[Samba] Log errors on domain member

Peter Milesson miles at atmos.eu
Tue Jan 31 17:59:40 UTC 2023 

Sorry, did not send it to the list (damned Thunderbird)...

On 31.01.2023 18:14, Michael Tokarev via samba wrote:
> 31.01.2023 09:59, Peter Milesson via samba пишет:
>
>> The journal on a AD domain member server is cluttered with permission 
>> denied entries of this message pair:
>>
>>     Jan 31 07:02:26 konsrvfast smbd[436004]: [2023/01/31
>>     07:02:26.083500,  0, effective(11025, 10515), real(11025, 0)]
>>     ../../source3/smbd/smb2_service.c:168(chdir_current_service)
>>
>>     Jan 31 07:02:26 konsrvfast smbd[436004]: chdir_current_service:
>>     vfs_ChDir(/data/samba/profiles) failed: Permission denied. Current
>>     token: uid=11025, gid=10515, 5 groups: 11025 10515 3003 3004 3006
>>
>> uid=11025 is a Windows 10 workstation, and gid=10515 is the domain 
>> computers object.
>
> This will be logged as long as you keep this dir inaccessible.
> I don't know why but win workstations also tries to access
> profile shares for their accounts. It's okay if there's no
> profile for them, but the share itself should be accessible,
> or else this type of message will be logged by samba.
The share permissions are for Everyone (Full Control/Change/Read).
But naturally, the security settings do not include permissions for 
machines, only for users/user groups. Everything is set up according to 
the Samba Wiki. The uid 11025 is a computer account, and the gid is 
"Domain computers".
>
> It is just the permission problem. A user with uid 11025 and the
> specified set of groups can't access the specified directory,
> that's all.
See above, the machine account has got no reason to access the data in 
the share.
>
>> There are also recurring entry blocks of the following type:
>>
>>     Jan 30 19:55:39 konsrvfast rpcd_classic[358632]: [2023/01/30
>>     19:55:39.802586,  0, effective(11006, 10513), real(11006, 0)]
>>     ../../lib/util/debug.c:1264(reopen_one_log)
>>     Jan 30 19:55:39 konsrvfast rpcd_classic[358632]: reopen_one_log:
>>     Unable to open new log file '/var/log/samba/log.rpcd_classic':
>>     Permission denied
>
> And this one is interesting. Does this file exist?  Can you tell
> under which uid this process is running? I'm still new to samba
> process model, and I don't even see rpcd_classic process running
> here, - I don't know what it is doing and under which uid it is
> running. But the file exists on my system, and the last entry in there is
>
> [2023/01/04 16:07:20,  0] 
> ../../source3/rpc_server/rpc_worker.c:1105(rpc_worker_main)
>   rpcd_classic version 4.17.3-Debian started.
>
> which was before 4.17.4 upgrade (it is debian system).
>
> If it is running as root, it shuldn't have issues opening files
> in there.
>
The file /var/log/samba/log.rpcd_classic exists. It's owned by 
root:root. The uid 11006 is myself, and gid 10513 is domain users. I 
interpret the entry as real permissions for me (uid=11006) and group 
root (gid=0).
>>     Jan 30 19:55:55 konsrvfast rpcd_classic[358632]:   Failed to open
>>     share info database /var/lib/samba/share_info.tdb (Permission denied)
>
> And it's the same thing. This file is owned by root:root, mode 0600,
> so if rpcd_classic is not run as root, it wont be able to open this
> file and the log file.
>
> Can someone tell which process it is and under which uid should it run?
I have checked the processes and both smbd and winbindd are running as root
>
>
>> */var/log/samba/smbd.log (the following entry is spawned thousands of 
>> times within a second)*
>>
>> [2023/01/30 20:07:59.636915,  1, effective(11006, 10513), real(11006, 
>> 0)] ../../source3/auth/token_util.c:1020(create_token_from_sid)
>>    getpwuid(1011) failed
>
>
>> */var/log/samba/winbindd (the entries below frequently occuring)*
>>
>> [2023/01/30 23:34:57.527639,  1, effective(0, 0), real(0, 0)] 
>> ../../source3/winbindd/winbindd_getpwuid.c:118(winbindd_getpwuid_recv)
>>    Could not convert sid S-0-0: NT_STATUS_NO_SUCH_USER
>>
>> [2023/01/31 00:17:01.889654,  1, effective(0, 0), real(0, 0)] 
>> ../../source3/winbindd/winbindd_getgroups.c:259(winbindd_getgroups_recv)
>>    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
>>
>> (occurs several times per second, hundreds of consecutive entries)
>> [2023/01/30 23:30:50.246781,  1, effective(0, 0), real(0, 0)] 
>> ../../source3/winbindd/winbindd_getgrgid.c:124(winbindd_getgrgid_recv)
>>    Could not convert sid S-0-0: NT_STATUS_NO_SUCH_GROUP
>
> I've seen those too (incl. EPMAPPER thing), fixed some of them by 
> changing configs
> after googling. But it was lots of many small changes due to various 
> other issues,
> I don't recall the details anymore.
>
> Lemme take a look at this rpcd_classic first..
>
> /mjt
>
Thanks for you interest Michael.

Best regards,

Peter

More information about the samba mailing list