Hai, The best info is missing. What are the windows event ID errors? What is the right set on the profiles folder? If you layout is : /home/samba/profiles and you shared the folder profiles, then show me getfacl /home/samba/profiles. I see your running, Samba 4.7, are you able to upgrade to 4.9.4? This: ~# cat default-rights-sysvol.acl # file: /var/lib/samba/sysvol # owner: root # group: root user::rwx user:root:rwx user:3000000:rwx user:3000001:r-x user:3000002:rwx user:3000003:r-x Tells me something. I "should" at least see 2 users names and not only uids? Can you show the smb.conf nsswitch.conf Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland Penny via samba > Verzonden: woensdag 23 januari 2019 22:32 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] GPO / Sysvol problems > > On Wed, 23 Jan 2019 13:02:39 -0800 > Gregory Sloop <gregs at sloop.net> wrote: > > > > > > > RPvs> On Wed, 23 Jan 2019 10:06:52 -0800 > > RPvs> Gregory Sloop via samba <samba at lists.samba.org> wrote: > > > > > > >> RPvs> Have you read this: > > > > >> RPvs> > https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles > > > > >> RPvs> and possibly, this: > > > > >> RPvs> > https://wiki.samba.org/index.php/Configuring_Windows_Profile_F > older_Redirections > > > > >> RPvs> Rowland > > > > >> Yes, and I believe I've done everything properly. > > >> That's where I started. > > > > >> So I think we're back to; What items control file/directory > > >> creation and the default permissions? What should I be > looking at, > > >> or tinkering with? > > > > > > RPvs> Hmm, I am beginning to think the operative word here is > > RPvs> 'freenas', a quick internet search shows a lot of requests for > > RPvs> how to do what you are you are trying to do, but little or no > > RPvs> answers. > > > > RPvs> Can you try having the profiles on a Linux machine ? > > > > RPvs> Rowland > > RPvs> > > So, Rowland [and anyone else following along] - lets see if we can > > forget about that shiny object. Just forget I said FreeNAS. Poof! > > Gone! > > > > Pretend I said I was using FreeBSD, with ZFS, and Samba 4.7.0. > > And, apparently, creating directories for user profiles > goes south in > > some cases. [It works sometimes too, but I can't determine why. I'm > > flipping lots of switches in an effort to make it work, so it may > > well be semi-self induced.] > > > > But if I were that BSD guy - what things would I look at in the > > smb.conf that might have an impact on this situation? How do I > > control the permissions new directories get from Samba? I'd be glad > > for a "here's someone who faced exactly that, and here's > how he fixed > > it." but I'd also be super happy with "Look at these 6 different > > smb.conf items - and here's how I might set them. You might look at > > this VFS module too." > > > > TIA > > -Greg > > I do not use freebsd, but I think you need 'vfs objects > nfs4acl_xattr' for a start, I also think you need to ask > freenas and/or > freebsd. > > That is unless some one has this running and is willing to share the > magic incantations ;-) > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
This is the samba conf file (not on the DC's, but on the box where profiles
are being stored - which is where our problem is, IMO) - does anything in here
need addressing?
[I've slightly sanitized some names.]
I'm trying to gather relevant samba logs from this same box, as well as
anything that looks relevant from the Windows station event logs.
But I thought starting here might be worth-while.
I don't see anything that strikes me as really wrong, but I'm pretty out
of my comfort zone here.
--
[global]
server min protocol = SMB2_02
server max protocol = SMB3
interfaces = 127.0.0.1 10.8.22.4 127.0.0.1
bind interfaces only = yes
encrypt passwords = yes
dns proxy = no
strict locking = no
oplocks = yes
deadtime = 15
max log size = 51200
max open files = 1884710
logging = file
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
getwd cache = yes
guest account = nobody
map to guest = Bad User
obey pam restrictions = yes
ntlm auth = no
directory name cache size = 0
kernel change notify = no
panic action = /usr/local/libexec/samba/samba-backtrace
nsupdate command = /usr/local/bin/samba-nsupdate -g
server string = FreeNAS Server
ea support = yes
store dos attributes = yes
lm announce = yes
unix extensions = no
acl allow execute always = true
dos filemode = yes
multicast dns register = no
domain logons = no
idmap config *: backend = tdb
idmap config *: range = 90000001-100000000
server role = member server
workgroup = AD
realm = AD.AB.LOCAL
security = ADS
client use spnego = yes
local master = no
domain master = no
preferred master = no
ads dns update = yes
winbind cache time = 7200
winbind offline logon = yes
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes
winbind use default domain = no
winbind refresh tickets = yes
idmap config AD: backend = rid
idmap config AD: range = 20000-90000000
allow trusted domains = no
client ldap sasl wrapping = plain
template shell = /bin/sh
template homedir = /home/%D/%U
netbios name = AB-FREENAS
netbios aliases = AB-FREENAS
create mask = 0666
directory mask = 0777
client ntlmv2 auth = yes
dos charset = CP437
unix charset = UTF-8
log level = 3
[ab-profiles]
path = "/mnt/abac-zfs-01/ad-profiles"
comment = ab-profiles
printable = no
veto files = /.snapshot/.windows/.mac/.zfs/
writeable = yes
browseable = yes
access based share enum = no
vfs objects = zfs_space zfsacl streams_xattr
hide dot files = no
guest ok = no
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = true
zfsacl:acesort = dontcare
[abac-share1]
path = "/mnt/abac-zfs-01/ad-shared-folders"
comment = abac-share1
printable = no
veto files = /.snapshot/.windows/.mac/.zfs/
writeable = yes
browseable = yes
access based share enum = no
vfs objects = acl_xattr zfs_space zfsacl streams_xattr
hide dot files = no
guest ok = no
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = true
zfsacl:acesort = dontcare
And this is some Samba logs from a connect where the profile isn't handled properly. Near the end, it looks like Samba resets this connection... (I could be wrong - I know nothing about how to read Samba logs.) --- [2019/01/24 10:36:38.097773, 3] ../lib/util/access.c:361(allow_access) Allowed connection from 10.8.20.60 (10.8.20.60) [2019/01/24 10:36:38.097869, 3] ../source3/smbd/oplock.c:1329(init_oplocks) init_oplocks: initializing messages. [2019/01/24 10:36:38.097940, 3] ../source3/smbd/process.c:1959(process_smb) Transaction 0 of length 178 (0 toread) [2019/01/24 10:36:38.098082, 3] ../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot) Selected protocol SMB3_11 [2019/01/24 10:36:38.633900, 3] ../lib/util/util_net.c:256(interpret_string_addr_internal) interpret_string_addr_internal: getaddrinfo failed for name freenas.ad.abc.local (flags 1026) [hostname nor servname provided, or not known] [2019/01/24 10:36:38.633920, 3] ../source3/lib/util_sock.c:1187(get_mydnsfullname) get_mydnsfullname: getaddrinfo failed for name freenas.ad.abc.local [Success] [2019/01/24 10:36:39.141647, 3] ../lib/util/util_net.c:256(interpret_string_addr_internal) interpret_string_addr_internal: getaddrinfo failed for name freenas.ad.abc.local (flags 1026) [hostname nor servname provided, or not known] [2019/01/24 10:36:39.141662, 3] ../source3/lib/util_sock.c:1187(get_mydnsfullname) get_mydnsfullname: getaddrinfo failed for name freenas.ad.abc.local [Success] [2019/01/24 10:36:39.142241, 3] ../auth/gensec/gensec_start.c:977(gensec_register) GENSEC backend 'gssapi_spnego' registered [2019/01/24 10:36:39.142266, 3] ../auth/gensec/gensec_start.c:977(gensec_register) GENSEC backend 'gssapi_krb5' registered [2019/01/24 10:36:39.142278, 3] ../auth/gensec/gensec_start.c:977(gensec_register) GENSEC backend 'gssapi_krb5_sasl' registered [2019/01/24 10:36:39.142292, 3] ../auth/gensec/gensec_start.c:977(gensec_register) GENSEC backend 'spnego' registered [2019/01/24 10:36:39.142302, 3] ../auth/gensec/gensec_start.c:977(gensec_register) GENSEC backend 'schannel' registered [2019/01/24 10:36:39.142313, 3] ../auth/gensec/gensec_start.c:977(gensec_register) GENSEC backend 'naclrpc_as_system' registered [2019/01/24 10:36:39.142322, 3] ../auth/gensec/gensec_start.c:977(gensec_register) GENSEC backend 'sasl-EXTERNAL' registered [2019/01/24 10:36:39.142333, 3] ../auth/gensec/gensec_start.c:977(gensec_register) GENSEC backend 'ntlmssp' registered [2019/01/24 10:36:39.142342, 3] ../auth/gensec/gensec_start.c:977(gensec_register) GENSEC backend 'ntlmssp_resume_ccache' registered [2019/01/24 10:36:39.142351, 3] ../auth/gensec/gensec_start.c:977(gensec_register) GENSEC backend 'http_basic' registered [2019/01/24 10:36:39.142360, 3] ../auth/gensec/gensec_start.c:977(gensec_register) GENSEC backend 'http_ntlm' registered [2019/01/24 10:36:39.142369, 3] ../auth/gensec/gensec_start.c:977(gensec_register) GENSEC backend 'krb5' registered [2019/01/24 10:36:39.142379, 3] ../auth/gensec/gensec_start.c:977(gensec_register) GENSEC backend 'fake_gssapi_krb5' registered [2019/01/24 10:36:39.681807, 3] ../lib/util/util_net.c:256(interpret_string_addr_internal) interpret_string_addr_internal: getaddrinfo failed for name freenas.ad.abc.local (flags 1026) [hostname nor servname provided, or not known] [2019/01/24 10:36:39.681821, 3] ../source3/lib/util_sock.c:1187(get_mydnsfullname) get_mydnsfullname: getaddrinfo failed for name freenas.ad.abc.local [Success] [2019/01/24 10:36:40.217351, 3] ../lib/util/util_net.c:256(interpret_string_addr_internal) interpret_string_addr_internal: getaddrinfo failed for name freenas.ad.abc.local (flags 1026) [hostname nor servname provided, or not known] [2019/01/24 10:36:40.217370, 3] ../source3/lib/util_sock.c:1187(get_mydnsfullname) get_mydnsfullname: getaddrinfo failed for name freenas.ad.abc.local [Success] [2019/01/24 10:36:40.220635, 3] ../auth/kerberos/kerberos_pac.c:409(kerberos_decode_pac) Found account name from PAC: DESKTOP-AD-TEST$ [] [2019/01/24 10:36:40.220656, 3] ../source3/auth/user_krb5.c:51(get_user_from_kerberos_info) Kerberos ticket principal name is [DESKTOP-AD-TEST$@AD.ABC.LOCAL] [2019/01/24 10:36:40.225072, 3] ../source3/param/loadparm.c:3856(lp_load_ex) lp_load_ex: refreshing parameters [2019/01/24 10:36:40.225141, 3] ../source3/param/loadparm.c:543(init_globals) Initialising global parameters [2019/01/24 10:36:40.225251, 3] ../source3/param/loadparm.c:2770(lp_do_section) Processing section "[global]" [2019/01/24 10:36:40.226327, 2] ../source3/param/loadparm.c:2787(lp_do_section) Processing section "[rm-profiles]" [2019/01/24 10:36:40.226584, 2] ../source3/param/loadparm.c:2787(lp_do_section) Processing section "[abc-share1]" [2019/01/24 10:36:40.226842, 3] ../source3/param/loadparm.c:1598(lp_add_ipc) adding IPC service [2019/01/24 10:36:40.227541, 3] ../source3/smbd/password.c:144(register_homes_share) Adding homes service for user 'AD\desktop-ad-test$' using home directory: '/home/AD/desktop-ad-test_' [2019/01/24 10:36:40.231677, 3] ../lib/util/access.c:361(allow_access) Allowed connection from 10.8.20.60 (10.8.20.60) [2019/01/24 10:36:40.231737, 3] ../source3/smbd/service.c:595(make_connection_snum) Connect path is '/tmp' for service [IPC$] [2019/01/24 10:36:40.231765, 3] ../source3/smbd/vfs.c:113(vfs_init_default) Initialising default vfs hooks [2019/01/24 10:36:40.231777, 3] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2019/01/24 10:36:40.231904, 3] ../source3/smbd/service.c:841(make_connection_snum) 10.8.20.60 (ipv4:10.8.20.60:52251) connect to service IPC$ initially as user AD\desktop-ad-test$ (uid=21606, gid=20515) (pid 67748) [2019/01/24 10:36:40.233495, 3] ../source3/rpc_server/srv_pipe.c:748(api_pipe_bind_req) api_pipe_bind_req: srvsvc -> srvsvc rpc service [2019/01/24 10:36:40.233511, 3] ../source3/rpc_server/srv_pipe.c:356(check_bind_req) check_bind_req for srvsvc context_id=0 [2019/01/24 10:36:40.233520, 3] ../source3/rpc_server/srv_pipe.c:399(check_bind_req) check_bind_req: srvsvc -> srvsvc rpc service [2019/01/24 10:36:40.234149, 3] ../source3/rpc_server/srv_pipe.c:1528(api_rpcTNP) api_rpcTNP: rpc command: SRVSVC_NETSHAREGETINFO [2019/01/24 10:36:40.780134, 3] ../lib/util/util_net.c:256(interpret_string_addr_internal) interpret_string_addr_internal: getaddrinfo failed for name freenas.ad.abc.local (flags 1026) [hostname nor servname provided, or not known] [2019/01/24 10:36:40.780148, 3] ../source3/lib/util_sock.c:1187(get_mydnsfullname) get_mydnsfullname: getaddrinfo failed for name freenas.ad.abc.local [Success] [2019/01/24 10:36:41.295431, 3] ../lib/util/util_net.c:256(interpret_string_addr_internal) interpret_string_addr_internal: getaddrinfo failed for name freenas.ad.abc.local (flags 1026) [hostname nor servname provided, or not known] [2019/01/24 10:36:41.295446, 3] ../source3/lib/util_sock.c:1187(get_mydnsfullname) get_mydnsfullname: getaddrinfo failed for name freenas.ad.abc.local [Success] [2019/01/24 10:36:41.296440, 3] ../auth/kerberos/kerberos_pac.c:409(kerberos_decode_pac) Found account name from PAC: toysales01 [] [2019/01/24 10:36:41.296458, 3] ../source3/auth/user_krb5.c:51(get_user_from_kerberos_info) Kerberos ticket principal name is [toysales01 at AD.ABC.LOCAL] [2019/01/24 10:36:41.300497, 3] ../source3/param/loadparm.c:3856(lp_load_ex) lp_load_ex: refreshing parameters [2019/01/24 10:36:41.300544, 3] ../source3/param/loadparm.c:543(init_globals) Initialising global parameters [2019/01/24 10:36:41.300636, 3] ../source3/param/loadparm.c:2770(lp_do_section) Processing section "[global]" [2019/01/24 10:36:41.301696, 2] ../source3/param/loadparm.c:2787(lp_do_section) Processing section "[rm-profiles]" [2019/01/24 10:36:41.301946, 2] ../source3/param/loadparm.c:2787(lp_do_section) Processing section "[abc-share1]" [2019/01/24 10:36:41.302203, 3] ../source3/param/loadparm.c:1598(lp_add_ipc) adding IPC service [2019/01/24 10:36:41.302908, 3] ../source3/smbd/password.c:144(register_homes_share) Adding homes service for user 'AD\toysales01' using home directory: '/home/AD/toysales01' [2019/01/24 10:36:41.307024, 3] ../lib/util/access.c:361(allow_access) Allowed connection from 10.8.20.60 (10.8.20.60) [2019/01/24 10:36:41.307079, 3] ../source3/smbd/service.c:595(make_connection_snum) Connect path is '/tmp' for service [IPC$] [2019/01/24 10:36:41.307105, 3] ../source3/smbd/vfs.c:113(vfs_init_default) Initialising default vfs hooks [2019/01/24 10:36:41.307115, 3] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2019/01/24 10:36:41.307213, 3] ../source3/smbd/service.c:841(make_connection_snum) 10.8.20.60 (ipv4:10.8.20.60:52251) connect to service IPC$ initially as user AD\toysales01 (uid=21133, gid=20513) (pid 67748) [2019/01/24 10:36:41.307733, 3] ../source3/smbd/msdfs.c:1008(get_referred_path) get_referred_path: |rm-profiles| in dfs path \rm-freenas\rm-profiles is not a dfs root. [2019/01/24 10:36:41.307752, 3] ../source3/smbd/smb2_server.c:3115(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:309 [2019/01/24 10:36:41.308242, 3] ../lib/util/access.c:361(allow_access) Allowed connection from 10.8.20.60 (10.8.20.60) [2019/01/24 10:36:41.308296, 3] ../source3/smbd/service.c:595(make_connection_snum) Connect path is '/mnt/abc-zfs-01/ad-profiles' for service [rm-profiles] [2019/01/24 10:36:41.308328, 3] ../source3/smbd/vfs.c:113(vfs_init_default) Initialising default vfs hooks [2019/01/24 10:36:41.308338, 3] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2019/01/24 10:36:41.308349, 3] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising custom vfs hooks from [streams_xattr] [2019/01/24 10:36:41.308575, 3] ../lib/util/modules.c:167(load_module_absolute_path) load_module_absolute_path: Module '/usr/local/lib/shared-modules/vfs/streams_xattr.so' loaded [2019/01/24 10:36:41.308595, 3] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising custom vfs hooks from [zfsacl] [2019/01/24 10:36:41.308899, 3] ../lib/util/modules.c:167(load_module_absolute_path) load_module_absolute_path: Module '/usr/local/lib/shared-modules/vfs/zfsacl.so' loaded [2019/01/24 10:36:41.308917, 3] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising custom vfs hooks from [zfs_space] [2019/01/24 10:36:41.318027, 3] ../lib/util/modules.c:167(load_module_absolute_path) load_module_absolute_path: Module '/usr/local/lib/shared-modules/vfs/zfs_space.so' loaded [2019/01/24 10:36:41.318207, 2] ../source3/smbd/service.c:841(make_connection_snum) 10.8.20.60 (ipv4:10.8.20.60:52251) connect to service rm-profiles initially as user AD\toysales01 (uid=21133, gid=20513) (pid 67748) [2019/01/24 10:36:41.323899, 2] ../source3/smbd/open.c:1404(open_file) AD\toysales01 opened file user-profiles/toysales01.V6/6A6DCA49-668C-4DD1-8A7F-9D5B61E8EE92.tmp read=No write=Yes (numopen=1) [2019/01/24 10:36:41.359714, 3] ../source3/smbd/smb2_write.c:212(smb2_write_complete_internal) smb2: fnum 135800876, file user-profiles/toysales01.V6/6A6DCA49-668C-4DD1-8A7F-9D5B61E8EE92.tmp, length=65536 offset=0 wrote=65536 [2019/01/24 10:36:41.377982, 3] ../source3/smbd/smb2_write.c:212(smb2_write_complete_internal) smb2: fnum 135800876, file user-profiles/toysales01.V6/6A6DCA49-668C-4DD1-8A7F-9D5B61E8EE92.tmp, length=200 offset=0 wrote=200 [2019/01/24 10:36:41.378677, 3] ../source3/smbd/smb2_server.c:3115(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_INVALID_INFO_CLASS] || at ../source3/smbd/smb2_getinfo.c:154 [2019/01/24 10:36:41.382830, 2] ../source3/smbd/close.c:789(close_normal_file) AD\toysales01 closed file user-profiles/toysales01.V6/6A6DCA49-668C-4DD1-8A7F-9D5B61E8EE92.tmp (numopen=0) NT_STATUS_OK [2019/01/24 10:36:41.385800, 3] ../source3/smbd/nttrans.c:2036(smbd_do_query_security_desc) smbd_do_query_security_desc: sd_size = 48. [2019/01/24 10:36:41.385816, 3] ../source3/smbd/smb2_server.c:3115(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_BUFFER_TOO_SMALL] | +info| at ../source3/smbd/smb2_getinfo.c:171 [2019/01/24 10:36:41.388014, 3] ../source3/smbd/nttrans.c:2036(smbd_do_query_security_desc) smbd_do_query_security_desc: sd_size = 48. [2019/01/24 10:36:50.919650, 3] ../source3/smbd/service.c:1120(close_cnum) 10.8.20.60 (ipv4:10.8.20.60:52251) closed connection to service IPC$ [2019/01/24 10:36:56.279328, 3] ../source3/smbd/service.c:1120(close_cnum) 10.8.20.60 (ipv4:10.8.20.60:52251) closed connection to service IPC$ [2019/01/24 10:36:56.279475, 2] ../source3/smbd/service.c:1120(close_cnum) 10.8.20.60 (ipv4:10.8.20.60:52251) closed connection to service rm-profiles [2019/01/24 10:36:56.283783, 3] ../source3/smbd/server_exit.c:248(exit_server_common) Server exit (NT_STATUS_CONNECTION_RESET) [2019/01/24 10:36:56.360475, 3] ../source3/lib/util_procid.c:54(pid_to_procid) pid_to_procid: messaging_dgm_get_unique failed: No such file or directory --- I'm glad to provide more logs, but this seems like the most relevant portions. [This is a "full" log, I can step up verbosity to "debug," if needed.] Thanks! -Greg
Hi Gregory, I see few things, start here : from smb.conf remove : map to guest = Bad User This enabled on a domain member or other domain server is really a no go. This makes debugging really hard. interpret_string_addr_internal: getaddrinfo failed for name> freenas.ad.abc.local (flags 1026) [hostname nor servname > provided, or not known]Looks like there are resolving problems. On the server run : Command result. hostname -s hostname hostname -f hostname.fqdn.tld hostname -d fqdn.tld Check /etc/resolv.conf should look bit like this.: search ad.abc.local nameserver ip_of_DC /etc/hosts should contain 127.0.0.1 localhost Ip_server hostname.fqdn.tld hostname These need to be fixed first before you can even look at the profile problems. Try above, if its not working, show the log also again. I've not talked about this part yet. [2019/01/24 10:36:41.307733, 3]> ../source3/smbd/msdfs.c:1008(get_referred_path) > get_referred_path: |rm-profiles| in dfs path > \rm-freenas\rm-profiles is not a dfs root. > [2019/01/24 10:36:41.307752, 3] > ../source3/smbd/smb2_server.c:3115(smbd_smb2_request_error_ex) > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: > idx[1] status[NT_STATUS_NOT_FOUND] || at > ../source3/smbd/smb2_ioctl.c:309 > [2019/01/24 10:36:41.308242, 3] > ../lib/util/access.c:361(allow_access) > Allowed connection from 10.8.20.60 (10.8.20.60) > [2019/01/24 10:36:41.308296, 3] > ../source3/smbd/service.c:595(make_connection_snum) > Connect path is '/mnt/abc-zfs-01/ad-profiles' for service > [rm-profiles]Or [2019/01/24 10:36:40.226842, 3]> ../source3/param/loadparm.c:1598(lp_add_ipc) > adding IPC service > [2019/01/24 10:36:40.227541, 3] > ../source3/smbd/password.c:144(register_homes_share) > Adding homes service for user 'AD\desktop-ad-test$' using > home directory: '/home/AD/desktop-ad-test_'This "computer" gets a homedir? [2019/01/24 10:36:41.378677, 3]> ../source3/smbd/smb2_server.c:3115(smbd_smb2_request_error_ex) > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: > idx[1] status[NT_STATUS_INVALID_INFO_CLASS] || at > ../source3/smbd/smb2_getinfo.c:154 > [2019/01/24 10:36:41.382830, 2] > ../source3/smbd/close.c:789(close_normal_file)And the most important one i think.> AD\toysales01 closed file > user-profiles/toysales01.V6/6A6DCA49-668C-4DD1-8A7F-9D5B61E8EE > 92.tmp (numopen=0) NT_STATUS_OK > [2019/01/24 10:36:41.385800, 3] > ../source3/smbd/nttrans.c:2036(smbd_do_query_security_desc) > smbd_do_query_security_desc: sd_size = 48. > [2019/01/24 10:36:41.385816, 3] > ../source3/smbd/smb2_server.c:3115(smbd_smb2_request_error_ex) > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: > idx[1] status[NT_STATUS_BUFFER_TOO_SMALL] | +info| at > ../source3/smbd/smb2_getinfo.c:171 > [2019/01/24 10:36:41.388014, 3] > ../source3/smbd/nttrans.c:2036(smbd_do_query_security_desc) > smbd_do_query_security_desc: sd_size = 48. > [2019/01/24 10:36:50.919650, 3] > ../source3/smbd/service.c:1120(close_cnum) > 10.8.20.60 (ipv4:10.8.20.60:52251) closed connection to service IPC$A "about same problem" https://lists.samba.org/archive/samba/2018-October/219106.html His solution. I restarted the setup with this documentation https://www.tecmint.com/install-samba4-active-directory-ubuntu/ . The problem was that pam was badly set and could not recognize samba users. For example: id Administrator, did not recognize by the user. BIG NOTE HERE: id Administrator should NEVER work. Yes its possible, but thats a complete different config and not supported. Why id Administrator should never work, because Administrator = root = 0 Which samba version where you running. It looks a bit like : https://forge.univention.org/bugzilla/show_bug.cgi?id=34973 For me, this looks like a problem due to resolving issues. That needs to be fixed first. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Gregory Sloop via samba > Verzonden: donderdag 24 januari 2019 21:32 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] GPO / Sysvol problems > > And this is some Samba logs from a connect where the profile > isn't handled properly. > > Near the end, it looks like Samba resets this connection... > (I could be wrong - I know nothing about how to read Samba logs.) > > --- > [2019/01/24 10:36:38.097773, 3] > ../lib/util/access.c:361(allow_access) > Allowed connection from 10.8.20.60 (10.8.20.60) > [2019/01/24 10:36:38.097869, 3] > ../source3/smbd/oplock.c:1329(init_oplocks) > init_oplocks: initializing messages. > [2019/01/24 10:36:38.097940, 3] > ../source3/smbd/process.c:1959(process_smb) > Transaction 0 of length 178 (0 toread) > [2019/01/24 10:36:38.098082, 3] > ../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot) > Selected protocol SMB3_11 > [2019/01/24 10:36:38.633900, 3] > ../lib/util/util_net.c:256(interpret_string_addr_internal) > interpret_string_addr_internal: getaddrinfo failed for name > freenas.ad.abc.local (flags 1026) [hostname nor servname > provided, or not known] > [2019/01/24 10:36:38.633920, 3] > ../source3/lib/util_sock.c:1187(get_mydnsfullname) > get_mydnsfullname: getaddrinfo failed for name > freenas.ad.abc.local [Success] > [2019/01/24 10:36:39.141647, 3] > ../lib/util/util_net.c:256(interpret_string_addr_internal) > interpret_string_addr_internal: getaddrinfo failed for name > freenas.ad.abc.local (flags 1026) [hostname nor servname > provided, or not known] > [2019/01/24 10:36:39.141662, 3] > ../source3/lib/util_sock.c:1187(get_mydnsfullname) > get_mydnsfullname: getaddrinfo failed for name > freenas.ad.abc.local [Success] > [2019/01/24 10:36:39.142241, 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'gssapi_spnego' registered > [2019/01/24 10:36:39.142266, 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'gssapi_krb5' registered > [2019/01/24 10:36:39.142278, 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'gssapi_krb5_sasl' registered > [2019/01/24 10:36:39.142292, 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'spnego' registered > [2019/01/24 10:36:39.142302, 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'schannel' registered > [2019/01/24 10:36:39.142313, 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'naclrpc_as_system' registered > [2019/01/24 10:36:39.142322, 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'sasl-EXTERNAL' registered > [2019/01/24 10:36:39.142333, 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'ntlmssp' registered > [2019/01/24 10:36:39.142342, 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'ntlmssp_resume_ccache' registered > [2019/01/24 10:36:39.142351, 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'http_basic' registered > [2019/01/24 10:36:39.142360, 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'http_ntlm' registered > [2019/01/24 10:36:39.142369, 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'krb5' registered > [2019/01/24 10:36:39.142379, 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'fake_gssapi_krb5' registered > [2019/01/24 10:36:39.681807, 3] > ../lib/util/util_net.c:256(interpret_string_addr_internal) > interpret_string_addr_internal: getaddrinfo failed for name > freenas.ad.abc.local (flags 1026) [hostname nor servname > provided, or not known] > [2019/01/24 10:36:39.681821, 3] > ../source3/lib/util_sock.c:1187(get_mydnsfullname) > get_mydnsfullname: getaddrinfo failed for name > freenas.ad.abc.local [Success] > [2019/01/24 10:36:40.217351, 3] > ../lib/util/util_net.c:256(interpret_string_addr_internal) > interpret_string_addr_internal: getaddrinfo failed for name > freenas.ad.abc.local (flags 1026) [hostname nor servname > provided, or not known] > [2019/01/24 10:36:40.217370, 3] > ../source3/lib/util_sock.c:1187(get_mydnsfullname) > get_mydnsfullname: getaddrinfo failed for name > freenas.ad.abc.local [Success] > [2019/01/24 10:36:40.220635, 3] > ../auth/kerberos/kerberos_pac.c:409(kerberos_decode_pac) > Found account name from PAC: DESKTOP-AD-TEST$ [] > [2019/01/24 10:36:40.220656, 3] > ../source3/auth/user_krb5.c:51(get_user_from_kerberos_info) > Kerberos ticket principal name is [DESKTOP-AD-TEST$@AD.ABC.LOCAL] > [2019/01/24 10:36:40.225072, 3] > ../source3/param/loadparm.c:3856(lp_load_ex) > lp_load_ex: refreshing parameters > [2019/01/24 10:36:40.225141, 3] > ../source3/param/loadparm.c:543(init_globals) > Initialising global parameters > [2019/01/24 10:36:40.225251, 3] > ../source3/param/loadparm.c:2770(lp_do_section) > Processing section "[global]" > [2019/01/24 10:36:40.226327, 2] > ../source3/param/loadparm.c:2787(lp_do_section) > Processing section "[rm-profiles]" > [2019/01/24 10:36:40.226584, 2] > ../source3/param/loadparm.c:2787(lp_do_section) > Processing section "[abc-share1]" > [2019/01/24 10:36:40.226842, 3] > ../source3/param/loadparm.c:1598(lp_add_ipc) > adding IPC service > [2019/01/24 10:36:40.227541, 3] > ../source3/smbd/password.c:144(register_homes_share) > Adding homes service for user 'AD\desktop-ad-test$' using > home directory: '/home/AD/desktop-ad-test_' > [2019/01/24 10:36:40.231677, 3] > ../lib/util/access.c:361(allow_access) > Allowed connection from 10.8.20.60 (10.8.20.60) > [2019/01/24 10:36:40.231737, 3] > ../source3/smbd/service.c:595(make_connection_snum) > Connect path is '/tmp' for service [IPC$] > [2019/01/24 10:36:40.231765, 3] > ../source3/smbd/vfs.c:113(vfs_init_default) > Initialising default vfs hooks > [2019/01/24 10:36:40.231777, 3] > ../source3/smbd/vfs.c:139(vfs_init_custom) > Initialising custom vfs hooks from [/[Default VFS]/] > [2019/01/24 10:36:40.231904, 3] > ../source3/smbd/service.c:841(make_connection_snum) > 10.8.20.60 (ipv4:10.8.20.60:52251) connect to service IPC$ > initially as user AD\desktop-ad-test$ (uid=21606, gid=20515) > (pid 67748) > [2019/01/24 10:36:40.233495, 3] > ../source3/rpc_server/srv_pipe.c:748(api_pipe_bind_req) > api_pipe_bind_req: srvsvc -> srvsvc rpc service > [2019/01/24 10:36:40.233511, 3] > ../source3/rpc_server/srv_pipe.c:356(check_bind_req) > check_bind_req for srvsvc context_id=0 > [2019/01/24 10:36:40.233520, 3] > ../source3/rpc_server/srv_pipe.c:399(check_bind_req) > check_bind_req: srvsvc -> srvsvc rpc service > [2019/01/24 10:36:40.234149, 3] > ../source3/rpc_server/srv_pipe.c:1528(api_rpcTNP) > api_rpcTNP: rpc command: SRVSVC_NETSHAREGETINFO > [2019/01/24 10:36:40.780134, 3] > ../lib/util/util_net.c:256(interpret_string_addr_internal) > interpret_string_addr_internal: getaddrinfo failed for name > freenas.ad.abc.local (flags 1026) [hostname nor servname > provided, or not known] > [2019/01/24 10:36:40.780148, 3] > ../source3/lib/util_sock.c:1187(get_mydnsfullname) > get_mydnsfullname: getaddrinfo failed for name > freenas.ad.abc.local [Success] > [2019/01/24 10:36:41.295431, 3] > ../lib/util/util_net.c:256(interpret_string_addr_internal) > interpret_string_addr_internal: getaddrinfo failed for name > freenas.ad.abc.local (flags 1026) [hostname nor servname > provided, or not known] > [2019/01/24 10:36:41.295446, 3] > ../source3/lib/util_sock.c:1187(get_mydnsfullname) > get_mydnsfullname: getaddrinfo failed for name > freenas.ad.abc.local [Success] > [2019/01/24 10:36:41.296440, 3] > ../auth/kerberos/kerberos_pac.c:409(kerberos_decode_pac) > Found account name from PAC: toysales01 [] > [2019/01/24 10:36:41.296458, 3] > ../source3/auth/user_krb5.c:51(get_user_from_kerberos_info) > Kerberos ticket principal name is [toysales01 at AD.ABC.LOCAL] > [2019/01/24 10:36:41.300497, 3] > ../source3/param/loadparm.c:3856(lp_load_ex) > lp_load_ex: refreshing parameters > [2019/01/24 10:36:41.300544, 3] > ../source3/param/loadparm.c:543(init_globals) > Initialising global parameters > [2019/01/24 10:36:41.300636, 3] > ../source3/param/loadparm.c:2770(lp_do_section) > Processing section "[global]" > [2019/01/24 10:36:41.301696, 2] > ../source3/param/loadparm.c:2787(lp_do_section) > Processing section "[rm-profiles]" > [2019/01/24 10:36:41.301946, 2] > ../source3/param/loadparm.c:2787(lp_do_section) > Processing section "[abc-share1]" > [2019/01/24 10:36:41.302203, 3] > ../source3/param/loadparm.c:1598(lp_add_ipc) > adding IPC service > [2019/01/24 10:36:41.302908, 3] > ../source3/smbd/password.c:144(register_homes_share) > Adding homes service for user 'AD\toysales01' using home > directory: '/home/AD/toysales01' > [2019/01/24 10:36:41.307024, 3] > ../lib/util/access.c:361(allow_access) > Allowed connection from 10.8.20.60 (10.8.20.60) > [2019/01/24 10:36:41.307079, 3] > ../source3/smbd/service.c:595(make_connection_snum) > Connect path is '/tmp' for service [IPC$] > [2019/01/24 10:36:41.307105, 3] > ../source3/smbd/vfs.c:113(vfs_init_default) > Initialising default vfs hooks > [2019/01/24 10:36:41.307115, 3] > ../source3/smbd/vfs.c:139(vfs_init_custom) > Initialising custom vfs hooks from [/[Default VFS]/] > [2019/01/24 10:36:41.307213, 3] > ../source3/smbd/service.c:841(make_connection_snum) > 10.8.20.60 (ipv4:10.8.20.60:52251) connect to service IPC$ > initially as user AD\toysales01 (uid=21133, gid=20513) (pid 67748) > [2019/01/24 10:36:41.307733, 3] > ../source3/smbd/msdfs.c:1008(get_referred_path) > get_referred_path: |rm-profiles| in dfs path > \rm-freenas\rm-profiles is not a dfs root. > [2019/01/24 10:36:41.307752, 3] > ../source3/smbd/smb2_server.c:3115(smbd_smb2_request_error_ex) > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: > idx[1] status[NT_STATUS_NOT_FOUND] || at > ../source3/smbd/smb2_ioctl.c:309 > [2019/01/24 10:36:41.308242, 3] > ../lib/util/access.c:361(allow_access) > Allowed connection from 10.8.20.60 (10.8.20.60) > [2019/01/24 10:36:41.308296, 3] > ../source3/smbd/service.c:595(make_connection_snum) > Connect path is '/mnt/abc-zfs-01/ad-profiles' for service > [rm-profiles] > [2019/01/24 10:36:41.308328, 3] > ../source3/smbd/vfs.c:113(vfs_init_default) > Initialising default vfs hooks > [2019/01/24 10:36:41.308338, 3] > ../source3/smbd/vfs.c:139(vfs_init_custom) > Initialising custom vfs hooks from [/[Default VFS]/] > [2019/01/24 10:36:41.308349, 3] > ../source3/smbd/vfs.c:139(vfs_init_custom) > Initialising custom vfs hooks from [streams_xattr] > [2019/01/24 10:36:41.308575, 3] > ../lib/util/modules.c:167(load_module_absolute_path) > load_module_absolute_path: Module > '/usr/local/lib/shared-modules/vfs/streams_xattr.so' loaded > [2019/01/24 10:36:41.308595, 3] > ../source3/smbd/vfs.c:139(vfs_init_custom) > Initialising custom vfs hooks from [zfsacl] > [2019/01/24 10:36:41.308899, 3] > ../lib/util/modules.c:167(load_module_absolute_path) > load_module_absolute_path: Module > '/usr/local/lib/shared-modules/vfs/zfsacl.so' loaded > [2019/01/24 10:36:41.308917, 3] > ../source3/smbd/vfs.c:139(vfs_init_custom) > Initialising custom vfs hooks from [zfs_space] > [2019/01/24 10:36:41.318027, 3] > ../lib/util/modules.c:167(load_module_absolute_path) > load_module_absolute_path: Module > '/usr/local/lib/shared-modules/vfs/zfs_space.so' loaded > [2019/01/24 10:36:41.318207, 2] > ../source3/smbd/service.c:841(make_connection_snum) > 10.8.20.60 (ipv4:10.8.20.60:52251) connect to service > rm-profiles initially as user AD\toysales01 (uid=21133, > gid=20513) (pid 67748) > [2019/01/24 10:36:41.323899, 2] > ../source3/smbd/open.c:1404(open_file) > AD\toysales01 opened file > user-profiles/toysales01.V6/6A6DCA49-668C-4DD1-8A7F-9D5B61E8EE > 92.tmp read=No write=Yes (numopen=1) > [2019/01/24 10:36:41.359714, 3] > ../source3/smbd/smb2_write.c:212(smb2_write_complete_internal) > smb2: fnum 135800876, file > user-profiles/toysales01.V6/6A6DCA49-668C-4DD1-8A7F-9D5B61E8EE > 92.tmp, length=65536 offset=0 wrote=65536 > [2019/01/24 10:36:41.377982, 3] > ../source3/smbd/smb2_write.c:212(smb2_write_complete_internal) > smb2: fnum 135800876, file > user-profiles/toysales01.V6/6A6DCA49-668C-4DD1-8A7F-9D5B61E8EE > 92.tmp, length=200 offset=0 wrote=200 > [2019/01/24 10:36:41.378677, 3] > ../source3/smbd/smb2_server.c:3115(smbd_smb2_request_error_ex) > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: > idx[1] status[NT_STATUS_INVALID_INFO_CLASS] || at > ../source3/smbd/smb2_getinfo.c:154 > [2019/01/24 10:36:41.382830, 2] > ../source3/smbd/close.c:789(close_normal_file) > AD\toysales01 closed file > user-profiles/toysales01.V6/6A6DCA49-668C-4DD1-8A7F-9D5B61E8EE > 92.tmp (numopen=0) NT_STATUS_OK > [2019/01/24 10:36:41.385800, 3] > ../source3/smbd/nttrans.c:2036(smbd_do_query_security_desc) > smbd_do_query_security_desc: sd_size = 48. > [2019/01/24 10:36:41.385816, 3] > ../source3/smbd/smb2_server.c:3115(smbd_smb2_request_error_ex) > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: > idx[1] status[NT_STATUS_BUFFER_TOO_SMALL] | +info| at > ../source3/smbd/smb2_getinfo.c:171 > [2019/01/24 10:36:41.388014, 3] > ../source3/smbd/nttrans.c:2036(smbd_do_query_security_desc) > smbd_do_query_security_desc: sd_size = 48. > [2019/01/24 10:36:50.919650, 3] > ../source3/smbd/service.c:1120(close_cnum) > 10.8.20.60 (ipv4:10.8.20.60:52251) closed connection to service IPC$ > [2019/01/24 10:36:56.279328, 3] > ../source3/smbd/service.c:1120(close_cnum) > 10.8.20.60 (ipv4:10.8.20.60:52251) closed connection to service IPC$ > [2019/01/24 10:36:56.279475, 2] > ../source3/smbd/service.c:1120(close_cnum) > 10.8.20.60 (ipv4:10.8.20.60:52251) closed connection to > service rm-profiles > [2019/01/24 10:36:56.283783, 3] > ../source3/smbd/server_exit.c:248(exit_server_common) > Server exit (NT_STATUS_CONNECTION_RESET) > [2019/01/24 10:36:56.360475, 3] > ../source3/lib/util_procid.c:54(pid_to_procid) > pid_to_procid: messaging_dgm_get_unique failed: No such > file or directory > > --- > > I'm glad to provide more logs, but this seems like the most > relevant portions. > [This is a "full" log, I can step up verbosity to "debug," if needed.] > > Thanks! > > -Greg > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >