samba - Aug 2018 - Samba fileserver member corrupt smb.ldb after joining 4.8.4 Samba DC

Hi again,

I think I found out something interesting:
When running "ntacl get" with debug = 10, I get the following output
on the
machine where it works:

posix_get_nt_acl: called for file /srv/profiles/
Opening cache file at /var/cache/samba/gencache.tdb
Opening cache file at /var/run/samba/gencache_notrans.tdb
uid 0 -> sid S-1-22-1-0 <12210>
gid 100513 -> sid S-1-5-21-3981408749-3007518722-157077061-513
canonicalise_acl: Access ace entries before arrange :

And this is the output when it won't work:

Opening cache file at /var/cache/samba/gencache.tdb

Opening cache file at /var/run/samba/gencache_notrans.tdb

uid_to_sid: winbind failed to find a sid for uid 0

Attempting to register passdb backend smbpasswd

So it seems that winbind isn't able to find a matching group for the uid 0
(root). Why is this the case?

wbinfo --uid-info=0 show on both systems the same output:

failed to call wbcGetpwuid: WBC_ERR_DOMAIN_NOT_FOUND

Could not get info for uid 0


Maybe that helps to find where the issue is?

Am Freitag, 24. August 2018 schrieb Waishon :
> Hi,
>
> yes I get exactly this output.
>
> And I've read the Wiki. As mentioned before it worked already.
That's the
> strange thing :)
>
> Am Freitag, 24. August 2018 schrieb Rowland Penny via samba :
>
>> On Fri, 24 Aug 2018 22:06:01 +0200
>> Waishon <waishon009 at gmail.com> wrote:
>>
>> > Hi,
>> >
>> > thanks for your suggestions. Do you think this is causes the
>> > stacktrace above? . I just added "REALM" as a
placeholder and it
>> > worked on a DC that was provisioned using Samba 4.7.3 and upgraded
>> > afterwards to Samba 4.8.4 absolutely fine with this config and the
>> > command "samba-tool ntacl get /srv/profiles" returns the
correct ACLs
>> > of this directory.
>> >
>> > When I interprete this correctly it seems that the Fileserver is
>> > unable to find the DomainSID. Normally the command "ntacl
get" should
>> > return the ACLs and not that stacktrace, should'nt it :).
>> >
>>
>> Does 'wbinfo -D SAMDOM'
>> Return something like this:
>>
>> Name              : SAMDOM
>> Alt_Name          : samdom.example.com
>> SID               : S-1-5-21-1768301897-3342589593-1064908849
>> Active Directory  : Yes
>> Native            : Yes
>> Primary           : Yes
>>
>> Also have you read this:
>>
>> https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>

Hi again,

sorry for spaming ;)

wbinfo -U shows on the second machine only:
root at FS/# wbinfo -U 0
failed to call wbcUidToSid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert uid 0 to sid

On the other machine it returns the correct SID.

Maybe that's a decent hint what went wrong?

Am Freitag, 24. August 2018 schrieb Waishon :
> Hi again,
>
> I think I found out something interesting:
> When running "ntacl get" with debug = 10, I get the following
output on
> the machine where it works:
>
> posix_get_nt_acl: called for file /srv/profiles/
> Opening cache file at /var/cache/samba/gencache.tdb
> Opening cache file at /var/run/samba/gencache_notrans.tdb
> uid 0 -> sid S-1-22-1-0 <12210>
> gid 100513 -> sid S-1-5-21-3981408749-3007518722-157077061-513
> canonicalise_acl: Access ace entries before arrange :
>
> And this is the output when it won't work:
>
> Opening cache file at /var/cache/samba/gencache.tdb
>
> Opening cache file at /var/run/samba/gencache_notrans.tdb
>
> uid_to_sid: winbind failed to find a sid for uid 0
>
> Attempting to register passdb backend smbpasswd
>
> So it seems that winbind isn't able to find a matching group for the
uid 0
> (root). Why is this the case?
>
> wbinfo --uid-info=0 show on both systems the same output:
>
> failed to call wbcGetpwuid: WBC_ERR_DOMAIN_NOT_FOUND
>
> Could not get info for uid 0
>
>
> Maybe that helps to find where the issue is?
>
> Am Freitag, 24. August 2018 schrieb Waishon :
>
>> Hi,
>>
>> yes I get exactly this output.
>>
>> And I've read the Wiki. As mentioned before it worked already.
That's the
>> strange thing :)
>>
>> Am Freitag, 24. August 2018 schrieb Rowland Penny via samba :
>>
>>> On Fri, 24 Aug 2018 22:06:01 +0200
>>> Waishon <waishon009 at gmail.com> wrote:
>>>
>>> > Hi,
>>> >
>>> > thanks for your suggestions. Do you think this is causes the
>>> > stacktrace above? . I just added "REALM" as a
placeholder and it
>>> > worked on a DC that was provisioned using Samba 4.7.3 and
upgraded
>>> > afterwards to Samba 4.8.4 absolutely fine with this config and
the
>>> > command "samba-tool ntacl get /srv/profiles" returns
the correct ACLs
>>> > of this directory.
>>> >
>>> > When I interprete this correctly it seems that the Fileserver
is
>>> > unable to find the DomainSID. Normally the command "ntacl
get" should
>>> > return the ACLs and not that stacktrace, should'nt it :).
>>> >
>>>
>>> Does 'wbinfo -D SAMDOM'
>>> Return something like this:
>>>
>>> Name              : SAMDOM
>>> Alt_Name          : samdom.example.com
>>> SID               : S-1-5-21-1768301897-3342589593-1064908849
>>> Active Directory  : Yes
>>> Native            : Yes
>>> Primary           : Yes
>>>
>>> Also have you read this:
>>>
>>> https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles
>>>
>>> Rowland
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>

On Fri, 24 Aug 2018 23:41:54 +0200
Waishon <waishon009 at gmail.com> wrote:
> Hi again,
> 
> I think I found out something interesting:
> When running "ntacl get" with debug = 10, I get the following
output
> on the machine where it works:
> 
> posix_get_nt_acl: called for file /srv/profiles/
> Opening cache file at /var/cache/samba/gencache.tdb
> Opening cache file at /var/run/samba/gencache_notrans.tdb
> uid 0 -> sid S-1-22-1-0 <12210>
> gid 100513 -> sid S-1-5-21-3981408749-3007518722-157077061-513
> canonicalise_acl: Access ace entries before arrange :
> 
> And this is the output when it won't work:
> 
> Opening cache file at /var/cache/samba/gencache.tdb
> 
> Opening cache file at /var/run/samba/gencache_notrans.tdb
> 
> uid_to_sid: winbind failed to find a sid for uid 0
> 
> Attempting to register passdb backend smbpasswd
> 
> So it seems that winbind isn't able to find a matching group for the
> uid 0 (root). Why is this the case?
> 
> wbinfo --uid-info=0 show on both systems the same output:
> 
> failed to call wbcGetpwuid: WBC_ERR_DOMAIN_NOT_FOUND
> 
> Could not get info for uid 0
> 
> 
What is in 'user.map' ?

Rowland

On Fri, 24 Aug 2018 23:53:14 +0200
Waishon <waishon009 at gmail.com> wrote:
> Hi again,
> 
> sorry for spaming ;)
> 
> wbinfo -U shows on the second machine only:
> root at FS/# wbinfo -U 0
> failed to call wbcUidToSid: WBC_ERR_DOMAIN_NOT_FOUND
> Could not convert uid 0 to sid
> 
> On the other machine it returns the correct SID.
> 
> Maybe that's a decent hint what went wrong?
>
No, it is exactly the same on my domain, fails on a Unix domain member,
works on a DC.

Rowland