Good morning Stefan, Hmm, yes, i notice some things also with the debian 9.8 upgrade, that killed my kopano server. Was a long night yesterday. :-( but fixed. Ive done all my servers here and no samba problems. I do know of more problems with docker. There is a small difference, i dont know exact were, but i detected that on the kopano forum. Kopano builds it packages within docker, the resulting packages did not work correctly without docker. This is a systemd setting thats different.> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Stefan G. Weichinger via samba > Verzonden: vrijdag 22 februari 2019 9:12 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Debian 9.8 and vanbelle-repos > > Am 21.02.19 um 19:19 schrieb Stefan G. Weichinger via samba: > > Am 21.02.19 um 16:51 schrieb Stefan G. Weichinger via samba: > >> Am 21.02.19 um 15:49 schrieb L.P.H. van Belle via samba: > >>> Or... > >>> > >>> Set the creator group option. > >>> > >>> [Daten] > >>> comment = Daten > >>> create mask = 3660 > >>> directory mask = 3770 > >> > >> did so, they test now. thanks > > > > username and groupname aren't "mapped" into stuff like ls , > smbstatus etc > > > > nsswitch.conf?Most probely yes.> > and .... > > somehow something is wrong here and I can't spot it so far > > this morning they couldn't reach samba, after a restart of samba it > worked again > > The only changes this week were: > > * upgrade to debian 9.8 > * installation of docker daemon on that server > > We faced a problem with backup (Amanda ...) as well, so I disabled > docker yesterday evening and flushed the iptables. So docker wasn't up > this morning. > > I know of the option to forbid docker to mess with the iptables ... in > general we ran without any rules on that machine. Will test that. > > But why a failure without rules?I dont know docker so can really tell.> > and why that username issue mentioned above?Thats a good one. Check, nsswitch.conf idmap.conf resolv.conf again. First thing i would try. /etc/idmapd.conf Set these to settings. Domain = interal.dnsdomain.tld Local-Realms = YOURREALM Reboot Ive few servers left to update, i'll do that now and report back.> > Could debian 9.8 have broken something by changing a library or so?Not that i know but the fix list was pretty big compaired to previous ones. But why are you having problems and im not, ill go through some servers here, see if i can find something. Greetz, Louis
Am 22.02.19 um 09:37 schrieb L.P.H. van Belle via samba:> Good morning Stefan, > > Hmm, yes, i notice some things also with the debian 9.8 upgrade, that killed my kopano server. > Was a long night yesterday. :-( but fixed. > > Ive done all my servers here and no samba problems. > I do know of more problems with docker. > There is a small difference, i dont know exact were, but i detected that on the kopano forum. > Kopano builds it packages within docker, the resulting packages did not work correctly without docker. > This is a systemd setting thats different.I can uninstall docker for an A/B test, no containers are needed right now, samba service is way more important. As mentioned docker is stopped and "iptables -F" yesterday evening. nsswitch.conf unchanged, AFAIK. from april 2018: # /etc/nsswitch.conf passwd: compat winbind group: compat winbind shadow: compat gshadow: files hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis
Hai, Well, i did some extra checking, gone throug more logs. ... Nothing. No errors. Sorry, i cant find anything.. Almost all my server run unattended updates, execpt the DC's. I had a few that where waiting for a reboot tomorrow night, all now rebooted, and no problems before and after. So its bit hard to detect whats going on at your side. Are all you servers having this or a few. Whats the difference between these. If a few, compair the installed packages thats what i would do. I dont think it samba to blaim, because i see 15 servers auto-updated without problems. And i cant think of anything expect the packages check, on what's the problem, to start debugging. And i just noticed a new kernel update. From 4.9.144-3.0 to 4.9.144-3.1 Fix boot breakage on 32-bit arm (closes: #922478). But your not running arm 32bit i think ;-) So not much i can help with here i think, sorry.. I can only think of 2 things here. 1) The use of settings in idmap.conf ive shown. 2) use systemd from debian backports, its a try, i have some server with the normal debian stretch version. And some are on the backports version. This depends on the server function, most samba servers are using the default systemd. Now time to eat.... Good lunch everybody. Greetz, Louis
Am 22.02.19 um 12:16 schrieb L.P.H. van Belle via samba:> Hai, > > Well, i did some extra checking, gone throug more logs. > ... Nothing. No errors. Sorry, i cant find anything.. > > Almost all my server run unattended updates, execpt the DC's. > > I had a few that where waiting for a reboot tomorrow night, all now rebooted, > and no problems before and after. > > So its bit hard to detect whats going on at your side. > Are all you servers having this or a few. Whats the difference between these. > > If a few, compair the installed packages thats what i would do. > I dont think it samba to blaim, because i see 15 servers auto-updated without problems. > > And i cant think of anything expect the packages check, on what's the problem, to start debugging. > > And i just noticed a new kernel update. From 4.9.144-3.0 to 4.9.144-3.1 > Fix boot breakage on 32-bit arm (closes: #922478). > But your not running arm 32bit i think ;-) > > So not much i can help with here i think, sorry.. > I can only think of 2 things here. > > 1) The use of settings in idmap.conf ive shown. > 2) use systemd from debian backports, its a try, > i have some server with the normal debian stretch version. > And some are on the backports version. > This depends on the server function, most samba servers are using the default systemd. > > Now time to eat.... > > Good lunch everybody. > > Greetz, > > Louis > >thanks for your testing and help on this. I hop between jobs and customers and don't have too much time for that now. Just looked into winbindd.log: [2019/02/22 13:57:48.758769, 3] ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send) getpwuid 10080 [2019/02/22 13:57:48.770047, 5] ../source3/winbindd/wb_xids2sids.c:565(wb_xids2sids_recv) wb_sids_to_xids failed: NT_STATUS_CONNECTION_REFUSED [2019/02/22 13:57:48.770088, 5] ../source3/winbindd/winbindd_getpwuid.c:111(winbindd_getpwuid_recv) Could not convert sid (NULL SID): NT_STATUS_CONNECTION_REFUSED [2019/02/22 13:57:48.770344, 3] ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send) getgrgid 10513 [2019/02/22 13:57:48.770425, 5] ../source3/winbindd/winbindd_getgrgid.c:116(winbindd_getgrgid_recv) Could not convert sid S-1-22-2-10513: NT_STATUS_INVALID_PARAMETER [2019/02/22 13:57:48.770746, 3] ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send) getpwuid 10092 [2019/02/22 13:57:48.770811, 5] ../source3/winbindd/winbindd_getpwuid.c:111(winbindd_getpwuid_recv) Could not convert sid S-1-22-1-10092: NT_STATUS_INVALID_PARAMETER [2019/02/22 13:57:48.771094, 3] ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send) getgrgid 10513 [2019/02/22 13:57:48.771159, 5] ../source3/winbindd/winbindd_getgrgid.c:116(winbindd_getgrgid_recv) Could not convert sid S-1-22-2-10513: NT_STATUS_INVALID_PARAMETER [2019/02/22 13:57:48.771471, 3] ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send) getpwuid 10002 [2019/02/22 13:57:48.782593, 5] ../source3/winbindd/wb_xids2sids.c:565(wb_xids2sids_recv) wb_sids_to_xids failed: NT_STATUS_CONNECTION_REFUSED smells bad ?
Hai Stefan,
Hmm is time in sync. Did that server have these 3 settings in smb.conf?
Yes/no/which ones ?
kerberos method = secrets and keytab
dedicated keytab file = /etc/krb5.keytab
# renew the kerberos ticket
winbind refresh tickets = yes
Especialy the refresh ticket..
I see this is a RID setup? Not AD.
Because if thats so, i run only in AD backend on the members.
Can you check that.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Stefan G. Weichinger via samba
> Verzonden: vrijdag 22 februari 2019 14:00
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Debian 9.8 and vanbelle-repos
>
> Am 22.02.19 um 12:16 schrieb L.P.H. van Belle via samba:
> > Hai,
> >
> > Well, i did some extra checking, gone throug more logs.
> > ... Nothing. No errors. Sorry, i cant find anything..
> >
> > Almost all my server run unattended updates, execpt the DC's.
> >
> > I had a few that where waiting for a reboot tomorrow night,
> all now rebooted,
> > and no problems before and after.
> >
> > So its bit hard to detect whats going on at your side.
> > Are all you servers having this or a few. Whats the
> difference between these.
> >
> > If a few, compair the installed packages thats what i would do.
> > I dont think it samba to blaim, because i see 15 servers
> auto-updated without problems.
> >
> > And i cant think of anything expect the packages check, on
> what's the problem, to start debugging.
> >
> > And i just noticed a new kernel update. From 4.9.144-3.0 to
> 4.9.144-3.1
> > Fix boot breakage on 32-bit arm (closes: #922478).
> > But your not running arm 32bit i think ;-)
> >
> > So not much i can help with here i think, sorry..
> > I can only think of 2 things here.
> >
> > 1) The use of settings in idmap.conf ive shown.
> > 2) use systemd from debian backports, its a try,
> > i have some server with the normal debian stretch version.
> > And some are on the backports version.
> > This depends on the server function, most samba servers are
> using the default systemd.
> >
> > Now time to eat....
> >
> > Good lunch everybody.
> >
> > Greetz,
> >
> > Louis
> >
> >
>
> thanks for your testing and help on this.
>
> I hop between jobs and customers and don't have too much time
> for that now.
>
> Just looked into winbindd.log:
>
> [2019/02/22 13:57:48.758769, 3]
> ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
> getpwuid 10080
> [2019/02/22 13:57:48.770047, 5]
> ../source3/winbindd/wb_xids2sids.c:565(wb_xids2sids_recv)
> wb_sids_to_xids failed: NT_STATUS_CONNECTION_REFUSED
> [2019/02/22 13:57:48.770088, 5]
> ../source3/winbindd/winbindd_getpwuid.c:111(winbindd_getpwuid_recv)
> Could not convert sid (NULL SID): NT_STATUS_CONNECTION_REFUSED
> [2019/02/22 13:57:48.770344, 3]
> ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
> getgrgid 10513
> [2019/02/22 13:57:48.770425, 5]
> ../source3/winbindd/winbindd_getgrgid.c:116(winbindd_getgrgid_recv)
> Could not convert sid S-1-22-2-10513: NT_STATUS_INVALID_PARAMETER
> [2019/02/22 13:57:48.770746, 3]
> ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
> getpwuid 10092
> [2019/02/22 13:57:48.770811, 5]
> ../source3/winbindd/winbindd_getpwuid.c:111(winbindd_getpwuid_recv)
> Could not convert sid S-1-22-1-10092: NT_STATUS_INVALID_PARAMETER
> [2019/02/22 13:57:48.771094, 3]
> ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
> getgrgid 10513
> [2019/02/22 13:57:48.771159, 5]
> ../source3/winbindd/winbindd_getgrgid.c:116(winbindd_getgrgid_recv)
> Could not convert sid S-1-22-2-10513: NT_STATUS_INVALID_PARAMETER
> [2019/02/22 13:57:48.771471, 3]
> ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
> getpwuid 10002
> [2019/02/22 13:57:48.782593, 5]
> ../source3/winbindd/wb_xids2sids.c:565(wb_xids2sids_recv)
> wb_sids_to_xids failed: NT_STATUS_CONNECTION_REFUSED
>
> smells bad
> ?
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>