[Samba] Log errors on domain member

Michael Tokarev mjt at tls.msk.ru
Tue Jan 31 17:14:58 UTC 2023


31.01.2023 09:59, Peter Milesson via samba пишет:

> The journal on a AD domain member server is cluttered with permission denied entries of this message pair:
> 
>     Jan 31 07:02:26 konsrvfast smbd[436004]: [2023/01/31
>     07:02:26.083500,  0, effective(11025, 10515), real(11025, 0)]
>     ../../source3/smbd/smb2_service.c:168(chdir_current_service)
> 
>     Jan 31 07:02:26 konsrvfast smbd[436004]:   chdir_current_service:
>     vfs_ChDir(/data/samba/profiles) failed: Permission denied. Current
>     token: uid=11025, gid=10515, 5 groups: 11025 10515 3003 3004 3006
> 
> uid=11025 is a Windows 10 workstation, and gid=10515 is the domain computers object.

This will be logged as long as you keep this dir inaccessible.
I don't know why but win workstations also tries to access
profile shares for their accounts. It's okay if there's no
profile for them, but the share itself should be accessible,
or else this type of message will be logged by samba.

It is just the permission problem. A user with uid 11025 and the
specified set of groups can't access the specified directory,
that's all.

> There are also recurring entry blocks of the following type:
> 
>     Jan 30 19:55:39 konsrvfast rpcd_classic[358632]: [2023/01/30
>     19:55:39.802586,  0, effective(11006, 10513), real(11006, 0)]
>     ../../lib/util/debug.c:1264(reopen_one_log)
>     Jan 30 19:55:39 konsrvfast rpcd_classic[358632]:   reopen_one_log:
>     Unable to open new log file '/var/log/samba/log.rpcd_classic':
>     Permission denied

And this one is interesting. Does this file exist?  Can you tell
under which uid this process is running? I'm still new to samba
process model, and I don't even see rpcd_classic process running
here, - I don't know what it is doing and under which uid it is
running. But the file exists on my system, and the last entry in there is

[2023/01/04 16:07:20,  0] ../../source3/rpc_server/rpc_worker.c:1105(rpc_worker_main)
   rpcd_classic version 4.17.3-Debian started.

which was before 4.17.4 upgrade (it is debian system).

If it is running as root, it shuldn't have issues opening files
in there.

>     Jan 30 19:55:55 konsrvfast rpcd_classic[358632]:   Failed to open
>     share info database /var/lib/samba/share_info.tdb (Permission denied)

And it's the same thing. This file is owned by root:root, mode 0600,
so if rpcd_classic is not run as root, it wont be able to open this
file and the log file.

Can someone tell which process it is and under which uid should it run?


> */var/log/samba/smbd.log (the following entry is spawned thousands of times within a second)*
> 
> [2023/01/30 20:07:59.636915,  1, effective(11006, 10513), real(11006, 0)] ../../source3/auth/token_util.c:1020(create_token_from_sid)
>    getpwuid(1011) failed


> */var/log/samba/winbindd (the entries below frequently occuring)*
> 
> [2023/01/30 23:34:57.527639,  1, effective(0, 0), real(0, 0)] ../../source3/winbindd/winbindd_getpwuid.c:118(winbindd_getpwuid_recv)
>    Could not convert sid S-0-0: NT_STATUS_NO_SUCH_USER
> 
> [2023/01/31 00:17:01.889654,  1, effective(0, 0), real(0, 0)] ../../source3/winbindd/winbindd_getgroups.c:259(winbindd_getgroups_recv)
>    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> 
> (occurs several times per second, hundreds of consecutive entries)
> [2023/01/30 23:30:50.246781,  1, effective(0, 0), real(0, 0)] ../../source3/winbindd/winbindd_getgrgid.c:124(winbindd_getgrgid_recv)
>    Could not convert sid S-0-0: NT_STATUS_NO_SUCH_GROUP

I've seen those too (incl. EPMAPPER thing), fixed some of them by changing configs
after googling. But it was lots of many small changes due to various other issues,
I don't recall the details anymore.

Lemme take a look at this rpcd_classic first..

/mjt



More information about the samba mailing list