[Samba] Log errors on domain member
Rowland Penny
rpenny at samba.org
Tue Jan 31 13:33:46 UTC 2023
On 31/01/2023 06:59, Peter Milesson via samba wrote:
> Hi folks,
>
> The smb.conf and other information after specification of the problems.
>
> The journal on a AD domain member server is cluttered with permission
> denied entries of this message pair:
>
> Jan 31 07:02:26 konsrvfast smbd[436004]: [2023/01/31
> 07:02:26.083500, 0, effective(11025, 10515), real(11025, 0)]
> ../../source3/smbd/smb2_service.c:168(chdir_current_service)
>
> Jan 31 07:02:26 konsrvfast smbd[436004]: chdir_current_service:
> vfs_ChDir(/data/samba/profiles) failed: Permission denied. Current
> token: uid=11025, gid=10515, 5 groups: 11025 10515 3003 3004 3006
>
> uid=11025 is a Windows 10 workstation, and gid=10515 is the domain
> computers object.
>
>
> There are also recurring entry blocks of the following type:
>
> Jan 30 19:55:39 konsrvfast rpcd_classic[358632]: [2023/01/30
> 19:55:39.802586, 0, effective(11006, 10513), real(11006, 0)]
> ../../lib/util/debug.c:1264(reopen_one_log)
> Jan 30 19:55:39 konsrvfast rpcd_classic[358632]: reopen_one_log:
> Unable to open new log file '/var/log/samba/log.rpcd_classic':
> Permission denied
> Jan 30 19:55:39 konsrvfast rpcd_classic[358632]: [2023/01/30
> 19:55:39.803020, 0, effective(11006, 10513), real(11006, 0)]
> ../../lib/util/debug.c:1264(reopen_one_log)
> Jan 30 19:55:39 konsrvfast rpcd_classic[358632]: reopen_one_log:
> Unable to open new log file '/var/log/samba/log.rpcd_classic':
> Permission denied
> Jan 30 19:55:39 konsrvfast rpcd_classic[358632]: [2023/01/30
> 19:55:39.803056, 0, effective(11006, 10513), real(11006, 0)]
> ../../lib/util/debug.c:1264(reopen_one_log)
> Jan 30 19:55:39 konsrvfast rpcd_classic[358632]: reopen_one_log:
> Unable to open new log file '/var/log/samba/log.rpcd_classic':
> Permission denied
> Jan 30 19:55:55 konsrvfast rpcd_classic[358632]: [2023/01/30
> 19:55:55.231090, 0, effective(11006, 10513), real(11006, 0)]
> ../../source3/lib/sharesec.c:161(share_info_db_init)
> Jan 30 19:55:55 konsrvfast rpcd_classic[358632]: Failed to open
> share info database /var/lib/samba/share_info.tdb (Permission denied)
> Jan 30 19:55:59 konsrvfast rpcd_classic[358632]: [2023/01/30
> 19:55:59.715024, 0, effective(11006, 10513), real(11006, 0)]
> ../../source3/lib/sharesec.c:161(share_info_db_init)
>
>
> After scanning the samba logs I found the following:
>
> */var/log/samba/log.rpcd_classic (those 2 entries occur frequently)*
>
> [2023/01/30 15:15:28.729356, 0, effective(11156, 10513),
> real(11156, 0)] ../../lib/util/debug.c:1264(reopen_one_log)
> reopen_one_log: Unable to open new log file
> '/var/log/samba/log.rpcd_classic': Permission denied
>
> [2023/01/30 20:09:09.054259, 0, effective(11006, 10513),
> real(11006, 0)]
> ../../source3/lib/sharesec.c:161(share_info_db_init) Failed to open
> share info database /var/lib/samba/share_info.tdb (Permission denied)
>
>
> */var/log/samba/log.samba-dcerpcd (the following block repeats frequently)*
>
> [2023/01/30 15:31:55.316639, 1, effective(0, 0), real(0, 0)]
> ../../source3/rpc_client/cli_pipe.c:3014(rpc_pipe_open_ncalrpc)
> rpc_pipe_open_ncalrpc: connect(/run/samba/ncalrpc/EPMAPPER) failed:
> No such file or directory
> [2023/01/30 15:31:55.341724, 1, effective(0, 0), real(0, 0)]
> ../../source3/rpc_server/rpc_host.c:1763(rpc_worker_exited)
> rpc_worker_exited: No worker with PID 328204
> [2023/01/30 15:34:13, 0]
> ../../source3/rpc_server/rpc_host.c:2966(main)
>
> When checking the directory /run/samba/ncalrpc there is really no such
> file as EPMAPPER, but there exists /run/samba/ncalrpc/np/epmapper
>
>
> */var/log/samba/smbd.log (the following entry is spawned thousands of
> times within a second)*
>
> [2023/01/30 20:07:59.636915, 1, effective(11006, 10513), real(11006,
> 0)] ../../source3/auth/token_util.c:1020(create_token_from_sid)
> getpwuid(1011) failed
>
>
> */var/log/samba/winbindd (the entries below frequently occuring)*
>
> [2023/01/30 23:34:57.527639, 1, effective(0, 0), real(0, 0)]
> ../../source3/winbindd/winbindd_getpwuid.c:118(winbindd_getpwuid_recv)
> Could not convert sid S-0-0: NT_STATUS_NO_SUCH_USER
>
> [2023/01/31 00:17:01.889654, 1, effective(0, 0), real(0, 0)]
> ../../source3/winbindd/winbindd_getgroups.c:259(winbindd_getgroups_recv)
> Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
>
> (occurs several times per second, hundreds of consecutive entries)
> [2023/01/30 23:30:50.246781, 1, effective(0, 0), real(0, 0)]
> ../../source3/winbindd/winbindd_getgrgid.c:124(winbindd_getgrgid_recv)
> Could not convert sid S-0-0: NT_STATUS_NO_SUCH_GROUP
>
>
> From the users point of view everything seems normal, there have been
> no complaints about inaccessible folders or files, or other permission
> issues.
>
> The server is a member of a AD domain, and everything in the domain is
> managed via the RSAT tools. There are only Windows ACLs, no Posix ACLs.
> There are only a couple of local linux accounts for server
> administration, with user names that do not conflict with AD user names.
> The domain is working, no DNS problems.
>
> If would be grateful if somebody could point out what's going wrong here.
>
I don't think anything is going wrong here, it just seems that, lately,
Samba has got very chatty. You are about the third person to raise this
'problem', I wonder if it has something to do with all the changes there
have been lately ???
Perhaps you would like to raise a bug report about this ?
Rowland
More information about the samba
mailing list