Emmanuel Florac
2017-Feb-20 13:44 UTC
[Samba] wbinfo -i returns the same id for all users, authentication doesn't seem to go through winbind at all
Le Sat, 18 Feb 2017 20:17:12 +0000 Rowland Penny via samba <samba at lists.samba.org> écrivait:> Only change I made before installing Samba, was to comment the > '127.0.1.1' line in /etc/hostsTried again with your smb.conf and minimal changes, and it gets worse: [2017/02/20 14:42:19.048133, 0] ../lib/util/fault.c:78(fault_report) ==============================================================[2017/02/20 14:42:19.048207, 0] ../lib/util/fault.c:79(fault_report) INTERNAL ERROR: Signal 11 in pid 13435 (4.2.14-Debian) Please read the Trouble-Shooting section of the Samba HOWTO [2017/02/20 14:42:19.048239, 0] ../lib/util/fault.c:81(fault_report) ==============================================================[2017/02/20 14:42:19.048268, 0] ../source3/lib/util.c:788(smb_panic_s3) PANIC (pid 13435): internal error [2017/02/20 14:42:19.048934, 0] ../source3/lib/util.c:899(log_stack_trace) BACKTRACE: 36 stack frames: #0 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(log_stack_trace+0x1a) [0x7f5dd3354efa] #1 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(smb_panic_s3+0x20) [0x7f5dd3354fe0] #2 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(smb_panic+0x2f) [0x7f5dd5036e5f] #3 /usr/lib/x86_64-linux-gnu/libsamba-util.so.0(+0x2407f) [0x7f5dd503707f] #4 /lib/x86_64-linux-gnu/libpthread.so.0(+0xf890) [0x7f5dd525a890] #5 /usr/lib/x86_64-linux-gnu/samba/libkrb5-samba4.so.26(krb5_storage_free+0x1) [0x7f5dc916eed1] #6 /usr/lib/x86_64-linux-gnu/samba/libkrb5-samba4.so.26(+0x381d5) [0x7f5dc915b1d5] #7 /usr/lib/x86_64-linux-gnu/samba/libgse.so.0(+0x9126) [0x7f5dce5ac126] #8 /usr/lib/x86_64-linux-gnu/samba/libgse.so.0(gse_krb5_get_server_keytab+0xeb) [0x7f5dce5ac64b] #9 /usr/lib/x86_64-linux-gnu/samba/libgse.so.0(+0xb23a) [0x7f5dce5ae23a] #10 /usr/lib/x86_64-linux-gnu/libgensec.so.0(gensec_start_mech+0xb1) [0x7f5dce38bbe1] #11 /usr/lib/x86_64-linux-gnu/libgensec.so.0(gensec_start_mech_by_ops+0xc) [0x7f5dce38bd5c] #12 /usr/lib/x86_64-linux-gnu/libgensec.so.0(+0x9e42) [0x7f5dce37ce42] #13 /usr/lib/x86_64-linux-gnu/libgensec.so.0(+0xa6c6) [0x7f5dce37d6c6] #14 /usr/lib/x86_64-linux-gnu/libgensec.so.0(+0xb581) [0x7f5dce37e581] #15 /usr/lib/x86_64-linux-gnu/libgensec.so.0(gensec_update_ev+0x192) [0x7f5dce38ab62] #16 /usr/lib/x86_64-linux-gnu/libgensec.so.0(gensec_update+0x17) [0x7f5dce38aba7] #17 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(negprot_spnego+0x94) [0x7f5dd4ba9a94] #18 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0xcefdb) [0x7f5dd4ba9fdb] #19 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(reply_negprot+0x4a2) [0x7f5dd4baa782] #20 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x125da3) [0x7f5dd4c00da3] #21 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x127b42) [0x7f5dd4c02b42] #22 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(+0x12927d) [0x7f5dd4c0427d] #23 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(run_events_poll+0x171) [0x7f5dd3375081] #24 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(+0x4a2f7) [0x7f5dd33752f7] #25 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x8d) [0x7f5dd1d5743d] #26 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7f5dd1d575db] #27 /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0(smbd_process+0x718) [0x7f5dd4c055d8] #28 /usr/sbin/smbd(+0xadd0) [0x55ae59c85dd0] #29 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(run_events_poll+0x171) [0x7f5dd3375081] #30 /usr/lib/x86_64-linux-gnu/libsmbconf.so.0(+0x4a2f7) [0x7f5dd33752f7] #31 /usr/lib/x86_64-linux-gnu/libtevent.so.0(_tevent_loop_once+0x8d) [0x7f5dd1d5743d] #32 /usr/lib/x86_64-linux-gnu/libtevent.so.0(tevent_common_loop_wait+0x1b) [0x7f5dd1d575db] #33 /usr/sbin/smbd(main+0x17e5) [0x55ae59c825e5] #34 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7f5dd19c4b45] #35 /usr/sbin/smbd(+0x76e4) [0x55ae59c826e4] [2017/02/20 14:42:19.054274, 0] ../source3/lib/dumpcore.c:318(dump_core) dumping core in /var/log/samba/cores/smbd I'll try leaving the AD, cleaning up /var/lib/samba/*.tdb and join again... -- ------------------------------------------------------------------------ Emmanuel Florac | Direction technique | Intellique | <eflorac at intellique.com> | +33 1 78 94 84 02 ------------------------------------------------------------------------ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 181 bytes Desc: Signature digitale OpenPGP URL: <http://lists.samba.org/pipermail/samba/attachments/20170220/794ba8a1/attachment.sig>
Emmanuel Florac
2017-Feb-20 13:51 UTC
[Samba] wbinfo -i returns the same id for all users, authentication doesn't seem to go through winbind at all
Le Mon, 20 Feb 2017 14:44:36 +0100 Emmanuel Florac via samba <samba at lists.samba.org> écrivait:> I'll try leaving the AD, cleaning up /var/lib/samba/*.tdb and join > again... >It crashes because the "dedicated keytab file" doesn't exist. Probably need to "leave" with the old config before joining with the new one... -- ------------------------------------------------------------------------ Emmanuel Florac | Direction technique | Intellique | <eflorac at intellique.com> | +33 1 78 94 84 02 ------------------------------------------------------------------------ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 181 bytes Desc: Signature digitale OpenPGP URL: <http://lists.samba.org/pipermail/samba/attachments/20170220/895823de/attachment.sig>
Rowland Penny
2017-Feb-20 14:01 UTC
[Samba] wbinfo -i returns the same id for all users, authentication doesn't seem to go through winbind at all
On Mon, 20 Feb 2017 14:44:36 +0100 Emmanuel Florac <eflorac at intellique.com> wrote:> Le Sat, 18 Feb 2017 20:17:12 +0000 > Rowland Penny via samba <samba at lists.samba.org> écrivait: > > > Only change I made before installing Samba, was to comment the > > '127.0.1.1' line in /etc/hosts > > Tried again with your smb.conf and minimal changes, and it gets worse: >OK, I set up Debian Jessie in a VM and then installed and configured Samba and it worked, this all took just about an hour. I suggest you check your settings against the ones I posted. Rowland
Emmanuel Florac
2017-Feb-20 15:06 UTC
[Samba] wbinfo -i returns the same id for all users, authentication doesn't seem to go through winbind at all
Le Mon, 20 Feb 2017 14:01:08 +0000 Rowland Penny via samba <samba at lists.samba.org> écrivait:> OK, I set up Debian Jessie in a VM and then installed and configured > Samba and it worked, this all took just about an hour. > > I suggest you check your settings against the ones I posted. >I've reset everything the same as your settings; I left the AD; I removed all tdb files in /var/lib/samba; I joined the AD again; and it still does exactly the same: If I use an AD user and enter the wrong password, I've got as expected session setup failed: NT_STATUS_LOGON_FAILURE If I enter the good password or no password, I'm logged in as nobody/nogroup. If I remove the "public" option to the share options, I can't login: tree connect failed: NT_STATUS_ACCESS_DENIED So still the same trouble. I'm going to redo the whole setup... -- ------------------------------------------------------------------------ Emmanuel Florac | Direction technique | Intellique | <eflorac at intellique.com> | +33 1 78 94 84 02 ------------------------------------------------------------------------ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 181 bytes Desc: Signature digitale OpenPGP URL: <http://lists.samba.org/pipermail/samba/attachments/20170220/bd14e475/attachment.sig>
Emmanuel Florac
2017-Feb-28 18:26 UTC
[Samba] wbinfo -i returns the same id for all users, authentication doesn't seem to go through winbind at all
Le Mon, 20 Feb 2017 14:01:08 +0000 Rowland Penny via samba <samba at lists.samba.org> écrivait:> On Mon, 20 Feb 2017 14:44:36 +0100 > Emmanuel Florac <eflorac at intellique.com> wrote: > > > Le Sat, 18 Feb 2017 20:17:12 +0000 > > Rowland Penny via samba <samba at lists.samba.org> écrivait: > > > > > Only change I made before installing Samba, was to comment the > > > '127.0.1.1' line in /etc/hosts > > > > Tried again with your smb.conf and minimal changes, and it gets > > worse: > > OK, I set up Debian Jessie in a VM and then installed and configured > Samba and it worked, this all took just about an hour. > > I suggest you check your settings against the ones I posted. >Hi Rowland, sorry to be back again. I've set up a new test Win2012R2 AD server from scratch. I've set up a Debian VM from scratch. I've installed exactly the settings you sent (except for the AD name, to reproduce the production configuration). It doesn't work. Exactly the same problem. I can connect to the share as Administrator because the users.map file maps Administrator to local root (files created by Adminsitrator are owned by root) but *no other user account* works unless I declare the share public, so that all accounts are mapped to nobody. "getent passwd testuser" returns nothing (return code is 2). root at debadclient1:~# wbinfo -i bidon bidon:*:11106:10513:bidon bidon:/home/TESTAD/bidon:/bin/bash root at debadclient1:~# getent passwd bidon root at debadclient1:~# echo $? 2 I'm getting desperate. I tried using a Debian 9/ samba 4.5.4. Exactly the same. At least the behaviour is consistent... -- ------------------------------------------------------------------------ Emmanuel Florac | Direction technique | Intellique | <eflorac at intellique.com> | +33 1 78 94 84 02 ------------------------------------------------------------------------ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 181 bytes Desc: Signature digitale OpenPGP URL: <http://lists.samba.org/pipermail/samba/attachments/20170228/2c5f3588/attachment.sig>
Emmanuel Florac
2017-Feb-28 19:57 UTC
[Samba] wbinfo -i returns the same id for all users, authentication doesn't seem to go through winbind at all
Le Mon, 20 Feb 2017 14:01:08 +0000 Rowland Penny via samba <samba at lists.samba.org> écrivait:> On Mon, 20 Feb 2017 14:44:36 +0100 > Emmanuel Florac <eflorac at intellique.com> wrote: > > > Le Sat, 18 Feb 2017 20:17:12 +0000 > > Rowland Penny via samba <samba at lists.samba.org> écrivait: > > > > > Only change I made before installing Samba, was to comment the > > > '127.0.1.1' line in /etc/hosts > > > > Tried again with your smb.conf and minimal changes, and it gets > > worse: > > OK, I set up Debian Jessie in a VM and then installed and configured > Samba and it worked, this all took just about an hour. > > I suggest you check your settings against the ones I posted. >Now it seems that reinstalling libpam-winbind, libpam-krb5, libnss-winbind may have done the trick. Thank you. I'm bald now :) -- ------------------------------------------------------------------------ Emmanuel Florac | Direction technique | Intellique | <eflorac at intellique.com> | +33 1 78 94 84 02 ------------------------------------------------------------------------ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 181 bytes Desc: Signature digitale OpenPGP URL: <http://lists.samba.org/pipermail/samba/attachments/20170228/7e5c83bc/attachment.sig>