[Samba] Failed to prepare gensec: NT_STATUS_INVALID_SERVER_STATE

Andrew Bartlett abartlet at samba.org
Tue Nov 23 00:55:52 UTC 2021

On Mon, 2021-11-22 at 19:46 +0100, Flole via samba wrote:
> I'm seeing the same issue since updating to 4.13 on my Ubuntu system
> and 
> I have done additional debugging and reported an issue for the
> Ubuntu 
> package at 
> https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1951490.
> To sum it up here aswell:
> Enabling debug logs show that this is caused by the ownership of a 
> directory which samba complains is not matching:
> [2021/11/19 01:48:37.482365, 4, effective(30000XX, 100),
> real(30000XX, 
> 0)] 
> ../../source3/rpc_server/rpc_ncacn_np.c:110(make_internal_rpc_pipe_so
> cketpair)
>    Create of internal pipe \pipe\spoolss requested
> [2021/11/19 01:48:37.485785, 3, effective(30000XX, 100),
> real(30000XX, 
> 0)] ../../lib/util/util.c:483(directory_create_or_exist_strict)
>    directory_create_or_exist_strict: invalid ownership on directory 
> /var/lib/samba/private/msg.sock
> [2021/11/19 01:48:37.485807, 1, effective(30000XX, 100),
> real(30000XX, 
> 0)] ../../source3/auth/auth_samba4.c:248(prepare_gensec)
>    imessaging_init failed
> The issue is caused by /var/lib/samba/private/msg.sock being owned
> by 
> root:root in my case (and it gets created with those permissions
> aswell 
> if I delete it), but 
> https://github.com/samba-team/samba/blob/db11778b57610e24324aa4342f89918f66157d71/source4/lib/messaging/messaging.c#L507 
> uses geteuid() which is sometimes the user ID of the connecting user
> (as 
> can be seen above, XX is the number that represents the uid of the 
> windows user connecting).
> I am not sure if this is related to my "unable to print"-issue but
> this 
> happens whenever I try to print and whenever the print queue is 
> refreshed by a client.

Thanks for looking into this.  This looks like something you should
report in our bugzilla (not much can be done on the Ubuntu side, so the
launchpad report is only useful to attempt to get the fix backported
there).  Regardless I've sent you an invite.  

Here is the privacy disclaimer, if you are OK with that please finish
creating the account:

  A user account is required to report new bugs or to comment into
  existing ones, as you may be contacted for more information if
  This also lets other users clearly identify who is the author of
  or changes made into bugs. Note that your email address will
  never be displayed to logged out users. Only registered users will be
  able to see it.

  PRIVACY NOTICE: The Samba-Bugzilla is an open bug
  tracking system. Activity on most bugs, including email
  addresses, will be visible to registered users. We recommend using a
  secondary account or free web email service (such as Gmail, Yahoo,
  Hotmail, or similar) to avoid receiving spam at your primary email

Andrew Bartlett

Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source

More information about the samba mailing list