Hi,
We are running test migration on the following environment in preparation for
the prod migration. Any suggestions will be grealty appreciated.
OS: Ubuntu18.04
Hypervisor: Proxmox Container (LXC)
Samba Version 4.6.7
DNS: BIND9_DLZ
AD and File server in the same server. Have gone through the Samba documentation
regarding this
We get the following when adding a machine (Windows 7) to the newly migrated
domain.
The specified network name is no longer available
The smbd logs has the following
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2019/05/06 02:25:02.561200, 4] ../source3/lib/privileges.c:98(get_privileges)
get_privileges: No privileges assigned to SID
[S-1-5-21-3936576374-1604348213-1812465911-501]
[2019/05/06 02:25:02.561246, 4] ../source3/lib/privileges.c:98(get_privileges)
get_privileges: No privileges assigned to SID
[S-1-5-21-3936576374-1604348213-1812465911-514]
[2019/05/06 02:25:02.561271, 4] ../source3/lib/privileges.c:98(get_privileges)
get_privileges: No privileges assigned to SID [S-1-22-2-65534]
[2019/05/06 02:25:02.561297, 4] ../source3/lib/privileges.c:98(get_privileges)
get_privileges: No privileges assigned to SID [S-1-5-2]
[2019/05/06 02:25:02.561325, 4] ../source3/lib/privileges.c:98(get_privileges)
get_privileges: No privileges assigned to SID [S-1-5-32-546]
[2019/05/06 02:25:02.561417, 3] ../source3/lib/util.c:1580(set_maxfiles)
set_maxfiles: setrlimit for RLIMIT_NOFILE for 16424 max files failed with
error Operation not permitted
[2019/05/06 02:25:02.561446, 1] ../source3/smbd/files.c:218(file_init_global)
file_init_global: Information only: requested 16384 open files, 4056 are
available.
[2019/05/06 02:25:02.561709, 3]
../source3/rpc_server/svcctl/srv_svcctl_reg.c:565(svcctl_init_winreg)
Initialise the svcctl registry keys if needed.
[2019/05/06 02:25:02.604284, 2]
../lib/util/tevent_debug.c:66(samba_tevent_debug)
samba_tevent: EPOLL_CTL_DEL EBADF for fde[0x563f0ea2c850] mpx_fde[(nil)]
fd[15] - disabling
[2019/05/06 02:25:50.864718, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.14.153 (192.168.14.153)
[2019/05/06 02:25:51.019398, 3] ../source3/smbd/server.c:872(remove_child_pid)
../source3/smbd/server.c:872 Unclean shutdown of pid 543
[2019/05/06 02:25:51.020295, 1] ../source3/smbd/server.c:881(remove_child_pid)
Scheduled cleanup of brl and lock database after unclean shutdown
[2019/05/06 02:26:05.961525, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.14.153 (192.168.14.153)
[2019/05/06 02:26:06.053086, 3] ../source3/smbd/server.c:872(remove_child_pid)
../source3/smbd/server.c:872 Unclean shutdown of pid 552
[2019/05/06 02:26:11.024987, 1]
../source3/smbd/smbd_cleanupd.c:99(smbd_cleanupd_unlock)
smbd_cleanupd_unlock: Cleaning up brl and lock database after unclean shutdown
The associated machine log has
[2019/05/06 02:25:50.999094, 3]
../source3/smbd/password.c:144(register_homes_share)
Adding homes service for user 'LIN\Administrator' using home
directory: '/home/LIN/administrator'
[2019/05/06 02:25:50.999214, 3] ../source3/param/loadparm.c:1560(lp_add_home)
adding home's share [Administrator] for user 'LIN\Administrator'
at '/data/home/%U/samba'
[2019/05/06 02:25:51.000977, 4]
../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2019/05/06 02:25:51.001127, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.14.153 (192.168.14.153)
[2019/05/06 02:25:51.001202, 3]
../source3/smbd/service.c:595(make_connection_snum)
Connect path is '/tmp' for service [IPC$]
[2019/05/06 02:25:51.001240, 3] ../source3/smbd/vfs.c:113(vfs_init_default)
Initialising default vfs hooks
[2019/05/06 02:25:51.001262, 3] ../source3/smbd/vfs.c:139(vfs_init_custom)
Initialising custom vfs hooks from [/[Default VFS]/]
[2019/05/06 02:25:51.001283, 3] ../source3/smbd/vfs.c:139(vfs_init_custom)
Initialising custom vfs hooks from [acl_xattr]
[2019/05/06 02:25:51.003453, 3]
../lib/util/modules.c:167(load_module_absolute_path)
load_module_absolute_path: Module
'/usr/lib/x86_64-linux-gnu/samba/vfs/acl_xattr.so' loaded
[2019/05/06 02:25:51.003499, 3] ../source3/smbd/vfs.c:139(vfs_init_custom)
Initialising custom vfs hooks from [dfs_samba4]
[2019/05/06 02:25:51.009724, 3]
../lib/util/modules.c:167(load_module_absolute_path)
load_module_absolute_path: Module
'/usr/lib/x86_64-linux-gnu/samba/vfs/dfs_samba4.so' loaded
[2019/05/06 02:25:51.009808, 2]
../source3/modules/vfs_acl_xattr.c:236(connect_acl_xattr)
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode =
true' and 'force unknown acl user = true' for service IPC$
[2019/05/06 02:25:51.011174, 4]
../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
setting sec ctx (0, 100) - sec_ctx_stack_ndx = 0
[2019/05/06 02:25:51.011225, 0] ../source3/lib/util.c:815(smb_panic_s3)
PANIC (pid 543): sys_setgroups failed
Smb.conf
[global]
workgroup = LIN
realm = LIN.COM
netbios name = LINSERVER01
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
log file = /var/log/samba/log.%m
log level = 4
winbind nss info = rfc2307
winbind enum users = yes
winbind enum groups = yes
acl allow execute always = True
server services = -dns
allow dns updates = nonsecure
idmap config * : backend = tdb
idmap config * : range = 4000-7999
idmap config LIN:backend = ad
idmap config LIN:schema_mode = rfc2307
idmap config LIN:range = 10000-999999
root at linserver01:/migration/ad# service --status-all
[ + ] apparmor
[ + ] bind9
[ - ] console-setup.sh
[ + ] cron
[ + ] dbus
[ - ] hwclock.sh
[ - ] irqbalance
[ - ] keyboard-setup.sh
[ + ] kmod
[ - ] nmbd
[ - ] plymouth
[ - ] plymouth-log
[ + ] postfix
[ + ] procps
[ - ] rsync
[ + ] rsyslog
[ + ] samba-ad-dc
[ - ] smbd
[ + ] ssh
[ + ] udev
[ + ] ufw
[ - ] urandom
[ - ] uuidd
[ - ] winbind
[ - ] x11-common
We are seeing issues with winbind
* winbind.service - Samba Winbind Daemon
Loaded: loaded (/lib/systemd/system/winbind.service; enabled; vendor preset:
enabled)
Active: failed (Result: exit-code) since Mon 2019-05-06 02:14:54 UTC; 22min
ago
Docs: man:winbindd(8)
man:samba(7)
man:smb.conf(5)
Process: 145 ExecStart=/usr/sbin/winbindd --foreground --no-process-group
$WINBINDOPTIONS (code=exited, status=1/FAILURE)
Main PID: 145 (code=exited, status=1/FAILURE)
May 06 02:14:54 linserver01 systemd[1]: Starting Samba Winbind Daemon...
May 06 02:14:54 linserver01 systemd[1]: winbind.service: Main process exited,
code=exited, status=1/FAILURE
May 06 02:14:54 linserver01 systemd[1]: winbind.service: Failed with result
'exit-code'.
May 06 02:14:54 linserver01 systemd[1]: Failed to start Samba Winbind Daemon.
The following in nsswitch
passwd: files winbind
group: files winbind
shadow: compat
gshadow: files
Regards,
Praveen Ghimire
On Mon, 6 May 2019 02:51:18 +0000 Praveen Ghimire via samba <samba at lists.samba.org> wrote:> From: Praveen Ghimire via samba <samba at lists.samba.org> > To: "samba at lists.samba.org" <samba at lists.samba.org> > Subject: [Samba] Doman join issues > Date: Mon, 6 May 2019 02:51:18 +0000 > Reply-To: Praveen Ghimire <PGhimire at sundata.com.au> > Sender: "samba" <samba-bounces at lists.samba.org> > > Hi, > > We are running test migration on the following environment in > preparation for the prod migration. Any suggestions will be grealty > appreciated. > > OS: Ubuntu18.04 > Hypervisor: Proxmox Container (LXC) > Samba Version 4.6.7 > DNS: BIND9_DLZ > AD and File server in the same server. Have gone through the Samba > documentation regarding thisObviously not well enough, or the warnings are not obvious enough ;-)> Smb.conf > > [global] > workgroup = LIN > realm = LIN.COM > netbios name = LINSERVER01 > server role = active directory domain controller > idmap_ldb:use rfc2307 = yes > log file = /var/log/samba/log.%m > log level = 4 > acl allow execute always = True > server services = -dns > allow dns updates = nonsecureThe above lines are okay for a DC> winbind enum users = yes > winbind enum groups = yesThe above lines just slow things down and should only be used for testing purposes.> winbind nss info = rfc2307 > idmap config * : backend = tdb > idmap config * : range = 4000-7999 > idmap config LIN:backend = ad > idmap config LIN:schema_mode = rfc2307 > idmap config LIN:range = 10000-999999The above lines have no place on a DC, even if you are using it as a fileserver.> We are seeing issues with winbind > > * winbind.service - Samba Winbind Daemon > Loaded: loaded (/lib/systemd/system/winbind.service; enabled; > vendor preset: enabled) Active: failed (Result: exit-code) since Mon > 2019-05-06 02:14:54 UTC; 22min ago Docs: man:winbindd(8) > man:samba(7) > man:smb.conf(5) > Process: 145 ExecStart=/usr/sbin/winbindd --foreground > --no-process-group $WINBINDOPTIONS (code=exited, status=1/FAILURE) > Main PID: 145 (code=exited, status=1/FAILURE) > > May 06 02:14:54 linserver01 systemd[1]: Starting Samba Winbind > Daemon... May 06 02:14:54 linserver01 systemd[1]: winbind.service: > Main process exited, code=exited, status=1/FAILURE May 06 02:14:54 > linserver01 systemd[1]: winbind.service: Failed with result > 'exit-code'. May 06 02:14:54 linserver01 systemd[1]: Failed to start > Samba Winbind Daemon.There is an obvious way to stop the above, stop trying to start winbind yourself and allow Samba to do it for you. Rowland
Hi Rowland,
I get the same error messages even with the following smb.conf, generated by the
migration process.
[global]
workgroup = LIN
realm = LIN.COM
netbios name = LINSERVER01
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
idmap_ldb:use rfc2307 = yes
log file = /var/log/samba/log.%m
log level = 4
[netlogon]
path = /var/lib/samba/sysvol/lin.com/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
Regards,
Praveen Ghimire
-----Original Message-----
From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny
via samba
Sent: Monday, 6 May 2019 4:47 PM
To: samba at lists.samba.org
Subject: Re: [Samba] Doman join issues
On Mon, 6 May 2019 02:51:18 +0000
Praveen Ghimire via samba <samba at lists.samba.org> wrote:
> From: Praveen Ghimire via samba <samba at lists.samba.org>
> To: "samba at lists.samba.org" <samba at lists.samba.org>
> Subject: [Samba] Doman join issues
> Date: Mon, 6 May 2019 02:51:18 +0000
> Reply-To: Praveen Ghimire <PGhimire at sundata.com.au>
> Sender: "samba" <samba-bounces at lists.samba.org>
>
> Hi,
>
> We are running test migration on the following environment in
> preparation for the prod migration. Any suggestions will be grealty
> appreciated.
>
> OS: Ubuntu18.04
> Hypervisor: Proxmox Container (LXC)
> Samba Version 4.6.7
> DNS: BIND9_DLZ
> AD and File server in the same server. Have gone through the Samba
> documentation regarding this
Obviously not well enough, or the warnings are not obvious enough ;-)
> Smb.conf
>
> [global]
> workgroup = LIN
> realm = LIN.COM
> netbios name = LINSERVER01
> server role = active directory domain controller
> idmap_ldb:use rfc2307 = yes
> log file = /var/log/samba/log.%m
> log level = 4
> acl allow execute always = True
> server services = -dns
> allow dns updates = nonsecure
The above lines are okay for a DC
> winbind enum users = yes
> winbind enum groups = yes
The above lines just slow things down and should only be used for testing
purposes.
> winbind nss info = rfc2307
> idmap config * : backend = tdb
> idmap config * : range = 4000-7999
> idmap config LIN:backend = ad
> idmap config LIN:schema_mode = rfc2307
> idmap config LIN:range = 10000-999999
The above lines have no place on a DC, even if you are using it as a fileserver.
> We are seeing issues with winbind
>
> * winbind.service - Samba Winbind Daemon
> Loaded: loaded (/lib/systemd/system/winbind.service; enabled;
> vendor preset: enabled) Active: failed (Result: exit-code) since Mon
> 2019-05-06 02:14:54 UTC; 22min ago Docs: man:winbindd(8)
> man:samba(7)
> man:smb.conf(5)
> Process: 145 ExecStart=/usr/sbin/winbindd --foreground
> --no-process-group $WINBINDOPTIONS (code=exited, status=1/FAILURE)
> Main PID: 145 (code=exited, status=1/FAILURE)
>
> May 06 02:14:54 linserver01 systemd[1]: Starting Samba Winbind
> Daemon... May 06 02:14:54 linserver01 systemd[1]: winbind.service:
> Main process exited, code=exited, status=1/FAILURE May 06 02:14:54
> linserver01 systemd[1]: winbind.service: Failed with result
> 'exit-code'. May 06 02:14:54 linserver01 systemd[1]: Failed to
start
> Samba Winbind Daemon.
There is an obvious way to stop the above, stop trying to start winbind yourself
and allow Samba to do it for you.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________