samba - Jan 2016 - samba4 as ADS member: some users visible, others not

Am 2015-12-29 um 18:59 schrieb Rowland penny:
> NO! This will give you precisely 0 users
> 
> config * == the range the 'builtin' users will be mapped to.
> config customer == the range for all the domain users that have a
> uidNumber attribute. If a user doesn't have a uidNumber attribute
> containing a number inside the range set in smb.conf (in your case
> 10000-999999) it will be ignored, the user will also be ignored if it
> doesn't have a uidNumber attribute. There is also another gotchya, the
> 'Domain Users' group *must* have a gidNumber attribute inside the
range,
> or all users will be ignored even if they have a uidNumber attribute.
> 
> This all boils down to, have you manually given your users & groups the
> required uidNumber & gidNumber attributes ? they are not added
> automatically, they must be added manually.
Thanks a lot for that explanation.
I read it after it started working here yesterday so excuse my late
reply. I never understood it the way you described it above, this would
have helped me with other servers earlier as well.

thanks, Stefan

Am 2015-12-30 um 10:40 schrieb Stefan G. Weichinger:
> Thanks a lot for that explanation.
> I read it after it started working here yesterday so excuse my late
> reply. I never understood it the way you described it above, this would
> have helped me with other servers earlier as well.
Maybe off topic or another issue, but I add it to this thread as it
affects the same server.

The admin there sees problems in accessing shares, he gets something
like timeouts and slow behavior, as if some smbd times out and/or crashes.

I scanned the logs and find this:

[2016/01/04 11:02:44.195333,  2] ../source3/smbd/service.c:1140(close_cnum)
  p10006 (ipv4:10.1.9.198:52680) closed connection to service it
[2016/01/04 11:02:44.195467,  2] ../source3/smbd/service.c:1140(close_cnum)
[2016/01/04 11:02:44.195487,  0]
../source3/lib/popt_common.c:68(popt_s3_talloc_log_fn)
  Bad talloc magic value - unknown value
[2016/01/04 11:02:44.195542,  0] ../source3/lib/util.c:789(smb_panic_s3)
  PANIC (pid 10994): Bad talloc magic value - unknown value
[2016/01/04 11:02:44.196448,  0] ../source3/lib/util.c:900(log_stack_trace)
  BACKTRACE: 35 stack frames:
   #0 /lib64/libsmbconf.so.0(log_stack_trace+0x1a) [0x7f80860ff9ea]
   #1 /lib64/libsmbconf.so.0(smb_panic_s3+0x20) [0x7f80860ffac0]
   #2 /lib64/libsamba-util.so.0(smb_panic+0x2f) [0x7f80881a35af]
   #3 /lib64/libtalloc.so.2(talloc_check_name+0x69) [0x7f8084d4bb59]
   #4 /usr/lib64/samba/libsamba-sockets-samba4.so(+0xd4e0) [0x7f8085cc44e0]
   #5 /usr/lib64/samba/libsmbd-base-samba4.so(close_cnum+0x225)
[0x7f8087d7c385]
   #6
/usr/lib64/samba/libsmbd-base-samba4.so(smbXsrv_tcon_disconnect+0x12c)
[0x7f8087da4cfc]
   #7 /usr/lib64/samba/libsmbd-base-samba4.so(+0x16c000) [0x7f8087da5000]
   #8 /lib64/libtalloc.so.2(+0xa7fb) [0x7f8084d517fb]
   #9 /lib64/libtalloc.so.2(+0xa40b) [0x7f8084d5140b]
   #10 /lib64/libtalloc.so.2(+0xa40b) [0x7f8084d5140b]
   #11 /lib64/libtalloc.so.2(+0xa40b) [0x7f8084d5140b]
   #12 /lib64/libtalloc.so.2(_talloc_free+0xeb) [0x7f8084d4afbb]
   #13 /usr/lib64/samba/libsmbd-base-samba4.so(+0x16ef58) [0x7f8087da7f58]
   #14 /usr/lib64/samba/libsmbd-base-samba4.so(+0x16f3ae) [0x7f8087da83ae]
   #15 /usr/lib64/samba/libsmbd-shim-samba4.so(exit_server_cleanly+0x12)
[0x7f8085ab4bb2]
   #16
/usr/lib64/samba/libsmbd-base-samba4.so(smbd_server_connection_terminate_ex+0x20)
[0x7f8087d87ec0]
   #17 /usr/lib64/samba/libsmbd-base-samba4.so(+0x157806) [0x7f8087d90806]
   #18
/usr/lib64/samba/libsmbd-base-samba4.so(smbd_smb2_request_pending_queue+0x57)
[0x7f8087d88f47]
   #19
/usr/lib64/samba/libsmbd-base-samba4.so(smbd_smb2_request_process_tcon+0x2e4)
[0x7f8087d90b14]
   #20
/usr/lib64/samba/libsmbd-base-samba4.so(smbd_smb2_request_dispatch+0x1382)
[0x7f8087d8aa72]
   #21 /usr/lib64/samba/libsmbd-base-samba4.so(+0x15309b) [0x7f8087d8c09b]
   #22 /lib64/libsmbconf.so.0(run_events_poll+0x167) [0x7f8086115367]
   #23 /lib64/libsmbconf.so.0(+0x355c7) [0x7f80861155c7]
   #24 /lib64/libtevent.so.0(_tevent_loop_once+0x8d) [0x7f8084b3c38d]
   #25 /lib64/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7f8084b3c52b]
   #26 /usr/lib64/samba/libsmbd-base-samba4.so(smbd_process+0x740)
[0x7f8087d79720]
   #27 /usr/sbin/smbd(+0x9802) [0x559a31f82802]
   #28 /lib64/libsmbconf.so.0(run_events_poll+0x167) [0x7f8086115367]
   #29 /lib64/libsmbconf.so.0(+0x355c7) [0x7f80861155c7]
   #30 /lib64/libtevent.so.0(_tevent_loop_once+0x8d) [0x7f8084b3c38d]
   #31 /lib64/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7f8084b3c52b]
   #32 /usr/sbin/smbd(main+0x1899) [0x559a31f80a79]
   #33 /lib64/libc.so.6(__libc_start_main+0xf0) [0x7f8084797580]
   #34 /usr/sbin/smbd(_start+0x29) [0x559a31f80b79]
[2016/01/04 11:02:44.204972,  0] ../source3/lib/dumpcore.c:318(dump_core)
  dumping core in /var/log/samba/cores/smbd
[2016/01/04 11:02:46.031923,  1]
../source3/smbd/server.c:486(remove_child_pid)
  Scheduled cleanup of brl and lock database after unclean shutdown
[2016/01/04 11:03:06.034312,  1]
../source3/smbd/server.c:429(cleanup_timeout_fn)
  Cleaning up brl and lock database after unclean shutdown

---

The server and samba is up-to-date today, latest fedora 23 packages.

The/one problematic share for him:

[homes]
	comment = Home Directories
	valid users = CUSTOMER\%S
	read only = No
	inherit acls = Yes
	hosts allow = 10.1.9. 172.32.99. 127.0.0.1 # his and my LAN
	browseable = No

Does anyone know that issue and can help me out?

Thanks, Stefan

Can someone point me at how the machine account plays into permitting
access here?

[it]
	path = /mnt/data/samba/data/it
	valid users = CUSTOMER\sgw CUSTOMER\fhäu @CUSTOMER\edv
	read only = No
	browseable = No

A user out of the group "edv" uses the PC "p10013".
Sometimes he gets
access, sometimes not.

Logs show:

(a)

check_ntlm_password:  authentication for user [P10013$] -> [P10013$] ->
[LIETZ\p10013$] succeeded
  user 'LIETZ\p10013$' (from session setup) not permitted to access this
share (it)

(b)

p10013 (ipv4:10.1.9.169:54684) connect to service it initially as user
CUSTOMER\xy