Arne Zachlod
2018-Feb-14 19:43 UTC
[Samba] getpwuid failed for single user on single file share
On 02/14/2018 07:46 PM, Rowland Penny via samba wrote:> On Wed, 14 Feb 2018 19:05:34 +0100 > Arne Zachlod via samba <samba at lists.samba.org> wrote: > >> Hello, >> >> I have a problem with my samba installation I can not get my head >> around, maybe some of you have a good idea about what is going on. >> >> I have a file share called "adfs02" and an AD DC called "addc02" in >> the same site. The error occurs only with this one user, and it >> worked til the last password change of that user two days ago. >> >> Here are the outputs of my test case (both on done on adfs02): >> >> root at adfs02:~# smbclient -L localhost -U brokenuser at int.domain >> Enter brokenuser at int.domain's password: >> session setup failed: NT_STATUS_UNSUCCESSFUL >> >> root at magneto:~# smbclient -L localhost -U arne at int.domain >> Enter arne at int.domain's password: >> Domain=[BECIT] OS=[Windows 6.1] Server=[Samba 4.3.11-Ubuntu] >> ... >> >> root at magneto:~# smbclient -L addc02.int.becit.de -U >> brokenuser at int.domain Enter brokenuser at int.domain's password: >> Domain=[BECIT] OS=[Windows 6.1] Server=[Samba 4.3.11-Ubuntu] >> ... >> >> So, as we can see, the broken user is only broken on the domain >> member, but not on the AD DC, how can that be? I tried deleting >> /var/lib/samba/wimbindd_cache.tdb, but it didn't change anything. >> I also checked all the DCs with "samba-tool checkdb", but no errors >> where detected. >> > > I take it that the DCs real name is 'magneto' (HINT: if you are going > to sanitize things, please be consistent)yes, did overlook that, damn.> If you run 'smbclient -L adfs02.int.becit.de -U brokenuser at int.domain' > on 'adfs02', does this workno, same error: root at adfs02:~# smbclient -L adfs02.int.domain -U brokenuser at int.domain Enter brokenuser at int.domain's password: session setup failed: NT_STATUS_UNSUCCESSFUL but I forgot the most important part, in /var/log/samba/__1.log on adfs02 it says: [2018/02/14 18:51:29.614082, 1] ../source3/auth/token_util.c:430(add_local_groups) SID S-1-5-21-456140246-2344957557-3140247660-1174 -> getpwuid(10026) failed [2018/02/14 18:51:29.614128, 1] ../source3/smbd/sesssetup.c:282(reply_sesssetup_and_X_spnego) Failed to generate session_info (user and group token) for session setup: NT_STATUS_UNSUCCESSFUL> Does 'getent passwd brokenuser' produce any output when run on 'adfs02' > ?root at adfs02:~# getent passwd brokenuser brokenuser:*:10026:10000::/home/brokenuser:/bin/sh> Have you tried changing the password again ?I don't know exactly what the user did, but I changed the password afterwards (as in after the bug report) and it works on our other fileshares, just not on adfs02. Arne
Rowland Penny
2018-Feb-14 20:35 UTC
[Samba] getpwuid failed for single user on single file share
On Wed, 14 Feb 2018 20:43:20 +0100 Arne Zachlod via samba <samba at lists.samba.org> wrote:> > > If you run 'smbclient -L adfs02.int.becit.de -U > > brokenuser at int.domain' on 'adfs02', does this work > > no, same error: > root at adfs02:~# smbclient -L adfs02.int.domain -U brokenuser at int.domain > Enter brokenuser at int.domain's password: > session setup failed: NT_STATUS_UNSUCCESSFUL > > but I forgot the most important part, in /var/log/samba/__1.log on > adfs02 it says: > > [2018/02/14 18:51:29.614082, 1] > ../source3/auth/token_util.c:430(add_local_groups) > SID S-1-5-21-456140246-2344957557-3140247660-1174 -> getpwuid(10026) > failed > [2018/02/14 18:51:29.614128, 1] > ../source3/smbd/sesssetup.c:282(reply_sesssetup_and_X_spnego) > Failed to generate session_info (user and group token) for session > setup: NT_STATUS_UNSUCCESSFUL > > > Have you tried changing the password again ? > > I don't know exactly what the user did, but I changed the password > afterwards (as in after the bug report) and it works on our other > fileshares, just not on adfs02. >This sounds like a problem with something on the fileserver, have you tried running 'net cache flush' on the fileserver and/or restarting Samba and/or the fileserver ? There have been a couple of problems similar to this and if I remember correctly, the problem ended up getting fixed by deleting the user and re-creating it. Rowland
Arne Zachlod
2018-Feb-14 22:34 UTC
[Samba] getpwuid failed for single user on single file share
On 02/14/2018 09:35 PM, Rowland Penny via samba wrote:> On Wed, 14 Feb 2018 20:43:20 +0100 > Arne Zachlod via samba <samba at lists.samba.org> wrote: > > >> >>> If you run 'smbclient -L adfs02.int.becit.de -U >>> brokenuser at int.domain' on 'adfs02', does this work >> >> no, same error: >> root at adfs02:~# smbclient -L adfs02.int.domain -U brokenuser at int.domain >> Enter brokenuser at int.domain's password: >> session setup failed: NT_STATUS_UNSUCCESSFUL >> >> but I forgot the most important part, in /var/log/samba/__1.log on >> adfs02 it says: >> >> [2018/02/14 18:51:29.614082, 1] >> ../source3/auth/token_util.c:430(add_local_groups) >> SID S-1-5-21-456140246-2344957557-3140247660-1174 -> getpwuid(10026) >> failed >> [2018/02/14 18:51:29.614128, 1] >> ../source3/smbd/sesssetup.c:282(reply_sesssetup_and_X_spnego) >> Failed to generate session_info (user and group token) for session >> setup: NT_STATUS_UNSUCCESSFUL >> >>> Have you tried changing the password again ? >> >> I don't know exactly what the user did, but I changed the password >> afterwards (as in after the bug report) and it works on our other >> fileshares, just not on adfs02. >> > > This sounds like a problem with something on the fileserver, have you > tried running 'net cache flush' on the fileserver and/or restarting > Samba and/or the fileserver ?'net cache flush' helped, thanks a lot Rowland. For future people who find this via google: I tried restarting both, samba and the whole machine and it didn't help. Arne