thr3ads.net - samba - [Samba] Client Group Policy: talloc

If this information is useful, please help other people find it:
Share via:

Roy Eastwood

2021-Mar-11 12:24 UTC

[Samba] Client Group Policy: talloc_free error

Hi,
I am trying to test out the use of Group Policy for winbind clients as added in
the latest samba version: 4.14.0    Following the
WiKi at https://wiki.samba.org/index.php/Group_Policy I have set up a client
(running Debian Buster and Samba 4.14.0 from Louis'
repo) by adding the required line to the global section of smb.conf (apply group
policies = yes).    The domain controllers have
also been updated to 4.14.0 and the samba admx file has been added to sysvol.  
I have configured a setting for smb.conf using the
Group Policy Editor from Windows and the client machine has been added to an OU
with the policy applied.   I have restarted smbd and
winbind on the client.   When I enter samba-gpupdate I get the following error:

root at moggy:~# samba-gpupdate
ERROR: talloc_free with references at ../../libgpo/pygpo.c:481
        reference at ../../pytalloc_util.c:164
        reference at ../../pytalloc_util.c:164
        reference at ../../pytalloc_util.c:164
Failed downloading gpt cache from 'pi-dc.microlynx.org' using SMB

If I provide the Administrator user and password the error changes to:
root at moggy:~# samba-gpupdate -Uadministrator
Password for [MICROLYNX\administrator]:
ERROR: talloc_free with references at ../../libgpo/pygpo.c:481
        reference at ../../pytalloc_util.c:164
        reference at ../../pytalloc_util.c:164
ltdb: tdb(/var/lib/samba/private/sam.ldb): tdb_open_ex: could not open file
/var/lib/samba/private/sam.ldb: No such file or
directory

Unable to open tdb '/var/lib/samba/private/sam.ldb': No such file or
directory
Failed to connect to 'tdb:///var/lib/samba/private/sam.ldb' with backend
'tdb': Unable to open tdb '/var/lib/samba/private/sam.ldb':
No such file or directory
Failed to apply extension  <class
'samba.gp_sec_ext.gp_access_ext'>
Message was: Failed to load SamDB for assigning Group Policy

A reboot of the client did not improve matters.     I tried adding the line:
'allow group policies = yes' to the domain controllers'
smb.conf but that did not make any difference either.      I am obviously
missing something, any advice will be appreciated.

Roy

Roy Eastwood

2021-Mar-12 08:57 UTC

head link

[Samba] Client Group Policy: talloc_free error

Since I added the GPO below I now get the following messages in syslog on the
client machine (MOGGY):
Mar 12 00:18:17 moggy winbindd[620]: [2021/03/12 00:18:17.054799,  0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Mar 12 00:18:17 moggy winbindd[620]:   /usr/sbin/samba-gpupdate:
add_local_groups: SID
S-1-5-21-4012640977-2272627666-3977488320-5102 -> getpwuid(15102) failed, is
nsswitch configured?
Mar 12 00:18:17 moggy winbindd[620]: [2021/03/12 00:18:17.056451,  0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Mar 12 00:18:17 moggy winbindd[620]:   /usr/sbin/samba-gpupdate: Traceback (most
recent call last):
Mar 12 00:18:17 moggy winbindd[620]: [2021/03/12 00:18:17.056569,  0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Mar 12 00:18:17 moggy winbindd[620]:   /usr/sbin/samba-gpupdate:   File
"/usr/sbin/samba-gpupdate", line 103, in <module>
Mar 12 00:18:17 moggy winbindd[620]: [2021/03/12 00:18:17.056599,  0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Mar 12 00:18:17 moggy winbindd[620]:   /usr/sbin/samba-gpupdate:    
apply_gp(lp, creds, logger, store, gp_extensions, opts.force)
Mar 12 00:18:17 moggy winbindd[620]: [2021/03/12 00:18:17.056625,  0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Mar 12 00:18:17 moggy winbindd[620]:   /usr/sbin/samba-gpupdate:   File
"/usr/lib/python3/dist-packages/samba/gpclass.py", line 437,
in apply_gp
Mar 12 00:18:17 moggy winbindd[620]: [2021/03/12 00:18:17.056652,  0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Mar 12 00:18:17 moggy winbindd[620]:   /usr/sbin/samba-gpupdate:     gpos =
get_gpo_list(dc_hostname, creds, lp)
Mar 12 00:18:17 moggy winbindd[620]: [2021/03/12 00:18:17.056677,  0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Mar 12 00:18:17 moggy winbindd[620]:   /usr/sbin/samba-gpupdate:   File
"/usr/lib/python3/dist-packages/samba/gpclass.py", line 370,
in get_gpo_list
Mar 12 00:18:17 moggy winbindd[620]: [2021/03/12 00:18:17.056733,  0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Mar 12 00:18:17 moggy winbindd[620]:   /usr/sbin/samba-gpupdate:     gpos =
ads.get_gpo_list(creds.get_username())
Mar 12 00:18:17 moggy winbindd[620]: [2021/03/12 00:18:17.056768,  0]
../../lib/util/util_runcmd.c:352(samba_runcmd_io_handler)
Mar 12 00:18:17 moggy winbindd[620]:   /usr/sbin/samba-gpupdate: RuntimeError:
Failed to get machine token for
'MOGGY$'(CN=MOGGY,OU=debian,DC=microlynx,DC=org): The specified account
does not exist.

Any ideas how to fix this?

TIA,

Roy

ON 11 March 2021 12:24 Roy Eastwood wrote:> Hi,
> I am trying to test out the use of Group Policy for winbind clients as
added in the latest samba version: 4.14.0    Following the
> WiKi at https://wiki.samba.org/index.php/Group_Policy I have set up a
client (running Debian Buster and Samba 4.14.0 from Louis'
> repo) by adding the required line to the global section of smb.conf (apply
group policies = yes).    The domain controllers have
> also been updated to 4.14.0 and the samba admx file has been added to
sysvol.   I have configured a setting for smb.conf using the
> Group Policy Editor from Windows and the client machine has been added to
an OU with the policy applied.   I have restarted smbd
> and
> winbind on the client.   When I enter samba-gpupdate I get the following
error:
> 
> root at moggy:~# samba-gpupdate
> ERROR: talloc_free with references at ../../libgpo/pygpo.c:481
>         reference at ../../pytalloc_util.c:164
>         reference at ../../pytalloc_util.c:164
>         reference at ../../pytalloc_util.c:164
> Failed downloading gpt cache from 'pi-dc.microlynx.org' using SMB
> 
> If I provide the Administrator user and password the error changes to:
> root at moggy:~# samba-gpupdate -Uadministrator
> Password for [MICROLYNX\administrator]:
> ERROR: talloc_free with references at ../../libgpo/pygpo.c:481
>         reference at ../../pytalloc_util.c:164
>         reference at ../../pytalloc_util.c:164
> ltdb: tdb(/var/lib/samba/private/sam.ldb): tdb_open_ex: could not open file
/var/lib/samba/private/sam.ldb: No such file or
> directory
> 
> Unable to open tdb '/var/lib/samba/private/sam.ldb': No such file
or directory
> Failed to connect to 'tdb:///var/lib/samba/private/sam.ldb' with
backend 'tdb': Unable to open tdb
'/var/lib/samba/private/sam.ldb':> No such file or directory
> Failed to apply extension  <class
'samba.gp_sec_ext.gp_access_ext'>
> Message was: Failed to load SamDB for assigning Group Policy
> 
> A reboot of the client did not improve matters.     I tried adding the
line: 'allow group policies = yes' to the domain
controllers'> smb.conf but that did not make any difference either.      I am obviously
missing something, any advice will be appreciated.
> 
> Roy

samba - Mar 2021 - Client Group Policy: talloc_free error

[Samba] Client Group Policy: talloc_free error

[Samba] Client Group Policy: talloc_free error