Ian Coetzee
2019-Apr-10 10:13 UTC
[Samba] chown: changing ownership of 'test': Invalid argument
Hi Roland On Wed, 10 Apr 2019 at 12:00, Rowland Penny <rpenny at samba.org> wrote:> On Wed, 10 Apr 2019 11:41:52 +0200 > Ian Coetzee <samba at iancoetzee.za.net> wrote: > > > Ho Roland, > > > > Replies inline > > > > > > > > > The only user I have is the jeadmin user which is the domain > > > > admin as well as a local admin user. > > > > > > ER, no, that would be 'Administrator', is 'jeadmin' a member of > > > 'Administrators', 'Domain Admins' or some other such administration > > > group ? > > > > > > > We have a group policy that renames Administrator to jeadmin > > OK, then where ever you see 'Administrator' on the Samba wiki etc, > replace it with 'jeadmin' >Yup. I also normally log into the AD as myself which is part of the Domain Admins group> > > > > > > > > > > > > > > > Should I try renaming the local user? > > > > > > Either that or delete the user from AD or /etc/passwd, you cannot > > > have the same user in both. The user in /etc/password will normally > > > be used on the Unix OS > > > > > > Which is the intended course of action, so I can ssh into the servers > > with the jeadmin account in case the domain is offline (debian ssh > > denies root logins) > > Ever heard of sudo ? > Log in as a normal user and then run everything with sudo, or become > root with 'su -' >Yup, most definitely, use sudo everywhere.> > > > > I will quickly drop the user and see if it makes a difference > > > > > > > before the AD user and will be the opposite way around > > > on Windows. > > > > > > > Yup. and using .\jeadmin to log in as a local user > > > > > > > > > > Try adding this line to smb.conf: > > > > > > winbind enum users = yes, restart or reload Samba, then run 'getent > > > passwd', this should return all users, local and domain. > > > > > > > Oooh I sense a server overload ;-) (Lots of users in the AD) > > I did say remove it after the test, I just wondered if getent was > working correctly. >Yes, yes you did.> > > I am quite confident that nss and winbind are talking to each other > > quite nicely. > > Then why isn't working ? >This is the question leaving me perplexed as well> > Last things to try, start raising the Samba loglevel and see if > anything pops out and check if Apparmor is stopping the chown. >I bumped the loglevel up to 10. What I can glean from the log is: [2019/04/10 10:09:48.041065, 1, pid=15234, effective(0, 0), real(0, 0), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) wbint_LookupSid: struct wbint_LookupSid in: struct wbint_LookupSid sid : * sid : <RED>-1407 [2019/04/10 10:09:48.041888, 10, pid=15234, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4803(wcache_store_ndr) could not fetch seqnum for domain JEOFFICE [2019/04/10 10:09:48.041954, 1, pid=15234, effective(0, 0), real(0, 0), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) wbint_LookupSid: struct wbint_LookupSid out: struct wbint_LookupSid type : * type : SID_NAME_USER (1) domain : * domain : * domain : 'JEOFFICE' name : * name : * name : 'ianc' result : NT_STATUS_OK [2019/04/10 10:09:48.042076, 1, pid=15234, effective(0, 0), real(0, 0), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) wbint_GetNssInfo: struct wbint_GetNssInfo in: struct wbint_GetNssInfo info : * info: struct wbint_userinfo domain_name : * domain_name : 'JEOFFICE' acct_name : * acct_name : 'ianc' full_name : NULL homedir : * homedir : '/home/%D/%U' shell : * shell : '/bin/bash' uid : 0x000000000030d97f (3201407) primary_gid : 0x00000000ffffffff (4294967295) primary_group_name : NULL user_sid : <RED>-1407 group_sid : <RED>-513 [2019/04/10 10:09:48.043212, 1, pid=15234, effective(0, 0), real(0, 0), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) wbint_GetNssInfo: struct wbint_GetNssInfo out: struct wbint_GetNssInfo info : * info: struct wbint_userinfo domain_name : * domain_name : 'JEOFFICE' acct_name : * acct_name : 'ianc' full_name : NULL homedir : * homedir : '/home/%D/%U' shell : * shell : '/bin/bash' uid : 0x000000000030d97f (3201407) primary_gid : 0x00000000ffffffff (4294967295) primary_group_name : NULL user_sid : <RED>-1407 group_sid : <RED>-513 result : NT_STATUS_REQUEST_NOT_ACCEPTED Is this last "NT_STATUS_REQUEST_NOT_ACCEPTED" maybe the problem? I will quickly glance at apparmor> > Rowland > > >
Rowland Penny
2019-Apr-10 11:11 UTC
[Samba] chown: changing ownership of 'test': Invalid argument
On Wed, 10 Apr 2019 12:13:07 +0200 Ian Coetzee <samba at iancoetzee.za.net> wrote:> [2019/04/10 10:09:48.043212, 1, pid=15234, effective(0, 0), real(0, > 0), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > wbint_GetNssInfo: struct wbint_GetNssInfo > out: struct wbint_GetNssInfo > info : * > info: struct wbint_userinfo > domain_name : * > domain_name : 'JEOFFICE' > acct_name : * > acct_name : 'ianc' > full_name : NULL > homedir : * > homedir : '/home/%D/%U' > shell : * > shell : '/bin/bash' > uid : 0x000000000030d97f > (3201407) > primary_gid : 0x00000000ffffffff > (4294967295) > primary_group_name : NULL > user_sid : <RED>-1407 > group_sid : <RED>-513 > result : > NT_STATUS_REQUEST_NOT_ACCEPTED > > Is this last "NT_STATUS_REQUEST_NOT_ACCEPTED" maybe the problem?I would say it is the problem, but not the reason The users SID is found '<RED>-1407' and the group SID is '<RED>-513' The users uid is '3201407' but the primary_gid is '4294967295' and the 'primary_group_name' is null. I would have expected '3200513' and 'Domain Users' for the last two. Is it possible you can share the AD objects for 'ianc' & 'Domain Users' with me, offlist if necessary. Rowland
Ian Coetzee
2019-Apr-10 13:36 UTC
[Samba] chown: changing ownership of 'test': Invalid argument
On Wed, 10 Apr 2019 at 13:11, Rowland Penny <rpenny at samba.org> wrote:> On Wed, 10 Apr 2019 12:13:07 +0200 > Ian Coetzee <samba at iancoetzee.za.net> wrote: > > > > [2019/04/10 10:09:48.043212, 1, pid=15234, effective(0, 0), real(0, > > 0), class=rpc_parse] ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > > wbint_GetNssInfo: struct wbint_GetNssInfo > > out: struct wbint_GetNssInfo > > info : * > > info: struct wbint_userinfo > > domain_name : * > > domain_name : 'JEOFFICE' > > acct_name : * > > acct_name : 'ianc' > > full_name : NULL > > homedir : * > > homedir : '/home/%D/%U' > > shell : * > > shell : '/bin/bash' > > uid : 0x000000000030d97f > > (3201407) > > primary_gid : 0x00000000ffffffff > > (4294967295) > > primary_group_name : NULL > > user_sid : <RED>-1407 > > group_sid : <RED>-513 > > result : > > NT_STATUS_REQUEST_NOT_ACCEPTED > > > > Is this last "NT_STATUS_REQUEST_NOT_ACCEPTED" maybe the problem? > > I would say it is the problem, but not the reason > > The users SID is found '<RED>-1407' and the group SID is '<RED>-513' > The users uid is '3201407' but the primary_gid is '4294967295' and the > 'primary_group_name' is null. > I would have expected '3200513' and 'Domain Users' for the last two. > > Is it possible you can share the AD objects for 'ianc' & 'Domain Users' > with me, offlist if necessary. > > Rowland > > > >Hi Rowland, I have sent you an email with an ldif export, as made by ldapsearch, attached. Hope it helps :) Kind regards
L.P.H. van Belle
2019-Apr-10 14:13 UTC
[Samba] chown: changing ownership of 'test': Invalid argument
Gid 4294967295 = Nobody (32-bit) Thats your problem. A problem in the nss mappings. https://lists.samba.org/archive/samba/2017-January/205672.html Is the a simular thread to your problem, ready it. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Ian > Coetzee via samba > Verzonden: woensdag 10 april 2019 15:37 > Aan: Rowland Penny > CC: samba at lists.samba.org > Onderwerp: Re: [Samba] chown: changing ownership of 'test': > Invalid argument > > On Wed, 10 Apr 2019 at 13:11, Rowland Penny <rpenny at samba.org> wrote: > > > On Wed, 10 Apr 2019 12:13:07 +0200 > > Ian Coetzee <samba at iancoetzee.za.net> wrote: > > > > > > > [2019/04/10 10:09:48.043212, 1, pid=15234, effective(0, > 0), real(0, > > > 0), class=rpc_parse] > ../librpc/ndr/ndr.c:471(ndr_print_function_debug) > > > wbint_GetNssInfo: struct wbint_GetNssInfo > > > out: struct wbint_GetNssInfo > > > info : * > > > info: struct wbint_userinfo > > > domain_name : * > > > domain_name : 'JEOFFICE' > > > acct_name : * > > > acct_name : 'ianc' > > > full_name : NULL > > > homedir : * > > > homedir : '/home/%D/%U' > > > shell : * > > > shell : '/bin/bash' > > > uid : > 0x000000000030d97f > > > (3201407) > > > primary_gid : > 0x00000000ffffffff > > > (4294967295) > > > primary_group_name : NULL > > > user_sid : <RED>-1407 > > > group_sid : <RED>-513 > > > result : > > > NT_STATUS_REQUEST_NOT_ACCEPTED > > > > > > Is this last "NT_STATUS_REQUEST_NOT_ACCEPTED" maybe the problem? > > > > I would say it is the problem, but not the reason > > > > The users SID is found '<RED>-1407' and the group SID is '<RED>-513' > > The users uid is '3201407' but the primary_gid is > '4294967295' and the > > 'primary_group_name' is null. > > I would have expected '3200513' and 'Domain Users' for the last two. > > > > Is it possible you can share the AD objects for 'ianc' & > 'Domain Users' > > with me, offlist if necessary. > > > > Rowland > > > > > > > > > Hi Rowland, > > I have sent you an email with an ldif export, as made by ldapsearch, > attached. Hope it helps :) > > Kind regards > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Maybe Matching Threads
- chown: changing ownership of 'test': Invalid argument
- chown: changing ownership of 'test': Invalid argument
- chown: changing ownership of 'test': Invalid argument
- chown: changing ownership of 'test': Invalid argument
- chown: changing ownership of 'test': Invalid argument