[Samba] Log errors on domain member

Peter Milesson miles at atmos.eu
Tue Jan 31 16:54:14 UTC 2023



On 31.01.2023 14:33, Rowland Penny via samba wrote:
>
>
> On 31/01/2023 06:59, Peter Milesson via samba wrote:
>> Hi folks,
>>
>> The smb.conf and other information after specification of the problems.
>>
>> The journal on a AD domain member server is cluttered with permission 
>> denied entries of this message pair:
>>
>>     Jan 31 07:02:26 konsrvfast smbd[436004]: [2023/01/31
>>     07:02:26.083500,  0, effective(11025, 10515), real(11025, 0)]
>>     ../../source3/smbd/smb2_service.c:168(chdir_current_service)
>>
>>     Jan 31 07:02:26 konsrvfast smbd[436004]: chdir_current_service:
>>     vfs_ChDir(/data/samba/profiles) failed: Permission denied. Current
>>     token: uid=11025, gid=10515, 5 groups: 11025 10515 3003 3004 3006
>>
>> uid=11025 is a Windows 10 workstation, and gid=10515 is the domain 
>> computers object.
>>
>>
>> There are also recurring entry blocks of the following type:
>>
>>     Jan 30 19:55:39 konsrvfast rpcd_classic[358632]: [2023/01/30
>>     19:55:39.802586,  0, effective(11006, 10513), real(11006, 0)]
>>     ../../lib/util/debug.c:1264(reopen_one_log)
>>     Jan 30 19:55:39 konsrvfast rpcd_classic[358632]: reopen_one_log:
>>     Unable to open new log file '/var/log/samba/log.rpcd_classic':
>>     Permission denied
>>     Jan 30 19:55:39 konsrvfast rpcd_classic[358632]: [2023/01/30
>>     19:55:39.803020,  0, effective(11006, 10513), real(11006, 0)]
>>     ../../lib/util/debug.c:1264(reopen_one_log)
>>     Jan 30 19:55:39 konsrvfast rpcd_classic[358632]: reopen_one_log:
>>     Unable to open new log file '/var/log/samba/log.rpcd_classic':
>>     Permission denied
>>     Jan 30 19:55:39 konsrvfast rpcd_classic[358632]: [2023/01/30
>>     19:55:39.803056,  0, effective(11006, 10513), real(11006, 0)]
>>     ../../lib/util/debug.c:1264(reopen_one_log)
>>     Jan 30 19:55:39 konsrvfast rpcd_classic[358632]: reopen_one_log:
>>     Unable to open new log file '/var/log/samba/log.rpcd_classic':
>>     Permission denied
>>     Jan 30 19:55:55 konsrvfast rpcd_classic[358632]: [2023/01/30
>>     19:55:55.231090,  0, effective(11006, 10513), real(11006, 0)]
>>     ../../source3/lib/sharesec.c:161(share_info_db_init)
>>     Jan 30 19:55:55 konsrvfast rpcd_classic[358632]:   Failed to open
>>     share info database /var/lib/samba/share_info.tdb (Permission 
>> denied)
>>     Jan 30 19:55:59 konsrvfast rpcd_classic[358632]: [2023/01/30
>>     19:55:59.715024,  0, effective(11006, 10513), real(11006, 0)]
>>     ../../source3/lib/sharesec.c:161(share_info_db_init)
>>
>>
>> After scanning the samba logs I found the following:
>>
>> */var/log/samba/log.rpcd_classic (those 2 entries occur frequently)*
>>
>>     [2023/01/30 15:15:28.729356,  0, effective(11156, 10513),
>>     real(11156, 0)] ../../lib/util/debug.c:1264(reopen_one_log)
>>     reopen_one_log: Unable to open new log file
>>     '/var/log/samba/log.rpcd_classic': Permission denied
>>
>>     [2023/01/30 20:09:09.054259,  0, effective(11006, 10513),
>>     real(11006, 0)]
>>     ../../source3/lib/sharesec.c:161(share_info_db_init)  Failed to open
>>     share info database /var/lib/samba/share_info.tdb (Permission 
>> denied)
>>
>>
>> */var/log/samba/log.samba-dcerpcd (the following block repeats 
>> frequently)*
>>
>>     [2023/01/30 15:31:55.316639,  1, effective(0, 0), real(0, 0)]
>> ../../source3/rpc_client/cli_pipe.c:3014(rpc_pipe_open_ncalrpc)
>>     rpc_pipe_open_ncalrpc: connect(/run/samba/ncalrpc/EPMAPPER) failed:
>>     No such file or directory
>>     [2023/01/30 15:31:55.341724,  1, effective(0, 0), real(0, 0)]
>>     ../../source3/rpc_server/rpc_host.c:1763(rpc_worker_exited)
>>     rpc_worker_exited: No worker with PID 328204
>>     [2023/01/30 15:34:13,  0] 
>> ../../source3/rpc_server/rpc_host.c:2966(main)
>>
>> When checking the directory /run/samba/ncalrpc there is really no 
>> such file as EPMAPPER, but there exists /run/samba/ncalrpc/np/epmapper
>>
>>
>> */var/log/samba/smbd.log (the following entry is spawned thousands of 
>> times within a second)*
>>
>> [2023/01/30 20:07:59.636915,  1, effective(11006, 10513), real(11006, 
>> 0)] ../../source3/auth/token_util.c:1020(create_token_from_sid)
>>    getpwuid(1011) failed
>>
>>
>> */var/log/samba/winbindd (the entries below frequently occuring)*
>>
>> [2023/01/30 23:34:57.527639,  1, effective(0, 0), real(0, 0)] 
>> ../../source3/winbindd/winbindd_getpwuid.c:118(winbindd_getpwuid_recv)
>>    Could not convert sid S-0-0: NT_STATUS_NO_SUCH_USER
>>
>> [2023/01/31 00:17:01.889654,  1, effective(0, 0), real(0, 0)] 
>> ../../source3/winbindd/winbindd_getgroups.c:259(winbindd_getgroups_recv)
>>    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
>>
>> (occurs several times per second, hundreds of consecutive entries)
>> [2023/01/30 23:30:50.246781,  1, effective(0, 0), real(0, 0)] 
>> ../../source3/winbindd/winbindd_getgrgid.c:124(winbindd_getgrgid_recv)
>>    Could not convert sid S-0-0: NT_STATUS_NO_SUCH_GROUP
>>
>>
>>  From the users point of view everything seems normal, there have 
>> been no complaints about inaccessible folders or files, or other 
>> permission issues.
>>
>> The server is a member of a AD domain, and everything in the domain 
>> is managed via the RSAT tools. There are only Windows ACLs, no Posix 
>> ACLs. There are only a couple of local linux accounts for server 
>> administration, with user names that do not conflict with AD user 
>> names. The domain is working, no DNS problems.
>>
>> If would be grateful if somebody could point out what's going wrong 
>> here.
>>
>
> I don't think anything is going wrong here, it just seems that, 
> lately, Samba has got very chatty. You are about the third person to 
> raise this 'problem', I wonder if it has something to do with all the 
> changes there have been lately ???
>
> Perhaps you would like to raise a bug report about this ?
>
> Rowland
>
>
Hi Rowland,

Thanks for taking your time with my problem.

I just had a look at the journal, and within 2 seconds, there were a 
couple of hundreds of the message about permission denied. So yes, I 
would definitely like to raise a bug report about this. If there is 
something in red in the journal, you definitely don't want it there if 
it doesn't indicate some extraordinary behavior.

Best regards,

Peter





More information about the samba mailing list