[Samba] urgent problem with samba 4.13 and chown/chgrp

Wed Feb 10 21:19:24 UTC 2021

On 2/10/2021 3:49 PM, Jason Keltz via samba wrote:
> I'm trying to use chown/chgrp commands on files on NFS storage.
>
> Take a file "l" that I touched:
>
> -rw------- 1 jas tech 0 Feb 10 15:21 l
>
> (note that user and group mapping is working perfectly)
>
> % chgrp core l
> chgrp: changing group of ‘l’: Invalid argument
>
> The problem is not the group:
>
> % getent group core
> core:x:1001:
>
> % wbinfo -n 'core'
> S-1-5-21-1981678738-1545235886-4256466701-6765 SID_DOM_GROUP (2)
>
> % wbinfo -Y 'S-1-5-21-1981678738-1545235886-4256466701-6765'
> 1001
>
> The problem is not the user:
>
> % getent passwd jas
>
> jas:*:1004:1000::/cs/home/jas:/cs/local/bin/tcsh
>
> When looking at an strace of the chgrp above, I see this odd call:
>
> fchownat(AT_FDCWD, "l", -1, 1001, 0) = -1 EINVAL (Invalid argument)
>
> Where the third argument should be my uid 1004 and is instead -1.
>
> In smb.conf:
>
> idmap config * : backend = tdb
> idmap config * : range = 1000000-1999999
>
> # idmap config for the EECSYORKUCA domain
> # range should match UNIX ID in AD
>
> idmap config EECSYORKUCA : backend = ad
> idmap config EECSYORKUCA : schema_mode = rfc2307
> idmap config EECSYORKUCA : range = 1000-999999
> idmap config EECSYORKUCA : unix_primary_group = yes
> idmap config EECSYORKUCA : unix_nss_info = yes
>
> Yes, and in /etc/nsswitch.conf:
>
> passwd:     files winbind
> shadow:     files
> group:      files winbind
>
> As a side note, if I try to change the ownership of the file, I get a 
> similar behaviour.
>
> This is a showstopper if I can't get this figured out. :( panic 
> setting in....
>
> (I'm positive I used chown/chgrp with 4.11 successfully.) 

Actually, if I work in /tmp on my machine, I can change the group 
ownership of a file so it has to do with a file from the NFS server.

If I try a Linux client that is not in the domain, then I can change the 
group successfully.

If I put the group into /etc/group on the file server, then it works on 
the AD client which seems weird.

So this probably has something to do with the file server... I've 
restarted winbind there, but that didn't solve it....

The file server has the identical winbind config as the client.

I wonder if I need to reshare the mount because when the mount was 
originally mounted, the group was in /etc/group, but then /etc/group was 
reduced, and the group transferred to AD.

Hopefully to be figured out.

Jason.