Hai, The best info is missing. What are the windows event ID errors? What is the right set on the profiles folder? If you layout is : /home/samba/profiles and you shared the folder profiles, then show me getfacl /home/samba/profiles. I see your running, Samba 4.7, are you able to upgrade to 4.9.4? This: ~# cat default-rights-sysvol.acl # file: /var/lib/samba/sysvol # owner: root # group: root user::rwx user:root:rwx user:3000000:rwx user:3000001:r-x user:3000002:rwx user:3000003:r-x Tells me something. I "should" at least see 2 users names and not only uids? Can you show the smb.conf nsswitch.conf Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland Penny via samba > Verzonden: woensdag 23 januari 2019 22:32 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] GPO / Sysvol problems > > On Wed, 23 Jan 2019 13:02:39 -0800 > Gregory Sloop <gregs at sloop.net> wrote: > > > > > > > RPvs> On Wed, 23 Jan 2019 10:06:52 -0800 > > RPvs> Gregory Sloop via samba <samba at lists.samba.org> wrote: > > > > > > >> RPvs> Have you read this: > > > > >> RPvs> > https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles > > > > >> RPvs> and possibly, this: > > > > >> RPvs> > https://wiki.samba.org/index.php/Configuring_Windows_Profile_F > older_Redirections > > > > >> RPvs> Rowland > > > > >> Yes, and I believe I've done everything properly. > > >> That's where I started. > > > > >> So I think we're back to; What items control file/directory > > >> creation and the default permissions? What should I be > looking at, > > >> or tinkering with? > > > > > > RPvs> Hmm, I am beginning to think the operative word here is > > RPvs> 'freenas', a quick internet search shows a lot of requests for > > RPvs> how to do what you are you are trying to do, but little or no > > RPvs> answers. > > > > RPvs> Can you try having the profiles on a Linux machine ? > > > > RPvs> Rowland > > RPvs> > > So, Rowland [and anyone else following along] - lets see if we can > > forget about that shiny object. Just forget I said FreeNAS. Poof! > > Gone! > > > > Pretend I said I was using FreeBSD, with ZFS, and Samba 4.7.0. > > And, apparently, creating directories for user profiles > goes south in > > some cases. [It works sometimes too, but I can't determine why. I'm > > flipping lots of switches in an effort to make it work, so it may > > well be semi-self induced.] > > > > But if I were that BSD guy - what things would I look at in the > > smb.conf that might have an impact on this situation? How do I > > control the permissions new directories get from Samba? I'd be glad > > for a "here's someone who faced exactly that, and here's > how he fixed > > it." but I'd also be super happy with "Look at these 6 different > > smb.conf items - and here's how I might set them. You might look at > > this VFS module too." > > > > TIA > > -Greg > > I do not use freebsd, but I think you need 'vfs objects > nfs4acl_xattr' for a start, I also think you need to ask > freenas and/or > freebsd. > > That is unless some one has this running and is willing to share the > magic incantations ;-) > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
This is the samba conf file (not on the DC's, but on the box where profiles are being stored - which is where our problem is, IMO) - does anything in here need addressing? [I've slightly sanitized some names.] I'm trying to gather relevant samba logs from this same box, as well as anything that looks relevant from the Windows station event logs. But I thought starting here might be worth-while. I don't see anything that strikes me as really wrong, but I'm pretty out of my comfort zone here. -- [global] server min protocol = SMB2_02 server max protocol = SMB3 interfaces = 127.0.0.1 10.8.22.4 127.0.0.1 bind interfaces only = yes encrypt passwords = yes dns proxy = no strict locking = no oplocks = yes deadtime = 15 max log size = 51200 max open files = 1884710 logging = file load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes getwd cache = yes guest account = nobody map to guest = Bad User obey pam restrictions = yes ntlm auth = no directory name cache size = 0 kernel change notify = no panic action = /usr/local/libexec/samba/samba-backtrace nsupdate command = /usr/local/bin/samba-nsupdate -g server string = FreeNAS Server ea support = yes store dos attributes = yes lm announce = yes unix extensions = no acl allow execute always = true dos filemode = yes multicast dns register = no domain logons = no idmap config *: backend = tdb idmap config *: range = 90000001-100000000 server role = member server workgroup = AD realm = AD.AB.LOCAL security = ADS client use spnego = yes local master = no domain master = no preferred master = no ads dns update = yes winbind cache time = 7200 winbind offline logon = yes winbind enum users = yes winbind enum groups = yes winbind nested groups = yes winbind use default domain = no winbind refresh tickets = yes idmap config AD: backend = rid idmap config AD: range = 20000-90000000 allow trusted domains = no client ldap sasl wrapping = plain template shell = /bin/sh template homedir = /home/%D/%U netbios name = AB-FREENAS netbios aliases = AB-FREENAS create mask = 0666 directory mask = 0777 client ntlmv2 auth = yes dos charset = CP437 unix charset = UTF-8 log level = 3 [ab-profiles] path = "/mnt/abac-zfs-01/ad-profiles" comment = ab-profiles printable = no veto files = /.snapshot/.windows/.mac/.zfs/ writeable = yes browseable = yes access based share enum = no vfs objects = zfs_space zfsacl streams_xattr hide dot files = no guest ok = no nfs4:mode = special nfs4:acedup = merge nfs4:chown = true zfsacl:acesort = dontcare [abac-share1] path = "/mnt/abac-zfs-01/ad-shared-folders" comment = abac-share1 printable = no veto files = /.snapshot/.windows/.mac/.zfs/ writeable = yes browseable = yes access based share enum = no vfs objects = acl_xattr zfs_space zfsacl streams_xattr hide dot files = no guest ok = no nfs4:mode = special nfs4:acedup = merge nfs4:chown = true zfsacl:acesort = dontcare
And this is some Samba logs from a connect where the profile isn't handled properly. Near the end, it looks like Samba resets this connection... (I could be wrong - I know nothing about how to read Samba logs.) --- [2019/01/24 10:36:38.097773, 3] ../lib/util/access.c:361(allow_access) Allowed connection from 10.8.20.60 (10.8.20.60) [2019/01/24 10:36:38.097869, 3] ../source3/smbd/oplock.c:1329(init_oplocks) init_oplocks: initializing messages. [2019/01/24 10:36:38.097940, 3] ../source3/smbd/process.c:1959(process_smb) Transaction 0 of length 178 (0 toread) [2019/01/24 10:36:38.098082, 3] ../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot) Selected protocol SMB3_11 [2019/01/24 10:36:38.633900, 3] ../lib/util/util_net.c:256(interpret_string_addr_internal) interpret_string_addr_internal: getaddrinfo failed for name freenas.ad.abc.local (flags 1026) [hostname nor servname provided, or not known] [2019/01/24 10:36:38.633920, 3] ../source3/lib/util_sock.c:1187(get_mydnsfullname) get_mydnsfullname: getaddrinfo failed for name freenas.ad.abc.local [Success] [2019/01/24 10:36:39.141647, 3] ../lib/util/util_net.c:256(interpret_string_addr_internal) interpret_string_addr_internal: getaddrinfo failed for name freenas.ad.abc.local (flags 1026) [hostname nor servname provided, or not known] [2019/01/24 10:36:39.141662, 3] ../source3/lib/util_sock.c:1187(get_mydnsfullname) get_mydnsfullname: getaddrinfo failed for name freenas.ad.abc.local [Success] [2019/01/24 10:36:39.142241, 3] ../auth/gensec/gensec_start.c:977(gensec_register) GENSEC backend 'gssapi_spnego' registered [2019/01/24 10:36:39.142266, 3] ../auth/gensec/gensec_start.c:977(gensec_register) GENSEC backend 'gssapi_krb5' registered [2019/01/24 10:36:39.142278, 3] ../auth/gensec/gensec_start.c:977(gensec_register) GENSEC backend 'gssapi_krb5_sasl' registered [2019/01/24 10:36:39.142292, 3] ../auth/gensec/gensec_start.c:977(gensec_register) GENSEC backend 'spnego' registered [2019/01/24 10:36:39.142302, 3] ../auth/gensec/gensec_start.c:977(gensec_register) GENSEC backend 'schannel' registered [2019/01/24 10:36:39.142313, 3] ../auth/gensec/gensec_start.c:977(gensec_register) GENSEC backend 'naclrpc_as_system' registered [2019/01/24 10:36:39.142322, 3] ../auth/gensec/gensec_start.c:977(gensec_register) GENSEC backend 'sasl-EXTERNAL' registered [2019/01/24 10:36:39.142333, 3] ../auth/gensec/gensec_start.c:977(gensec_register) GENSEC backend 'ntlmssp' registered [2019/01/24 10:36:39.142342, 3] ../auth/gensec/gensec_start.c:977(gensec_register) GENSEC backend 'ntlmssp_resume_ccache' registered [2019/01/24 10:36:39.142351, 3] ../auth/gensec/gensec_start.c:977(gensec_register) GENSEC backend 'http_basic' registered [2019/01/24 10:36:39.142360, 3] ../auth/gensec/gensec_start.c:977(gensec_register) GENSEC backend 'http_ntlm' registered [2019/01/24 10:36:39.142369, 3] ../auth/gensec/gensec_start.c:977(gensec_register) GENSEC backend 'krb5' registered [2019/01/24 10:36:39.142379, 3] ../auth/gensec/gensec_start.c:977(gensec_register) GENSEC backend 'fake_gssapi_krb5' registered [2019/01/24 10:36:39.681807, 3] ../lib/util/util_net.c:256(interpret_string_addr_internal) interpret_string_addr_internal: getaddrinfo failed for name freenas.ad.abc.local (flags 1026) [hostname nor servname provided, or not known] [2019/01/24 10:36:39.681821, 3] ../source3/lib/util_sock.c:1187(get_mydnsfullname) get_mydnsfullname: getaddrinfo failed for name freenas.ad.abc.local [Success] [2019/01/24 10:36:40.217351, 3] ../lib/util/util_net.c:256(interpret_string_addr_internal) interpret_string_addr_internal: getaddrinfo failed for name freenas.ad.abc.local (flags 1026) [hostname nor servname provided, or not known] [2019/01/24 10:36:40.217370, 3] ../source3/lib/util_sock.c:1187(get_mydnsfullname) get_mydnsfullname: getaddrinfo failed for name freenas.ad.abc.local [Success] [2019/01/24 10:36:40.220635, 3] ../auth/kerberos/kerberos_pac.c:409(kerberos_decode_pac) Found account name from PAC: DESKTOP-AD-TEST$ [] [2019/01/24 10:36:40.220656, 3] ../source3/auth/user_krb5.c:51(get_user_from_kerberos_info) Kerberos ticket principal name is [DESKTOP-AD-TEST$@AD.ABC.LOCAL] [2019/01/24 10:36:40.225072, 3] ../source3/param/loadparm.c:3856(lp_load_ex) lp_load_ex: refreshing parameters [2019/01/24 10:36:40.225141, 3] ../source3/param/loadparm.c:543(init_globals) Initialising global parameters [2019/01/24 10:36:40.225251, 3] ../source3/param/loadparm.c:2770(lp_do_section) Processing section "[global]" [2019/01/24 10:36:40.226327, 2] ../source3/param/loadparm.c:2787(lp_do_section) Processing section "[rm-profiles]" [2019/01/24 10:36:40.226584, 2] ../source3/param/loadparm.c:2787(lp_do_section) Processing section "[abc-share1]" [2019/01/24 10:36:40.226842, 3] ../source3/param/loadparm.c:1598(lp_add_ipc) adding IPC service [2019/01/24 10:36:40.227541, 3] ../source3/smbd/password.c:144(register_homes_share) Adding homes service for user 'AD\desktop-ad-test$' using home directory: '/home/AD/desktop-ad-test_' [2019/01/24 10:36:40.231677, 3] ../lib/util/access.c:361(allow_access) Allowed connection from 10.8.20.60 (10.8.20.60) [2019/01/24 10:36:40.231737, 3] ../source3/smbd/service.c:595(make_connection_snum) Connect path is '/tmp' for service [IPC$] [2019/01/24 10:36:40.231765, 3] ../source3/smbd/vfs.c:113(vfs_init_default) Initialising default vfs hooks [2019/01/24 10:36:40.231777, 3] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2019/01/24 10:36:40.231904, 3] ../source3/smbd/service.c:841(make_connection_snum) 10.8.20.60 (ipv4:10.8.20.60:52251) connect to service IPC$ initially as user AD\desktop-ad-test$ (uid=21606, gid=20515) (pid 67748) [2019/01/24 10:36:40.233495, 3] ../source3/rpc_server/srv_pipe.c:748(api_pipe_bind_req) api_pipe_bind_req: srvsvc -> srvsvc rpc service [2019/01/24 10:36:40.233511, 3] ../source3/rpc_server/srv_pipe.c:356(check_bind_req) check_bind_req for srvsvc context_id=0 [2019/01/24 10:36:40.233520, 3] ../source3/rpc_server/srv_pipe.c:399(check_bind_req) check_bind_req: srvsvc -> srvsvc rpc service [2019/01/24 10:36:40.234149, 3] ../source3/rpc_server/srv_pipe.c:1528(api_rpcTNP) api_rpcTNP: rpc command: SRVSVC_NETSHAREGETINFO [2019/01/24 10:36:40.780134, 3] ../lib/util/util_net.c:256(interpret_string_addr_internal) interpret_string_addr_internal: getaddrinfo failed for name freenas.ad.abc.local (flags 1026) [hostname nor servname provided, or not known] [2019/01/24 10:36:40.780148, 3] ../source3/lib/util_sock.c:1187(get_mydnsfullname) get_mydnsfullname: getaddrinfo failed for name freenas.ad.abc.local [Success] [2019/01/24 10:36:41.295431, 3] ../lib/util/util_net.c:256(interpret_string_addr_internal) interpret_string_addr_internal: getaddrinfo failed for name freenas.ad.abc.local (flags 1026) [hostname nor servname provided, or not known] [2019/01/24 10:36:41.295446, 3] ../source3/lib/util_sock.c:1187(get_mydnsfullname) get_mydnsfullname: getaddrinfo failed for name freenas.ad.abc.local [Success] [2019/01/24 10:36:41.296440, 3] ../auth/kerberos/kerberos_pac.c:409(kerberos_decode_pac) Found account name from PAC: toysales01 [] [2019/01/24 10:36:41.296458, 3] ../source3/auth/user_krb5.c:51(get_user_from_kerberos_info) Kerberos ticket principal name is [toysales01 at AD.ABC.LOCAL] [2019/01/24 10:36:41.300497, 3] ../source3/param/loadparm.c:3856(lp_load_ex) lp_load_ex: refreshing parameters [2019/01/24 10:36:41.300544, 3] ../source3/param/loadparm.c:543(init_globals) Initialising global parameters [2019/01/24 10:36:41.300636, 3] ../source3/param/loadparm.c:2770(lp_do_section) Processing section "[global]" [2019/01/24 10:36:41.301696, 2] ../source3/param/loadparm.c:2787(lp_do_section) Processing section "[rm-profiles]" [2019/01/24 10:36:41.301946, 2] ../source3/param/loadparm.c:2787(lp_do_section) Processing section "[abc-share1]" [2019/01/24 10:36:41.302203, 3] ../source3/param/loadparm.c:1598(lp_add_ipc) adding IPC service [2019/01/24 10:36:41.302908, 3] ../source3/smbd/password.c:144(register_homes_share) Adding homes service for user 'AD\toysales01' using home directory: '/home/AD/toysales01' [2019/01/24 10:36:41.307024, 3] ../lib/util/access.c:361(allow_access) Allowed connection from 10.8.20.60 (10.8.20.60) [2019/01/24 10:36:41.307079, 3] ../source3/smbd/service.c:595(make_connection_snum) Connect path is '/tmp' for service [IPC$] [2019/01/24 10:36:41.307105, 3] ../source3/smbd/vfs.c:113(vfs_init_default) Initialising default vfs hooks [2019/01/24 10:36:41.307115, 3] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2019/01/24 10:36:41.307213, 3] ../source3/smbd/service.c:841(make_connection_snum) 10.8.20.60 (ipv4:10.8.20.60:52251) connect to service IPC$ initially as user AD\toysales01 (uid=21133, gid=20513) (pid 67748) [2019/01/24 10:36:41.307733, 3] ../source3/smbd/msdfs.c:1008(get_referred_path) get_referred_path: |rm-profiles| in dfs path \rm-freenas\rm-profiles is not a dfs root. [2019/01/24 10:36:41.307752, 3] ../source3/smbd/smb2_server.c:3115(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:309 [2019/01/24 10:36:41.308242, 3] ../lib/util/access.c:361(allow_access) Allowed connection from 10.8.20.60 (10.8.20.60) [2019/01/24 10:36:41.308296, 3] ../source3/smbd/service.c:595(make_connection_snum) Connect path is '/mnt/abc-zfs-01/ad-profiles' for service [rm-profiles] [2019/01/24 10:36:41.308328, 3] ../source3/smbd/vfs.c:113(vfs_init_default) Initialising default vfs hooks [2019/01/24 10:36:41.308338, 3] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2019/01/24 10:36:41.308349, 3] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising custom vfs hooks from [streams_xattr] [2019/01/24 10:36:41.308575, 3] ../lib/util/modules.c:167(load_module_absolute_path) load_module_absolute_path: Module '/usr/local/lib/shared-modules/vfs/streams_xattr.so' loaded [2019/01/24 10:36:41.308595, 3] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising custom vfs hooks from [zfsacl] [2019/01/24 10:36:41.308899, 3] ../lib/util/modules.c:167(load_module_absolute_path) load_module_absolute_path: Module '/usr/local/lib/shared-modules/vfs/zfsacl.so' loaded [2019/01/24 10:36:41.308917, 3] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising custom vfs hooks from [zfs_space] [2019/01/24 10:36:41.318027, 3] ../lib/util/modules.c:167(load_module_absolute_path) load_module_absolute_path: Module '/usr/local/lib/shared-modules/vfs/zfs_space.so' loaded [2019/01/24 10:36:41.318207, 2] ../source3/smbd/service.c:841(make_connection_snum) 10.8.20.60 (ipv4:10.8.20.60:52251) connect to service rm-profiles initially as user AD\toysales01 (uid=21133, gid=20513) (pid 67748) [2019/01/24 10:36:41.323899, 2] ../source3/smbd/open.c:1404(open_file) AD\toysales01 opened file user-profiles/toysales01.V6/6A6DCA49-668C-4DD1-8A7F-9D5B61E8EE92.tmp read=No write=Yes (numopen=1) [2019/01/24 10:36:41.359714, 3] ../source3/smbd/smb2_write.c:212(smb2_write_complete_internal) smb2: fnum 135800876, file user-profiles/toysales01.V6/6A6DCA49-668C-4DD1-8A7F-9D5B61E8EE92.tmp, length=65536 offset=0 wrote=65536 [2019/01/24 10:36:41.377982, 3] ../source3/smbd/smb2_write.c:212(smb2_write_complete_internal) smb2: fnum 135800876, file user-profiles/toysales01.V6/6A6DCA49-668C-4DD1-8A7F-9D5B61E8EE92.tmp, length=200 offset=0 wrote=200 [2019/01/24 10:36:41.378677, 3] ../source3/smbd/smb2_server.c:3115(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_INVALID_INFO_CLASS] || at ../source3/smbd/smb2_getinfo.c:154 [2019/01/24 10:36:41.382830, 2] ../source3/smbd/close.c:789(close_normal_file) AD\toysales01 closed file user-profiles/toysales01.V6/6A6DCA49-668C-4DD1-8A7F-9D5B61E8EE92.tmp (numopen=0) NT_STATUS_OK [2019/01/24 10:36:41.385800, 3] ../source3/smbd/nttrans.c:2036(smbd_do_query_security_desc) smbd_do_query_security_desc: sd_size = 48. [2019/01/24 10:36:41.385816, 3] ../source3/smbd/smb2_server.c:3115(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_BUFFER_TOO_SMALL] | +info| at ../source3/smbd/smb2_getinfo.c:171 [2019/01/24 10:36:41.388014, 3] ../source3/smbd/nttrans.c:2036(smbd_do_query_security_desc) smbd_do_query_security_desc: sd_size = 48. [2019/01/24 10:36:50.919650, 3] ../source3/smbd/service.c:1120(close_cnum) 10.8.20.60 (ipv4:10.8.20.60:52251) closed connection to service IPC$ [2019/01/24 10:36:56.279328, 3] ../source3/smbd/service.c:1120(close_cnum) 10.8.20.60 (ipv4:10.8.20.60:52251) closed connection to service IPC$ [2019/01/24 10:36:56.279475, 2] ../source3/smbd/service.c:1120(close_cnum) 10.8.20.60 (ipv4:10.8.20.60:52251) closed connection to service rm-profiles [2019/01/24 10:36:56.283783, 3] ../source3/smbd/server_exit.c:248(exit_server_common) Server exit (NT_STATUS_CONNECTION_RESET) [2019/01/24 10:36:56.360475, 3] ../source3/lib/util_procid.c:54(pid_to_procid) pid_to_procid: messaging_dgm_get_unique failed: No such file or directory --- I'm glad to provide more logs, but this seems like the most relevant portions. [This is a "full" log, I can step up verbosity to "debug," if needed.] Thanks! -Greg
Hi Gregory, I see few things, start here : from smb.conf remove : map to guest = Bad User This enabled on a domain member or other domain server is really a no go. This makes debugging really hard. interpret_string_addr_internal: getaddrinfo failed for name> freenas.ad.abc.local (flags 1026) [hostname nor servname > provided, or not known]Looks like there are resolving problems. On the server run : Command result. hostname -s hostname hostname -f hostname.fqdn.tld hostname -d fqdn.tld Check /etc/resolv.conf should look bit like this.: search ad.abc.local nameserver ip_of_DC /etc/hosts should contain 127.0.0.1 localhost Ip_server hostname.fqdn.tld hostname These need to be fixed first before you can even look at the profile problems. Try above, if its not working, show the log also again. I've not talked about this part yet. [2019/01/24 10:36:41.307733, 3]> ../source3/smbd/msdfs.c:1008(get_referred_path) > get_referred_path: |rm-profiles| in dfs path > \rm-freenas\rm-profiles is not a dfs root. > [2019/01/24 10:36:41.307752, 3] > ../source3/smbd/smb2_server.c:3115(smbd_smb2_request_error_ex) > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: > idx[1] status[NT_STATUS_NOT_FOUND] || at > ../source3/smbd/smb2_ioctl.c:309 > [2019/01/24 10:36:41.308242, 3] > ../lib/util/access.c:361(allow_access) > Allowed connection from 10.8.20.60 (10.8.20.60) > [2019/01/24 10:36:41.308296, 3] > ../source3/smbd/service.c:595(make_connection_snum) > Connect path is '/mnt/abc-zfs-01/ad-profiles' for service > [rm-profiles]Or [2019/01/24 10:36:40.226842, 3]> ../source3/param/loadparm.c:1598(lp_add_ipc) > adding IPC service > [2019/01/24 10:36:40.227541, 3] > ../source3/smbd/password.c:144(register_homes_share) > Adding homes service for user 'AD\desktop-ad-test$' using > home directory: '/home/AD/desktop-ad-test_'This "computer" gets a homedir? [2019/01/24 10:36:41.378677, 3]> ../source3/smbd/smb2_server.c:3115(smbd_smb2_request_error_ex) > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: > idx[1] status[NT_STATUS_INVALID_INFO_CLASS] || at > ../source3/smbd/smb2_getinfo.c:154 > [2019/01/24 10:36:41.382830, 2] > ../source3/smbd/close.c:789(close_normal_file)And the most important one i think.> AD\toysales01 closed file > user-profiles/toysales01.V6/6A6DCA49-668C-4DD1-8A7F-9D5B61E8EE > 92.tmp (numopen=0) NT_STATUS_OK > [2019/01/24 10:36:41.385800, 3] > ../source3/smbd/nttrans.c:2036(smbd_do_query_security_desc) > smbd_do_query_security_desc: sd_size = 48. > [2019/01/24 10:36:41.385816, 3] > ../source3/smbd/smb2_server.c:3115(smbd_smb2_request_error_ex) > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: > idx[1] status[NT_STATUS_BUFFER_TOO_SMALL] | +info| at > ../source3/smbd/smb2_getinfo.c:171 > [2019/01/24 10:36:41.388014, 3] > ../source3/smbd/nttrans.c:2036(smbd_do_query_security_desc) > smbd_do_query_security_desc: sd_size = 48. > [2019/01/24 10:36:50.919650, 3] > ../source3/smbd/service.c:1120(close_cnum) > 10.8.20.60 (ipv4:10.8.20.60:52251) closed connection to service IPC$A "about same problem" https://lists.samba.org/archive/samba/2018-October/219106.html His solution. I restarted the setup with this documentation https://www.tecmint.com/install-samba4-active-directory-ubuntu/ . The problem was that pam was badly set and could not recognize samba users. For example: id Administrator, did not recognize by the user. BIG NOTE HERE: id Administrator should NEVER work. Yes its possible, but thats a complete different config and not supported. Why id Administrator should never work, because Administrator = root = 0 Which samba version where you running. It looks a bit like : https://forge.univention.org/bugzilla/show_bug.cgi?id=34973 For me, this looks like a problem due to resolving issues. That needs to be fixed first. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Gregory Sloop via samba > Verzonden: donderdag 24 januari 2019 21:32 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] GPO / Sysvol problems > > And this is some Samba logs from a connect where the profile > isn't handled properly. > > Near the end, it looks like Samba resets this connection... > (I could be wrong - I know nothing about how to read Samba logs.) > > --- > [2019/01/24 10:36:38.097773, 3] > ../lib/util/access.c:361(allow_access) > Allowed connection from 10.8.20.60 (10.8.20.60) > [2019/01/24 10:36:38.097869, 3] > ../source3/smbd/oplock.c:1329(init_oplocks) > init_oplocks: initializing messages. > [2019/01/24 10:36:38.097940, 3] > ../source3/smbd/process.c:1959(process_smb) > Transaction 0 of length 178 (0 toread) > [2019/01/24 10:36:38.098082, 3] > ../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot) > Selected protocol SMB3_11 > [2019/01/24 10:36:38.633900, 3] > ../lib/util/util_net.c:256(interpret_string_addr_internal) > interpret_string_addr_internal: getaddrinfo failed for name > freenas.ad.abc.local (flags 1026) [hostname nor servname > provided, or not known] > [2019/01/24 10:36:38.633920, 3] > ../source3/lib/util_sock.c:1187(get_mydnsfullname) > get_mydnsfullname: getaddrinfo failed for name > freenas.ad.abc.local [Success] > [2019/01/24 10:36:39.141647, 3] > ../lib/util/util_net.c:256(interpret_string_addr_internal) > interpret_string_addr_internal: getaddrinfo failed for name > freenas.ad.abc.local (flags 1026) [hostname nor servname > provided, or not known] > [2019/01/24 10:36:39.141662, 3] > ../source3/lib/util_sock.c:1187(get_mydnsfullname) > get_mydnsfullname: getaddrinfo failed for name > freenas.ad.abc.local [Success] > [2019/01/24 10:36:39.142241, 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'gssapi_spnego' registered > [2019/01/24 10:36:39.142266, 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'gssapi_krb5' registered > [2019/01/24 10:36:39.142278, 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'gssapi_krb5_sasl' registered > [2019/01/24 10:36:39.142292, 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'spnego' registered > [2019/01/24 10:36:39.142302, 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'schannel' registered > [2019/01/24 10:36:39.142313, 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'naclrpc_as_system' registered > [2019/01/24 10:36:39.142322, 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'sasl-EXTERNAL' registered > [2019/01/24 10:36:39.142333, 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'ntlmssp' registered > [2019/01/24 10:36:39.142342, 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'ntlmssp_resume_ccache' registered > [2019/01/24 10:36:39.142351, 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'http_basic' registered > [2019/01/24 10:36:39.142360, 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'http_ntlm' registered > [2019/01/24 10:36:39.142369, 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'krb5' registered > [2019/01/24 10:36:39.142379, 3] > ../auth/gensec/gensec_start.c:977(gensec_register) > GENSEC backend 'fake_gssapi_krb5' registered > [2019/01/24 10:36:39.681807, 3] > ../lib/util/util_net.c:256(interpret_string_addr_internal) > interpret_string_addr_internal: getaddrinfo failed for name > freenas.ad.abc.local (flags 1026) [hostname nor servname > provided, or not known] > [2019/01/24 10:36:39.681821, 3] > ../source3/lib/util_sock.c:1187(get_mydnsfullname) > get_mydnsfullname: getaddrinfo failed for name > freenas.ad.abc.local [Success] > [2019/01/24 10:36:40.217351, 3] > ../lib/util/util_net.c:256(interpret_string_addr_internal) > interpret_string_addr_internal: getaddrinfo failed for name > freenas.ad.abc.local (flags 1026) [hostname nor servname > provided, or not known] > [2019/01/24 10:36:40.217370, 3] > ../source3/lib/util_sock.c:1187(get_mydnsfullname) > get_mydnsfullname: getaddrinfo failed for name > freenas.ad.abc.local [Success] > [2019/01/24 10:36:40.220635, 3] > ../auth/kerberos/kerberos_pac.c:409(kerberos_decode_pac) > Found account name from PAC: DESKTOP-AD-TEST$ [] > [2019/01/24 10:36:40.220656, 3] > ../source3/auth/user_krb5.c:51(get_user_from_kerberos_info) > Kerberos ticket principal name is [DESKTOP-AD-TEST$@AD.ABC.LOCAL] > [2019/01/24 10:36:40.225072, 3] > ../source3/param/loadparm.c:3856(lp_load_ex) > lp_load_ex: refreshing parameters > [2019/01/24 10:36:40.225141, 3] > ../source3/param/loadparm.c:543(init_globals) > Initialising global parameters > [2019/01/24 10:36:40.225251, 3] > ../source3/param/loadparm.c:2770(lp_do_section) > Processing section "[global]" > [2019/01/24 10:36:40.226327, 2] > ../source3/param/loadparm.c:2787(lp_do_section) > Processing section "[rm-profiles]" > [2019/01/24 10:36:40.226584, 2] > ../source3/param/loadparm.c:2787(lp_do_section) > Processing section "[abc-share1]" > [2019/01/24 10:36:40.226842, 3] > ../source3/param/loadparm.c:1598(lp_add_ipc) > adding IPC service > [2019/01/24 10:36:40.227541, 3] > ../source3/smbd/password.c:144(register_homes_share) > Adding homes service for user 'AD\desktop-ad-test$' using > home directory: '/home/AD/desktop-ad-test_' > [2019/01/24 10:36:40.231677, 3] > ../lib/util/access.c:361(allow_access) > Allowed connection from 10.8.20.60 (10.8.20.60) > [2019/01/24 10:36:40.231737, 3] > ../source3/smbd/service.c:595(make_connection_snum) > Connect path is '/tmp' for service [IPC$] > [2019/01/24 10:36:40.231765, 3] > ../source3/smbd/vfs.c:113(vfs_init_default) > Initialising default vfs hooks > [2019/01/24 10:36:40.231777, 3] > ../source3/smbd/vfs.c:139(vfs_init_custom) > Initialising custom vfs hooks from [/[Default VFS]/] > [2019/01/24 10:36:40.231904, 3] > ../source3/smbd/service.c:841(make_connection_snum) > 10.8.20.60 (ipv4:10.8.20.60:52251) connect to service IPC$ > initially as user AD\desktop-ad-test$ (uid=21606, gid=20515) > (pid 67748) > [2019/01/24 10:36:40.233495, 3] > ../source3/rpc_server/srv_pipe.c:748(api_pipe_bind_req) > api_pipe_bind_req: srvsvc -> srvsvc rpc service > [2019/01/24 10:36:40.233511, 3] > ../source3/rpc_server/srv_pipe.c:356(check_bind_req) > check_bind_req for srvsvc context_id=0 > [2019/01/24 10:36:40.233520, 3] > ../source3/rpc_server/srv_pipe.c:399(check_bind_req) > check_bind_req: srvsvc -> srvsvc rpc service > [2019/01/24 10:36:40.234149, 3] > ../source3/rpc_server/srv_pipe.c:1528(api_rpcTNP) > api_rpcTNP: rpc command: SRVSVC_NETSHAREGETINFO > [2019/01/24 10:36:40.780134, 3] > ../lib/util/util_net.c:256(interpret_string_addr_internal) > interpret_string_addr_internal: getaddrinfo failed for name > freenas.ad.abc.local (flags 1026) [hostname nor servname > provided, or not known] > [2019/01/24 10:36:40.780148, 3] > ../source3/lib/util_sock.c:1187(get_mydnsfullname) > get_mydnsfullname: getaddrinfo failed for name > freenas.ad.abc.local [Success] > [2019/01/24 10:36:41.295431, 3] > ../lib/util/util_net.c:256(interpret_string_addr_internal) > interpret_string_addr_internal: getaddrinfo failed for name > freenas.ad.abc.local (flags 1026) [hostname nor servname > provided, or not known] > [2019/01/24 10:36:41.295446, 3] > ../source3/lib/util_sock.c:1187(get_mydnsfullname) > get_mydnsfullname: getaddrinfo failed for name > freenas.ad.abc.local [Success] > [2019/01/24 10:36:41.296440, 3] > ../auth/kerberos/kerberos_pac.c:409(kerberos_decode_pac) > Found account name from PAC: toysales01 [] > [2019/01/24 10:36:41.296458, 3] > ../source3/auth/user_krb5.c:51(get_user_from_kerberos_info) > Kerberos ticket principal name is [toysales01 at AD.ABC.LOCAL] > [2019/01/24 10:36:41.300497, 3] > ../source3/param/loadparm.c:3856(lp_load_ex) > lp_load_ex: refreshing parameters > [2019/01/24 10:36:41.300544, 3] > ../source3/param/loadparm.c:543(init_globals) > Initialising global parameters > [2019/01/24 10:36:41.300636, 3] > ../source3/param/loadparm.c:2770(lp_do_section) > Processing section "[global]" > [2019/01/24 10:36:41.301696, 2] > ../source3/param/loadparm.c:2787(lp_do_section) > Processing section "[rm-profiles]" > [2019/01/24 10:36:41.301946, 2] > ../source3/param/loadparm.c:2787(lp_do_section) > Processing section "[abc-share1]" > [2019/01/24 10:36:41.302203, 3] > ../source3/param/loadparm.c:1598(lp_add_ipc) > adding IPC service > [2019/01/24 10:36:41.302908, 3] > ../source3/smbd/password.c:144(register_homes_share) > Adding homes service for user 'AD\toysales01' using home > directory: '/home/AD/toysales01' > [2019/01/24 10:36:41.307024, 3] > ../lib/util/access.c:361(allow_access) > Allowed connection from 10.8.20.60 (10.8.20.60) > [2019/01/24 10:36:41.307079, 3] > ../source3/smbd/service.c:595(make_connection_snum) > Connect path is '/tmp' for service [IPC$] > [2019/01/24 10:36:41.307105, 3] > ../source3/smbd/vfs.c:113(vfs_init_default) > Initialising default vfs hooks > [2019/01/24 10:36:41.307115, 3] > ../source3/smbd/vfs.c:139(vfs_init_custom) > Initialising custom vfs hooks from [/[Default VFS]/] > [2019/01/24 10:36:41.307213, 3] > ../source3/smbd/service.c:841(make_connection_snum) > 10.8.20.60 (ipv4:10.8.20.60:52251) connect to service IPC$ > initially as user AD\toysales01 (uid=21133, gid=20513) (pid 67748) > [2019/01/24 10:36:41.307733, 3] > ../source3/smbd/msdfs.c:1008(get_referred_path) > get_referred_path: |rm-profiles| in dfs path > \rm-freenas\rm-profiles is not a dfs root. > [2019/01/24 10:36:41.307752, 3] > ../source3/smbd/smb2_server.c:3115(smbd_smb2_request_error_ex) > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: > idx[1] status[NT_STATUS_NOT_FOUND] || at > ../source3/smbd/smb2_ioctl.c:309 > [2019/01/24 10:36:41.308242, 3] > ../lib/util/access.c:361(allow_access) > Allowed connection from 10.8.20.60 (10.8.20.60) > [2019/01/24 10:36:41.308296, 3] > ../source3/smbd/service.c:595(make_connection_snum) > Connect path is '/mnt/abc-zfs-01/ad-profiles' for service > [rm-profiles] > [2019/01/24 10:36:41.308328, 3] > ../source3/smbd/vfs.c:113(vfs_init_default) > Initialising default vfs hooks > [2019/01/24 10:36:41.308338, 3] > ../source3/smbd/vfs.c:139(vfs_init_custom) > Initialising custom vfs hooks from [/[Default VFS]/] > [2019/01/24 10:36:41.308349, 3] > ../source3/smbd/vfs.c:139(vfs_init_custom) > Initialising custom vfs hooks from [streams_xattr] > [2019/01/24 10:36:41.308575, 3] > ../lib/util/modules.c:167(load_module_absolute_path) > load_module_absolute_path: Module > '/usr/local/lib/shared-modules/vfs/streams_xattr.so' loaded > [2019/01/24 10:36:41.308595, 3] > ../source3/smbd/vfs.c:139(vfs_init_custom) > Initialising custom vfs hooks from [zfsacl] > [2019/01/24 10:36:41.308899, 3] > ../lib/util/modules.c:167(load_module_absolute_path) > load_module_absolute_path: Module > '/usr/local/lib/shared-modules/vfs/zfsacl.so' loaded > [2019/01/24 10:36:41.308917, 3] > ../source3/smbd/vfs.c:139(vfs_init_custom) > Initialising custom vfs hooks from [zfs_space] > [2019/01/24 10:36:41.318027, 3] > ../lib/util/modules.c:167(load_module_absolute_path) > load_module_absolute_path: Module > '/usr/local/lib/shared-modules/vfs/zfs_space.so' loaded > [2019/01/24 10:36:41.318207, 2] > ../source3/smbd/service.c:841(make_connection_snum) > 10.8.20.60 (ipv4:10.8.20.60:52251) connect to service > rm-profiles initially as user AD\toysales01 (uid=21133, > gid=20513) (pid 67748) > [2019/01/24 10:36:41.323899, 2] > ../source3/smbd/open.c:1404(open_file) > AD\toysales01 opened file > user-profiles/toysales01.V6/6A6DCA49-668C-4DD1-8A7F-9D5B61E8EE > 92.tmp read=No write=Yes (numopen=1) > [2019/01/24 10:36:41.359714, 3] > ../source3/smbd/smb2_write.c:212(smb2_write_complete_internal) > smb2: fnum 135800876, file > user-profiles/toysales01.V6/6A6DCA49-668C-4DD1-8A7F-9D5B61E8EE > 92.tmp, length=65536 offset=0 wrote=65536 > [2019/01/24 10:36:41.377982, 3] > ../source3/smbd/smb2_write.c:212(smb2_write_complete_internal) > smb2: fnum 135800876, file > user-profiles/toysales01.V6/6A6DCA49-668C-4DD1-8A7F-9D5B61E8EE > 92.tmp, length=200 offset=0 wrote=200 > [2019/01/24 10:36:41.378677, 3] > ../source3/smbd/smb2_server.c:3115(smbd_smb2_request_error_ex) > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: > idx[1] status[NT_STATUS_INVALID_INFO_CLASS] || at > ../source3/smbd/smb2_getinfo.c:154 > [2019/01/24 10:36:41.382830, 2] > ../source3/smbd/close.c:789(close_normal_file) > AD\toysales01 closed file > user-profiles/toysales01.V6/6A6DCA49-668C-4DD1-8A7F-9D5B61E8EE > 92.tmp (numopen=0) NT_STATUS_OK > [2019/01/24 10:36:41.385800, 3] > ../source3/smbd/nttrans.c:2036(smbd_do_query_security_desc) > smbd_do_query_security_desc: sd_size = 48. > [2019/01/24 10:36:41.385816, 3] > ../source3/smbd/smb2_server.c:3115(smbd_smb2_request_error_ex) > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: > idx[1] status[NT_STATUS_BUFFER_TOO_SMALL] | +info| at > ../source3/smbd/smb2_getinfo.c:171 > [2019/01/24 10:36:41.388014, 3] > ../source3/smbd/nttrans.c:2036(smbd_do_query_security_desc) > smbd_do_query_security_desc: sd_size = 48. > [2019/01/24 10:36:50.919650, 3] > ../source3/smbd/service.c:1120(close_cnum) > 10.8.20.60 (ipv4:10.8.20.60:52251) closed connection to service IPC$ > [2019/01/24 10:36:56.279328, 3] > ../source3/smbd/service.c:1120(close_cnum) > 10.8.20.60 (ipv4:10.8.20.60:52251) closed connection to service IPC$ > [2019/01/24 10:36:56.279475, 2] > ../source3/smbd/service.c:1120(close_cnum) > 10.8.20.60 (ipv4:10.8.20.60:52251) closed connection to > service rm-profiles > [2019/01/24 10:36:56.283783, 3] > ../source3/smbd/server_exit.c:248(exit_server_common) > Server exit (NT_STATUS_CONNECTION_RESET) > [2019/01/24 10:36:56.360475, 3] > ../source3/lib/util_procid.c:54(pid_to_procid) > pid_to_procid: messaging_dgm_get_unique failed: No such > file or directory > > --- > > I'm glad to provide more logs, but this seems like the most > relevant portions. > [This is a "full" log, I can step up verbosity to "debug," if needed.] > > Thanks! > > -Greg > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >