samba - Aug 2018 - Samba fileserver member corrupt smb.ldb after joining 4.8.4 Samba DC

On Fri, 24 Aug 2018 22:06:01 +0200
Waishon <waishon009 at gmail.com> wrote:
> Hi,
> 
> thanks for your suggestions. Do you think this is causes the
> stacktrace above? . I just added "REALM" as a placeholder and it
> worked on a DC that was provisioned using Samba 4.7.3 and upgraded
> afterwards to Samba 4.8.4 absolutely fine with this config and the
> command "samba-tool ntacl get /srv/profiles" returns the correct
ACLs
> of this directory.
> 
> When I interprete this correctly it seems that the Fileserver is
> unable to find the DomainSID. Normally the command "ntacl get"
should
> return the ACLs and not that stacktrace, should'nt it :).
> 
Does 'wbinfo -D SAMDOM'
Return something like this:

Name              : SAMDOM
Alt_Name          : samdom.example.com
SID               : S-1-5-21-1768301897-3342589593-1064908849
Active Directory  : Yes
Native            : Yes
Primary           : Yes

Also have you read this:

https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles

Rowland

Hi,

yes I get exactly this output.

And I've read the Wiki. As mentioned before it worked already. That's
the
strange thing :)

Am Freitag, 24. August 2018 schrieb Rowland Penny via samba :
> On Fri, 24 Aug 2018 22:06:01 +0200
> Waishon <waishon009 at gmail.com> wrote:
>
> > Hi,
> >
> > thanks for your suggestions. Do you think this is causes the
> > stacktrace above? . I just added "REALM" as a placeholder
and it
> > worked on a DC that was provisioned using Samba 4.7.3 and upgraded
> > afterwards to Samba 4.8.4 absolutely fine with this config and the
> > command "samba-tool ntacl get /srv/profiles" returns the
correct ACLs
> > of this directory.
> >
> > When I interprete this correctly it seems that the Fileserver is
> > unable to find the DomainSID. Normally the command "ntacl
get" should
> > return the ACLs and not that stacktrace, should'nt it :).
> >
>
> Does 'wbinfo -D SAMDOM'
> Return something like this:
>
> Name              : SAMDOM
> Alt_Name          : samdom.example.com
> SID               : S-1-5-21-1768301897-3342589593-1064908849
> Active Directory  : Yes
> Native            : Yes
> Primary           : Yes
>
> Also have you read this:
>
> https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Hi again,

I think I found out something interesting:
When running "ntacl get" with debug = 10, I get the following output
on the
machine where it works:

posix_get_nt_acl: called for file /srv/profiles/
Opening cache file at /var/cache/samba/gencache.tdb
Opening cache file at /var/run/samba/gencache_notrans.tdb
uid 0 -> sid S-1-22-1-0 <12210>
gid 100513 -> sid S-1-5-21-3981408749-3007518722-157077061-513
canonicalise_acl: Access ace entries before arrange :

And this is the output when it won't work:

Opening cache file at /var/cache/samba/gencache.tdb

Opening cache file at /var/run/samba/gencache_notrans.tdb

uid_to_sid: winbind failed to find a sid for uid 0

Attempting to register passdb backend smbpasswd

So it seems that winbind isn't able to find a matching group for the uid 0
(root). Why is this the case?

wbinfo --uid-info=0 show on both systems the same output:

failed to call wbcGetpwuid: WBC_ERR_DOMAIN_NOT_FOUND

Could not get info for uid 0


Maybe that helps to find where the issue is?

Am Freitag, 24. August 2018 schrieb Waishon :
> Hi,
>
> yes I get exactly this output.
>
> And I've read the Wiki. As mentioned before it worked already.
That's the
> strange thing :)
>
> Am Freitag, 24. August 2018 schrieb Rowland Penny via samba :
>
>> On Fri, 24 Aug 2018 22:06:01 +0200
>> Waishon <waishon009 at gmail.com> wrote:
>>
>> > Hi,
>> >
>> > thanks for your suggestions. Do you think this is causes the
>> > stacktrace above? . I just added "REALM" as a
placeholder and it
>> > worked on a DC that was provisioned using Samba 4.7.3 and upgraded
>> > afterwards to Samba 4.8.4 absolutely fine with this config and the
>> > command "samba-tool ntacl get /srv/profiles" returns the
correct ACLs
>> > of this directory.
>> >
>> > When I interprete this correctly it seems that the Fileserver is
>> > unable to find the DomainSID. Normally the command "ntacl
get" should
>> > return the ACLs and not that stacktrace, should'nt it :).
>> >
>>
>> Does 'wbinfo -D SAMDOM'
>> Return something like this:
>>
>> Name              : SAMDOM
>> Alt_Name          : samdom.example.com
>> SID               : S-1-5-21-1768301897-3342589593-1064908849
>> Active Directory  : Yes
>> Native            : Yes
>> Primary           : Yes
>>
>> Also have you read this:
>>
>> https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>