[Samba] accidentally upgraded DC to 4.17.3 ... didn't work
Stefan G. Weichinger
lists at xunil.at
Thu Nov 24 09:32:48 UTC 2022
Am 24.11.22 um 10:01 schrieb Michael Tokarev:
> 24.11.2022 11:46, Stefan G. Weichinger via samba wrote:
>
>> Hm, I see it in ps:
>>
>> # ps axf | egrep "winbindd"
>> 5281 pts/0 S+ 0:00 \_ grep -E winbindd
>> 5153 ? S 0:00 | \_ samba: task[winbindd] pre-fork
>> master
>> 5159 ? Ss 0:00 | \_ /usr/sbin/winbindd -D
>> --option=server role check:inhibit=yes --foreground
>> 5186 ? S 0:00 | \_ winbindd: domain
>> child [ARBEITSGRUPPE]
>
> There's no idmap child in there. There should be 3 of them
> (also domain child {builtin]);
It gets even stranger:
now the processes are there:
# ps axf | egrep "winbindd"
6516 pts/0 S+ 0:00 | \_ grep -E winbindd
5960 ? S 0:00 | \_ samba: task[winbindd] pre-fork master
5967 ? Ss 0:03 | \_ /usr/sbin/winbindd -D
--option=server role check:inhibit=yes --foreground
5986 ? S 0:00 | \_ winbindd: domain child
[ARBEITSGRUPPE]
6311 ? S 0:00 | \_ winbindd: domain child
[BUILTIN]
6312 ? S 0:00 | \_ winbindd: idmap child
# tail log.samba
[2022/11/24 10:30:01.604138, 2]
../../source4/dns_server/dns_update.c:824(dns_server_process_update)
Got a dns update request.
[2022/11/24 10:30:01.604970, 2]
../../source4/dns_server/dns_update.c:781(dns_update_allowed)
Update not allowed for unsigned packet.
[2022/11/24 10:30:01.629463, 1]
../../source4/auth/gensec/gensec_gssapi.c:791(gensec_gssapi_update_internal)
GSS server Update(krb5)(1) Update failed: Miscellaneous failure (see
text): Decrypt integrity check failed for checksum type
hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96
[2022/11/24 10:30:01.629577, 1]
../../auth/gensec/spnego.c:1242(gensec_spnego_server_negTokenInit_step)
gensec_spnego_server_negTokenInit_step: gssapi_krb5: parsing
NEG_TOKEN_INIT content failed (next[(null)]): NT_STATUS_LOGON_FAILURE
[2022/11/24 10:30:01.629641, 1]
../../source4/dns_server/dns_query.c:888(handle_tkey)
GSS key negotiation returned NT_STATUS_LOGON_FAILURE
# log.winbindd-idmap
[2022/11/24 10:17:33.421300, 4]
../../source3/winbindd/winbindd_dual.c:1641(child_handler)
Finished processing child request 55
[2022/11/24 10:17:33.423146, 4]
../../source3/winbindd/winbindd_dual.c:1633(child_handler)
child daemon request 55
[2022/11/24 10:17:33.423173, 4]
../../source3/winbindd/winbindd_dual.c:1641(child_handler)
Finished processing child request 55
[2022/11/24 10:17:33.424572, 4]
../../source3/winbindd/winbindd_dual.c:1633(child_handler)
child daemon request 55
[2022/11/24 10:17:33.424593, 4]
../../source3/winbindd/winbindd_dual.c:1641(child_handler)
Finished processing child request 55
[2022/11/24 10:17:33.426483, 4]
../../source3/winbindd/winbindd_dual.c:1633(child_handler)
child daemon request 55
[2022/11/24 10:17:33.426511, 4]
../../source3/winbindd/winbindd_dual.c:1641(child_handler)
Finished processing child request 55
# tail log.wb-ARBEITSGRUPPE
[2022/11/24 10:29:55.915181, 3]
../../source3/winbindd/winbindd_samr.c:613(sam_name_to_sid)
sam_name_to_sid: ARBEITSGRUPPE\POSTFIX
[2022/11/24 10:29:55.915625, 4]
../../source3/winbindd/winbindd_dual.c:1641(child_handler)
Finished processing child request 55
[2022/11/24 10:29:55.917674, 4]
../../source3/winbindd/winbindd_dual.c:1633(child_handler)
child daemon request 55
[2022/11/24 10:29:55.917737, 3]
../../source3/winbindd/winbindd_samr.c:613(sam_name_to_sid)
sam_name_to_sid: ARBEITSGRUPPE\MONIT
[2022/11/24 10:29:55.918105, 4]
../../source3/winbindd/winbindd_dual.c:1641(child_handler)
Finished processing child request 55
# tail log.winbindd
[2022/11/24 10:31:40.400440, 3]
../../source3/winbindd/winbindd_getpwnam.c:59(winbindd_getpwnam_send)
[nss_winbind (3886)] Winbind external command GETPWNAM start.
Query username '*'.
[2022/11/24 10:31:40.400457, 5]
../../source3/winbindd/wb_lookupname.c:52(wb_lookupname_send)
WB command lookupname start.
Search namespace 'ARBEITSGRUPPE' and domain 'ARBEITSGRUPPE' for name '*'.
[2022/11/24 10:31:40.409343, 1]
../../source3/winbindd/winbindd_getpwnam.c:142(winbindd_getpwnam_recv)
Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2022/11/24 10:31:40.409373, 3]
../../source3/winbindd/winbindd.c:563(process_request_done)
process_request_done: [nss_winbind(3886):GETPWNAM]: NT_STATUS_NONE_MAPPED
# wbinfo -t
could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
could not obtain winbind domain name!
checking the trust secret for domain (null) via RPC calls failed
failed to call wbcCheckTrustCredentials: WBC_ERR_WINBIND_NOT_AVAILABLE
Could not check secret
I might have to restart samba-ad-dc.service, but wait for feedback ...
More information about the samba
mailing list