[Samba] Very strange: Samba is unable to access one of its own files

John R. Graham john at graham-family.org
Mon Nov 11 22:34:26 UTC 2024


Got these log messages on Samba startup just now on my AD/DC (including 
the preamble to show the version I'm running):

Nov 11 17:05:18 ceres samba[31981]: [2024/11/11 17:05:18.209145, 0] 
../../source4/samba/server.c:633(binary_smbd_main)
Nov 11 17:05:18 ceres samba[31981]:   samba version 4.19.7 started.
Nov 11 17:05:18 ceres samba[31981]:   Copyright Andrew Tridgell and the 
Samba Team 1992-2023
Nov 11 17:05:18 ceres smbd[31996]: [2024/11/11 17:05:18.534058, 0] 
../../source3/smbd/server.c:1746(main)
Nov 11 17:05:18 ceres smbd[31996]:   smbd version 4.19.7 started.
Nov 11 17:05:18 ceres smbd[31996]:   Copyright Andrew Tridgell and the 
Samba Team 1992-2023
Nov 11 17:05:18 ceres winbindd[32025]: [2024/11/11 17:05:18.623651,  0] 
../../source3/winbindd/winbindd.c:1441(main)
Nov 11 17:05:18 ceres winbindd[32025]:   winbindd version 4.19.7 started.
Nov 11 17:05:18 ceres winbindd[32025]:   Copyright Andrew Tridgell and 
the Samba Team 1992-2023
Nov 11 17:05:30 ceres smbd[32069]:   chdir_current_service: 
vfs_ChDir(/var/lib/samba/sysvol) failed: Permission denied. Current 
token: uid=3000021, gid=3000016, 9 groups: 3000021 3000016 3000019 
3000020 3000010 3000011 3000013 3000006 3000014
Nov 11 17:05:40 ceres smbd[32069]: [2024/11/11 17:05:40.355505, 0] 
../../source3/smbd/smb2_service.c:117(chdir_current_service)
Nov 11 17:05:40 ceres smbd[32069]:   chdir_current_service: 
vfs_ChDir(/var/lib/samba/sysvol) failed: Permission denied. Current 
token: uid=3000021, gid=3000016, 9 groups: 3000021 3000016 3000019 
3000020 3000010 3000011 3000013 3000006 3000014

Looking at the directory in question, there's an odd-looking (at least 
to me) group ID associated with that directory:

ceres /var/lib/samba/sysvol # ls -la /var/lib/samba/sysvol
total 36
drwxrwx---+ 3 root 3000000  3 Apr 18  2023 .
drwxr-xr-x  7 root root    11 Nov 11 17:05 ..
drwxrwx---+ 4 root 3000000  4 Apr 18  2023 samdom.example.com

(Note: domain name anonymized above.)

Should I be concerned?

- John





More information about the samba mailing list