Zaphod Beeblebrox
2016-Jul-11 05:32 UTC
[Samba] Successes an failures with Samba 4.3.9 and FreeBSD-10.3
So... I've been running Samba 3.6 for too long and I upgraded. I did save my packages for 3.6, but I don't _think_ I'm going back. Points for the group: - Samba 4.4.x is broken on FreeBSD. I forget exactly, but it seems to be a known problem (tm), so I'll move on. - Whether I use BIND9_DLZ or I use SAMBA_INTERNAL, samba_dnsupdate complains. Strange thing, tho: all the domains seem to lookup fine. I can't exactly find the problem here. - BIG ONE: wbinfo isn't working and (related, for me) idmap isn't either. ... so on that last one, wbinfo -u or -g print nothing (not even errors). wbinfo -D HOME or -t are fine. wbinfo -i adminsitrator prints out the unhelpful [2:282:582]root at vr:/var/log/samba4> wbinfo -i administrator failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user administrator ... which aparently WBC_ERR_DOMAIN_NOT_FOUND is just the default error (or that's what I read in one place). Now... this is pretty bupkis, because ldbsearch finds the SID for administrator _and_ for my login just fine. In addition, ldbedit lets me change my xidNumber. I did so. when I re-ldbedit... it's changed. ... but this doesn't change the uid that files are created with. Sigh. More reading said that there's another SID ... the SID for the "group of me" ... and I have instructions for wbinfo to find that SID so I can ldbedit it. But you see my problem: wbinfo for finding SIDs is broke. Now... I've put my time into this. I've broken out ktrace and log level 10. I've put a whole afternoon into this. Log stuff is a _bit_ interesting. When I wbinfo -i zbeeble, I get: [2016/07/11 01:10:37.408526, 1, pid=24476, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debu g) wbint_LookupName: struct wbint_LookupName in: struct wbint_LookupName domain : * domain : 'HOME' name : * name : 'ZBEEBLE' flags : 0x00000008 (8) [2016/07/11 01:10:37.414175, 1, pid=24476, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug) wbint_LookupName: struct wbint_LookupName out: struct wbint_LookupName type : * type : SID_NAME_USE_NONE (0) sid : * sid : S-0-0 result : NT_STATUS_UNSUCCESSFUL but further on in the file (probably coming from a random SMB file access) I see: Parsing value for key [IDMAP/SID2XID/S-1-5-21-3505373935-2275348003-3197909400-1104]: value=[3000016:B] [2016/07/11 01:10:56.209343, 10, pid=24476, effective(0, 0), real(0, 0)] ../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid) Parsing value for key [IDMAP/SID2XID/S-1-5-21-3505373935-2275348003-3197909400-1104]: id=[3000016], endptr=[:B] [2016/07/11 01:10:56.209352, 10, pid=24476, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/wb_sids2xids.c:106(wb_sids2xids_send) SID 1: S-1-5-21-3505373935-2275348003-3197909400-513 ... which is curious because 3000016 is the wrong, old or automatically assigned UID and the SID there is my SID. ... all very frustrating. At least my Shield TV talks to the box. Sigh.
Rowland penny
2016-Jul-11 08:10 UTC
[Samba] Successes an failures with Samba 4.3.9 and FreeBSD-10.3
See inline comments On 11/07/16 06:32, Zaphod Beeblebrox wrote:> So... I've been running Samba 3.6 for too long and I upgraded. I did save > my packages for 3.6, but I don't _think_ I'm going back. > > Points for the group: > > - Samba 4.4.x is broken on FreeBSD. I forget exactly, but it seems to > be a known problem (tm), so I'll move on.What is wrong with Samba 4.4.x on FreeBSD ?> - Whether I use BIND9_DLZ or I use SAMBA_INTERNAL, samba_dnsupdate > complains. Strange thing, tho: all the domains seem to lookup fine. I > can't exactly find the problem here.I understand this is a known problem and can possibly be 'fixed' by adding 'allow dns updates = nonsecure and secure' to smb.conf on the DC.> - BIG ONE: wbinfo isn't working and (related, for me) idmap isn't either. > > ... so on that last one, wbinfo -u or -g print nothing (not even errors). > wbinfo -D HOME or -t are fine. wbinfo -i adminsitrator prints out the > unhelpfulThis is regression from the 'badlock' patches and should have been fixed in 4.4.3, see release notes here: https://www.samba.org/samba/history/samba-4.4.3.html> > [2:282:582]root at vr:/var/log/samba4> wbinfo -i administrator > failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND > Could not get info for user administrator > > ... which aparently WBC_ERR_DOMAIN_NOT_FOUND is just the default error (or > that's what I read in one place). > > Now... this is pretty bupkis, because ldbsearch finds the SID for > administrator _and_ for my login just fine. In addition, ldbedit lets me > change my xidNumber. I did so. when I re-ldbedit... it's changed.And this where lots of people make the same mistake, don't change the 'xidNumber' attribute in idmap.ldb, add a 'uidNumber' attribute to the users object in sam.ldb. Rowland> > ... but this doesn't change the uid that files are created with. Sigh. > More reading said that there's another SID ... the SID for the "group of > me" ... and I have instructions for wbinfo to find that SID so I can > ldbedit it. But you see my problem: wbinfo for finding SIDs is broke. > > Now... I've put my time into this. I've broken out ktrace and log level > 10. I've put a whole afternoon into this. Log stuff is a _bit_ > interesting. When I wbinfo -i zbeeble, I get: > > [2016/07/11 01:10:37.408526, 1, pid=24476, effective(0, 0), real(0, 0)] > ../librpc/ndr/ndr.c:439(ndr_print_function_debu > g) > wbint_LookupName: struct wbint_LookupName > in: struct wbint_LookupName > domain : * > domain : 'HOME' > name : * > name : 'ZBEEBLE' > flags : 0x00000008 (8) > [2016/07/11 01:10:37.414175, 1, pid=24476, effective(0, 0), real(0, 0)] > ../librpc/ndr/ndr.c:439(ndr_print_function_debug) > wbint_LookupName: struct wbint_LookupName > out: struct wbint_LookupName > type : * > type : SID_NAME_USE_NONE (0) > sid : * > sid : S-0-0 > result : NT_STATUS_UNSUCCESSFUL > > but further on in the file (probably coming from a random SMB file access) > I see: > > Parsing value for key > [IDMAP/SID2XID/S-1-5-21-3505373935-2275348003-3197909400-1104]: > value=[3000016:B] > [2016/07/11 01:10:56.209343, 10, pid=24476, effective(0, 0), real(0, 0)] > ../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid) > Parsing value for key > [IDMAP/SID2XID/S-1-5-21-3505373935-2275348003-3197909400-1104]: > id=[3000016], endptr=[:B] > [2016/07/11 01:10:56.209352, 10, pid=24476, effective(0, 0), real(0, 0), > class=winbind] ../source3/winbindd/wb_sids2xids.c:106(wb_sids2xids_send) > SID 1: S-1-5-21-3505373935-2275348003-3197909400-513 > > ... which is curious because 3000016 is the wrong, old or automatically > assigned UID and the SID there is my SID. > > > ... all very frustrating. > > > At least my Shield TV talks to the box. Sigh.
Zaphod Beeblebrox
2016-Jul-11 16:57 UTC
[Samba] Successes an failures with Samba 4.3.9 and FreeBSD-10.3
On Mon, Jul 11, 2016 at 4:10 AM, Rowland penny <rpenny at samba.org> wrote:> > See inline comments > > On 11/07/16 06:32, Zaphod Beeblebrox wrote: > >> So... I've been running Samba 3.6 for too long and I upgraded. I did save >> my packages for 3.6, but I don't _think_ I'm going back. >> >> Points for the group: >> >> - Samba 4.4.x is broken on FreeBSD. I forget exactly, but it seems to >> be a known problem (tm), so I'll move on. >> > > What is wrong with Samba 4.4.x on FreeBSD ? >Urm... I _think_ it was a build problem. It hit very early on and mailing list traffic from June 2016-ish seem to validate it was a known thing. I don't have an easy place to test as it will refuse to build with 4.3 loaded up. Maybe I'll make a jail after these problems are fixed.> > - Whether I use BIND9_DLZ or I use SAMBA_INTERNAL, samba_dnsupdate >> complains. Strange thing, tho: all the domains seem to lookup fine. >> I >> can't exactly find the problem here. >> > > > I understand this is a known problem and can possibly be 'fixed' by adding > 'allow dns updates = nonsecure and secure' to smb.conf on the DC. >Not in my case. Already have that line.> > >> Now... this is pretty bupkis, because ldbsearch finds the SID for >> administrator _and_ for my login just fine. In addition, ldbedit lets me >> change my xidNumber. I did so. when I re-ldbedit... it's changed. >> > > And this where lots of people make the same mistake, don't change the > 'xidNumber' attribute in idmap.ldb, add a 'uidNumber' attribute to the > users object in sam.ldb. > >uidNumber doesn't work. I ldbedited'd my SID to add that attribute. Then I restarted samba, then I created a file with my workstation. Still has 3000016 rather than 101 as the uid.
David STIEVENARD
2016-Jul-12 01:00 UTC
[Samba] Successes an failures with Samba 4.3.9 and FreeBSD-10.3
Hi On 07/11/2016 04:10 PM, Rowland penny wrote:> > See inline comments > > On 11/07/16 06:32, Zaphod Beeblebrox wrote: >> So... I've been running Samba 3.6 for too long and I upgraded. I did >> save >> my packages for 3.6, but I don't _think_ I'm going back. >> >> Points for the group: >> >> - Samba 4.4.x is broken on FreeBSD. I forget exactly, but it >> seems to >> be a known problem (tm), so I'll move on. > > What is wrong with Samba 4.4.x on FreeBSD ?Here's the info I collected I added this bug, with the package version of 4.4.3_1 on FreeBSD 10.3, the domain provisioning fails https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209787 There is also this bug https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209707 There are in total 38 bugs in the list, and it seems that the port maintainer is quite busy with all of this.> >> - Whether I use BIND9_DLZ or I use SAMBA_INTERNAL, samba_dnsupdate >> complains. Strange thing, tho: all the domains seem to lookup >> fine. I >> can't exactly find the problem here. > > > I understand this is a known problem and can possibly be 'fixed' by > adding 'allow dns updates = nonsecure and secure' to smb.conf on the DC.I confirm, this information made my test work> >> - BIG ONE: wbinfo isn't working and (related, for me) idmap isn't >> either. >> >> ... so on that last one, wbinfo -u or -g print nothing (not even >> errors). >> wbinfo -D HOME or -t are fine. wbinfo -i adminsitrator prints out the >> unhelpful > > This is regression from the 'badlock' patches and should have been > fixed in 4.4.3, see release notes here: > > https://www.samba.org/samba/history/samba-4.4.3.html > >> >> [2:282:582]root at vr:/var/log/samba4> wbinfo -i administrator >> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND >> Could not get info for user administrator >> >> ... which aparently WBC_ERR_DOMAIN_NOT_FOUND is just the default >> error (or >> that's what I read in one place). >> >> Now... this is pretty bupkis, because ldbsearch finds the SID for >> administrator _and_ for my login just fine. In addition, ldbedit >> lets me >> change my xidNumber. I did so. when I re-ldbedit... it's changed. > > And this where lots of people make the same mistake, don't change the > 'xidNumber' attribute in idmap.ldb, add a 'uidNumber' attribute to the > users object in sam.ldb. > > Rowland > >> >> ... but this doesn't change the uid that files are created with. Sigh. >> More reading said that there's another SID ... the SID for the "group of >> me" ... and I have instructions for wbinfo to find that SID so I can >> ldbedit it. But you see my problem: wbinfo for finding SIDs is broke. >> >> Now... I've put my time into this. I've broken out ktrace and log >> level >> 10. I've put a whole afternoon into this. Log stuff is a _bit_ >> interesting. When I wbinfo -i zbeeble, I get: >> >> [2016/07/11 01:10:37.408526, 1, pid=24476, effective(0, 0), real(0, 0)] >> ../librpc/ndr/ndr.c:439(ndr_print_function_debu >> g) >> wbint_LookupName: struct wbint_LookupName >> in: struct wbint_LookupName >> domain : * >> domain : 'HOME' >> name : * >> name : 'ZBEEBLE' >> flags : 0x00000008 (8) >> [2016/07/11 01:10:37.414175, 1, pid=24476, effective(0, 0), real(0, 0)] >> ../librpc/ndr/ndr.c:439(ndr_print_function_debug) >> wbint_LookupName: struct wbint_LookupName >> out: struct wbint_LookupName >> type : * >> type : SID_NAME_USE_NONE (0) >> sid : * >> sid : S-0-0 >> result : NT_STATUS_UNSUCCESSFUL >> >> but further on in the file (probably coming from a random SMB file >> access) >> I see: >> >> Parsing value for key >> [IDMAP/SID2XID/S-1-5-21-3505373935-2275348003-3197909400-1104]: >> value=[3000016:B] >> [2016/07/11 01:10:56.209343, 10, pid=24476, effective(0, 0), real(0, 0)] >> ../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid) >> Parsing value for key >> [IDMAP/SID2XID/S-1-5-21-3505373935-2275348003-3197909400-1104]: >> id=[3000016], endptr=[:B] >> [2016/07/11 01:10:56.209352, 10, pid=24476, effective(0, 0), real(0, 0), >> class=winbind] ../source3/winbindd/wb_sids2xids.c:106(wb_sids2xids_send) >> SID 1: S-1-5-21-3505373935-2275348003-3197909400-513 >> >> ... which is curious because 3000016 is the wrong, old or automatically >> assigned UID and the SID there is my SID. >> >> >> ... all very frustrating. >> >> >> At least my Shield TV talks to the box. Sigh. > >Unfortunatly I'm facing another problem : freenas 9.10 has a problem to join a samba 4.3.9 domain on freebsd 10.3 https://forums.freenas.org/index.php?threads/ad-auth-fails-after-upgrade.42836/#post-279550 https://bugs.freenas.org/issues/15823 this post seems to have the solution : https://forums.freenas.org/index.php?threads/ad-auth-fails-after-upgrade.42836/#post-279550 but I didn't get it yet.
Seemingly Similar Threads
- Successes an failures with Samba 4.3.9 and FreeBSD-10.3
- Successes an failures with Samba 4.3.9 and FreeBSD-10.3
- Successes an failures with Samba 4.3.9 and FreeBSD-10.3
- Successes an failures with Samba 4.3.9 and FreeBSD-10.3
- gmirror crash writing to disk? Or is it su+j crash?