samba - Nov 2024 - Very strange: Samba is unable to access one of its own files

Op 12-11-2024 om 15:06 schreef John R. Graham:
> > but I don't know how to map that to a machine. Meanwhile, I'm
> > reading up on the idmap_nss plugin.
If you are using Debian, just install the libpam-winbind and
libnss-winbind packages, open /etc/nsswitch.conf in your favourite
editor and ensure that the passwd & group lines contain 'winbind'.

Rowland

On 11/12/24 09:35, Rowland Penny via samba wrote:
> If you are using Debian, just install the libpam-winbind and
> libnss-winbind packages, open /etc/nsswitch.conf in your favourite
> editor and ensure that the passwd & group lines contain
'winbind'.
>
> Rowland
It's Gentoo so I'm setting it up myself, which is fine, but I've
messed
up something apparently. This is an AD/DC setup, by the way. In the 
process of setting up winbind, I've created a situation that I don't 
know how to get out of. Lots of (but not all) routine samba-tool 
commands are throwing fatal errors now. For instance,

ceres ~ # samba-tool dns query ceres samdom.example.com @ ALL
dos charset 'CP850' unavailable - using ASCII
convert_string_talloc: Conversion not supported.
ndr_pull_charset: ndr_pull_error(Character Conversion Error): Bad 
character conversion at ../../librpc/ndr/ndr_string.c:703
Failed to bind to uuid e1af8308-5d1f-11c9-91a4-08002b14a0fa for 
ncacn_ip_tcp:192.168.123.250[135,target_hostname=ceres,abstract_syntax=e1af8308-5d1f-11c9-91a4-08002b14a0fa/0x00000003,localaddress=192.168.123.250]
NT_STATUS_INVALID_PARAMETER

I get the CP850 warning whether or not the nls_cp580 module is loaded.

Simultaneously, the $(wbinfo -u) command is reporting no users, which is 
causing trouble for the dhcp-dyndns.sh script.

My /etc/nsswitch.conf looks like:

# In alphabetical order. Re-order as required to optimize performance.
aliases:??? files
ethers:???? files
group:????? files winbind
gshadow:??? files
hosts:????? files dns
# Allow initgroups to default to the setting for group.
# initgroups: files
netgroup:?? files
networks:?? files dns
passwd:???? files winbind
protocols:? files
publickey:? files
rpc:??????? files
shadow:???? files
services:?? files

My /etc/samba/smb.conf looks like:

# Global parameters
[global]
 ??? dns forwarder = 8.8.8.8 75.75.75.75
 ??? netbios name = CERES
 ??? realm = SAMDOM.EXAMPLE.COM
 ??? server role = active directory domain controller
 ??? workgroup = SAMDOM
 ??? idmap_ldb:use rfc2307 = yes
 ??? kerberos method = secrets and keytab
 ??? winbind refresh tickets = yes
 ??? ldap server require strong auth = no
 ??? unix charset = LOCALE
 ??? # username map = /etc/samba/smbusers
 ??? log level = 1

 ??? # dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool

 ??? # Winbindd setup for shares:
 ??? # template shell = /bin/bash
 ??? # template homedir = /home/%U

 ??? # idmap_nss plugin setup:
 ??? idmap config * : backend = tdb
 ??? idmap config * : range = 1000000-3999999

 ??? idmap config SAMBA : backend? = nss
 ??? idmap config SAMBA : range = 1000-999999

[sysvol]
 ??? path = /var/lib/samba/sysvol
 ??? read only = No

[netlogon]
 ??? path = /var/lib/samba/sysvol/samdom.example.com/scripts
 ??? read only = No

Does any of this look familiar?

- John