[Samba] Log errors on domain member
Peter Milesson
miles at atmos.eu
Tue Jan 31 17:59:40 UTC 2023
Sorry, did not send it to the list (damned Thunderbird)...
On 31.01.2023 18:14, Michael Tokarev via samba wrote:
> 31.01.2023 09:59, Peter Milesson via samba пишет:
>
>> The journal on a AD domain member server is cluttered with permission
>> denied entries of this message pair:
>>
>> Jan 31 07:02:26 konsrvfast smbd[436004]: [2023/01/31
>> 07:02:26.083500, 0, effective(11025, 10515), real(11025, 0)]
>> ../../source3/smbd/smb2_service.c:168(chdir_current_service)
>>
>> Jan 31 07:02:26 konsrvfast smbd[436004]: chdir_current_service:
>> vfs_ChDir(/data/samba/profiles) failed: Permission denied. Current
>> token: uid=11025, gid=10515, 5 groups: 11025 10515 3003 3004 3006
>>
>> uid=11025 is a Windows 10 workstation, and gid=10515 is the domain
>> computers object.
>
> This will be logged as long as you keep this dir inaccessible.
> I don't know why but win workstations also tries to access
> profile shares for their accounts. It's okay if there's no
> profile for them, but the share itself should be accessible,
> or else this type of message will be logged by samba.
The share permissions are for Everyone (Full Control/Change/Read).
But naturally, the security settings do not include permissions for
machines, only for users/user groups. Everything is set up according to
the Samba Wiki. The uid 11025 is a computer account, and the gid is
"Domain computers".
>
> It is just the permission problem. A user with uid 11025 and the
> specified set of groups can't access the specified directory,
> that's all.
See above, the machine account has got no reason to access the data in
the share.
>
>> There are also recurring entry blocks of the following type:
>>
>> Jan 30 19:55:39 konsrvfast rpcd_classic[358632]: [2023/01/30
>> 19:55:39.802586, 0, effective(11006, 10513), real(11006, 0)]
>> ../../lib/util/debug.c:1264(reopen_one_log)
>> Jan 30 19:55:39 konsrvfast rpcd_classic[358632]: reopen_one_log:
>> Unable to open new log file '/var/log/samba/log.rpcd_classic':
>> Permission denied
>
> And this one is interesting. Does this file exist? Can you tell
> under which uid this process is running? I'm still new to samba
> process model, and I don't even see rpcd_classic process running
> here, - I don't know what it is doing and under which uid it is
> running. But the file exists on my system, and the last entry in there is
>
> [2023/01/04 16:07:20, 0]
> ../../source3/rpc_server/rpc_worker.c:1105(rpc_worker_main)
> rpcd_classic version 4.17.3-Debian started.
>
> which was before 4.17.4 upgrade (it is debian system).
>
> If it is running as root, it shuldn't have issues opening files
> in there.
>
The file /var/log/samba/log.rpcd_classic exists. It's owned by
root:root. The uid 11006 is myself, and gid 10513 is domain users. I
interpret the entry as real permissions for me (uid=11006) and group
root (gid=0).
>> Jan 30 19:55:55 konsrvfast rpcd_classic[358632]: Failed to open
>> share info database /var/lib/samba/share_info.tdb (Permission denied)
>
> And it's the same thing. This file is owned by root:root, mode 0600,
> so if rpcd_classic is not run as root, it wont be able to open this
> file and the log file.
>
> Can someone tell which process it is and under which uid should it run?
I have checked the processes and both smbd and winbindd are running as root
>
>
>> */var/log/samba/smbd.log (the following entry is spawned thousands of
>> times within a second)*
>>
>> [2023/01/30 20:07:59.636915, 1, effective(11006, 10513), real(11006,
>> 0)] ../../source3/auth/token_util.c:1020(create_token_from_sid)
>> getpwuid(1011) failed
>
>
>> */var/log/samba/winbindd (the entries below frequently occuring)*
>>
>> [2023/01/30 23:34:57.527639, 1, effective(0, 0), real(0, 0)]
>> ../../source3/winbindd/winbindd_getpwuid.c:118(winbindd_getpwuid_recv)
>> Could not convert sid S-0-0: NT_STATUS_NO_SUCH_USER
>>
>> [2023/01/31 00:17:01.889654, 1, effective(0, 0), real(0, 0)]
>> ../../source3/winbindd/winbindd_getgroups.c:259(winbindd_getgroups_recv)
>> Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
>>
>> (occurs several times per second, hundreds of consecutive entries)
>> [2023/01/30 23:30:50.246781, 1, effective(0, 0), real(0, 0)]
>> ../../source3/winbindd/winbindd_getgrgid.c:124(winbindd_getgrgid_recv)
>> Could not convert sid S-0-0: NT_STATUS_NO_SUCH_GROUP
>
> I've seen those too (incl. EPMAPPER thing), fixed some of them by
> changing configs
> after googling. But it was lots of many small changes due to various
> other issues,
> I don't recall the details anymore.
>
> Lemme take a look at this rpcd_classic first..
>
> /mjt
>
Thanks for you interest Michael.
Best regards,
Peter
More information about the samba
mailing list