[Samba] Client Group Policy: talloc_free error

Roy Eastwood spindles7 at gmail.com
Fri Mar 12 08:57:01 UTC 2021 

Since I added the GPO below I now get the following messages in syslog on the client machine (MOGGY):
Mar 12 00:18:17 moggy winbindd[620]: [2021/03/12 00:18:17.054799,  0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Mar 12 00:18:17 moggy winbindd[620]:   /usr/sbin/samba-gpupdate: add_local_groups: SID
S-1-5-21-4012640977-2272627666-3977488320-5102 -> getpwuid(15102) failed, is nsswitch configured?
Mar 12 00:18:17 moggy winbindd[620]: [2021/03/12 00:18:17.056451,  0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Mar 12 00:18:17 moggy winbindd[620]:   /usr/sbin/samba-gpupdate: Traceback (most recent call last):
Mar 12 00:18:17 moggy winbindd[620]: [2021/03/12 00:18:17.056569,  0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Mar 12 00:18:17 moggy winbindd[620]:   /usr/sbin/samba-gpupdate:   File "/usr/sbin/samba-gpupdate", line 103, in <module>
Mar 12 00:18:17 moggy winbindd[620]: [2021/03/12 00:18:17.056599,  0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Mar 12 00:18:17 moggy winbindd[620]:   /usr/sbin/samba-gpupdate:     apply_gp(lp, creds, logger, store, gp_extensions, opts.force)
Mar 12 00:18:17 moggy winbindd[620]: [2021/03/12 00:18:17.056625,  0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Mar 12 00:18:17 moggy winbindd[620]:   /usr/sbin/samba-gpupdate:   File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 437,
in apply_gp
Mar 12 00:18:17 moggy winbindd[620]: [2021/03/12 00:18:17.056652,  0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Mar 12 00:18:17 moggy winbindd[620]:   /usr/sbin/samba-gpupdate:     gpos = get_gpo_list(dc_hostname, creds, lp)
Mar 12 00:18:17 moggy winbindd[620]: [2021/03/12 00:18:17.056677,  0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Mar 12 00:18:17 moggy winbindd[620]:   /usr/sbin/samba-gpupdate:   File "/usr/lib/python3/dist-packages/samba/gpclass.py", line 370,
in get_gpo_list
Mar 12 00:18:17 moggy winbindd[620]: [2021/03/12 00:18:17.056733,  0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Mar 12 00:18:17 moggy winbindd[620]:   /usr/sbin/samba-gpupdate:     gpos = ads.get_gpo_list(creds.get_username())
Mar 12 00:18:17 moggy winbindd[620]: [2021/03/12 00:18:17.056768,  0] ../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Mar 12 00:18:17 moggy winbindd[620]:   /usr/sbin/samba-gpupdate: RuntimeError: Failed to get machine token for
'MOGGY$'(CN=MOGGY,OU=debian,DC=microlynx,DC=org): The specified account does not exist.

Any ideas how to fix this?

TIA,

Roy

ON 11 March 2021 12:24 Roy Eastwood wrote:
> Hi,
> I am trying to test out the use of Group Policy for winbind clients as added in the latest samba version: 4.14.0    Following the
> WiKi at https://wiki.samba.org/index.php/Group_Policy I have set up a client (running Debian Buster and Samba 4.14.0 from Louis'
> repo) by adding the required line to the global section of smb.conf (apply group policies = yes).    The domain controllers have
> also been updated to 4.14.0 and the samba admx file has been added to sysvol.   I have configured a setting for smb.conf using the
> Group Policy Editor from Windows and the client machine has been added to an OU with the policy applied.   I have restarted smbd
> and
> winbind on the client.   When I enter samba-gpupdate I get the following error:
> 
> root at moggy:~# samba-gpupdate
> ERROR: talloc_free with references at ../../libgpo/pygpo.c:481
>         reference at ../../pytalloc_util.c:164
>         reference at ../../pytalloc_util.c:164
>         reference at ../../pytalloc_util.c:164
> Failed downloading gpt cache from 'pi-dc.microlynx.org' using SMB
> 
> If I provide the Administrator user and password the error changes to:
> root at moggy:~# samba-gpupdate -Uadministrator
> Password for [MICROLYNX\administrator]:
> ERROR: talloc_free with references at ../../libgpo/pygpo.c:481
>         reference at ../../pytalloc_util.c:164
>         reference at ../../pytalloc_util.c:164
> ltdb: tdb(/var/lib/samba/private/sam.ldb): tdb_open_ex: could not open file /var/lib/samba/private/sam.ldb: No such file or
> directory
> 
> Unable to open tdb '/var/lib/samba/private/sam.ldb': No such file or directory
> Failed to connect to 'tdb:///var/lib/samba/private/sam.ldb' with backend 'tdb': Unable to open tdb
'/var/lib/samba/private/sam.ldb':
> No such file or directory
> Failed to apply extension  <class 'samba.gp_sec_ext.gp_access_ext'>
> Message was: Failed to load SamDB for assigning Group Policy
> 
> A reboot of the client did not improve matters.     I tried adding the line: 'allow group policies = yes' to the domain
controllers'
> smb.conf but that did not make any difference either.      I am obviously missing something, any advice will be appreciated.
> 
> Roy

More information about the samba mailing list