggy winbindd[620]:   /usr/sbin/samba-gpupdate:   File "/usr/lib/python3/dist-packages/samba/gpclass.py", line
> 370, in get_gpo_list
> Mar 12 00:18:17 moggy winbindd[620]: [2021/03/12 00:18:17.056733,  0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> Mar 12 00:18:17 moggy winbindd[620]:   /usr/sbin/samba-gpupdate:     gpos = ads.get_gpo_list(creds.get_username())
> Mar 12 00:18:17 moggy winbindd[620]: [2021/03/12 00:18:17.056768,  0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
> Mar 12 00:18:17 moggy winbindd[620]:   /usr/sbin/samba-gpupdate: RuntimeError: Failed to get machine token for
> 'MOGGY$'(CN=MOGGY,OU=debian,DC=microlynx,DC=org): The specified account does not exist.
> 
> Any ideas how to fix this?
> 
> TIA,
> 
> Roy
> 
> ON 11 March 2021 12:24 Roy Eastwood wrote:
> > Hi,
> > I am trying to test out the use of Group Policy for winbind clients as added in the latest samba version: 4.14.0    Following
the
> > WiKi at https://wiki.samba.org/index.php/Group_Policy I have set up a client (running Debian Buster and Samba 4.14.0 from Louis'
> > repo) by adding the required line to the global section of smb.conf (apply group policies = yes).    The domain controllers have
> > also been updated to 4.14.0 and the samba admx file has been added to sysvol.   I have configured a setting for smb.conf using
the
> > Group Policy Editor from Windows and the client machine has been added to an OU with the policy applied.   I have restarted smbd
> > and
> > winbind on the client.   When I enter samba-gpupdate I get the following error:
> >
> > root at moggy:~# samba-gpupdate
> > ERROR: talloc_free with references at ../../libgpo/pygpo.c:481
> >         reference at ../../pytalloc_util.c:164
> >         reference at ../../pytalloc_util.c:164
> >         reference at ../../pytalloc_util.c:164
> > Failed downloading gpt cache from 'pi-dc.microlynx.org' using SMB
> >
> > If I provide the Administrator user and password the error changes to:
> > root at moggy:~# samba-gpupdate -Uadministrator
> > Password for [MICROLYNX\administrator]:
> > ERROR: talloc_free with references at ../../libgpo/pygpo.c:481
> >         reference at ../../pytalloc_util.c:164
> >         reference at ../../pytalloc_util.c:164
> > ltdb: tdb(/var/lib/samba/private/sam.ldb): tdb_open_ex: could not open file /var/lib/samba/private/sam.ldb: No such file or
> > directory
> >
> > Unable to open tdb '/var/lib/samba/private/sam.ldb': No such file or directory
> > Failed to connect to 'tdb:///var/lib/samba/private/sam.ldb' with backend 'tdb': Unable to open tdb
> '/var/lib/samba/private/sam.ldb':
> > No such file or directory
> > Failed to apply extension  <class 'samba.gp_sec_ext.gp_access_ext'>
> > Message was: Failed to load SamDB for assigning Group Policy
> >
> > A reboot of the client did not improve matters.     I tried adding the line: 'allow group policies = yes' to the domain
controllers'
> > smb.conf but that did not make any difference either.      I am obviously missing something, any advice will be appreciated.
> >
> > Roy

This is also the same on Samba version 4.14.2.   Should I file a bug?

Roy

More information about the samba mailing list