samba - Sep 2020 - smbd do not start

Hello all;

I am installing samba4 (version 4.9.5) on Debian 10.5 to use it as a member of a
samba4 AD DC domain (version 4.11.4). I am following the guide
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member but I am
having problems starting samba.

 So far I have installed the necessary packages listed here
https://wiki.samba.org/index.php/Package_Dependencies_Required_to_Build_Samba

 I have modified /etc/krb5.conf

###
[libdefaults]
       dns_lookup_realm = false
       dns_lookup_kdc = true
       default_realm = GTM.ONAT.GOB.CU
###

The configuration of /etc/resolv.conf looks like this:

###
search gtm.onat.gob.cu
nameserver 192.168.41.17
###

and /etc/samba/smb.conf

###
[global]
  workgroup = ATGTM00
  security = ADS
  realm = GTM.ONAT.GOB.CU

  winbind refresh tickets = Yes
  vfs objects = acl_xattr
  map acl inherit = Yes
  store dos attributes = Yes

  dedicated keytab file = /etc/krb5.keytab
  kerberos method = secrets and keytab
  winbind use default domain = yes
  username map = /etc/samba/user.map

 log file = /var/log/samba/%m.log
 log level = 1   

 idmap config * : backend = tdb
 idmap config * : range = 3000-7999
 idmap config ATGTM00 : backend = rid
 idmap config ATGTM00 : range = 10000-999999

 template shell = /bin/bash
 template homedir = /home/%U   
###

But when I try to start smbd it gives me this error:

$ sudo systemctl status smbd.service -l  

 ? smbd.service - Samba SMB Daemon
  Loaded: loaded (/lib/systemd/system/smbd.service; enabled; vendor preset:
enabled)
  Active: failed (Result: exit-code) since Wed 2020-09-16 14:06:55 CDT; 31s ago
    Docs: man:smbd(8)
          man:samba(7)
          man:smb.conf(5)
 Process: 11665 ExecStartPre=/usr/share/samba/update-apparmor-samba-profile
(code=exited, status=0/SUCCESS)
 Process: 11669 ExecStart=/usr/sbin/smbd --foreground --no-process-group
$SMBDOPTIONS (code=exited, status=255/EXCEPTION)
Main PID: 11669 (code=exited, status=255/EXCEPTION)

sep 16 14:06:54 p107 systemd[1]: Starting Samba SMB Daemon...
sep 16 14:06:55 p107 smbd[11669]: [2020/09/16 14:06:55.166345,  0]
../source3/auth/auth_util.c:1382(make_new_session_info_guest)
sep 16 14:06:55 p107 smbd[11669]:   create_local_token failed:
NT_STATUS_NO_MEMORY
sep 16 14:06:55 p107 smbd[11669]: [2020/09/16 14:06:55.168205,  0]
../source3/smbd/server.c:2000(main)
sep 16 14:06:55 p107 smbd[11669]:   ERROR: failed to setup guest info. 
sep 16 14:06:55 p107 systemd[1]: smbd.service: Main process exited, code=exited,
status=255/EXCEPTION
sep 16 14:06:55 p107 systemd[1]: smbd.service: Failed with result
'exit-code'.
sep 16 14:06:55 p107 systemd[1]: Failed to start Samba SMB Daemon.

 logs in /var/log/samba/smbd.log

###
[2020/09/16 14:06:55.145309,  1]
../source3/profile/profile_dummy.c:30(set_profile_level)
 INFO: Profiling support unavailable in this build.
[2020/09/16 14:06:55.166345,  0]
../source3/auth/auth_util.c:1382(make_new_session_info_guest)
 create_local_token failed: NT_STATUS_NO_MEMORY
[2020/09/16 14:06:55.168205,  0] ../source3/smbd/server.c:2000(main)
 ERROR: failed to setup guest info.
###


 What could I be doing wrong?


-- 
Rommel Rodriguez Toirac
rommelrt at nauta.cu

On 16/09/2020 19:38, Rommel Rodriguez Toirac via samba
wrote:
> Hello all;
>
> I am installing samba4 (version 4.9.5) on Debian 10.5 to use it as a member
of a samba4 AD DC domain (version 4.11.4). I am following the guide
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member but I am
having problems starting samba.
>
>   So far I have installed the necessary packages listed here
https://wiki.samba.org/index.php/Package_Dependencies_Required_to_Build_Samba
>
>   I have modified /etc/krb5.conf
>
> ###
> [libdefaults]
>         dns_lookup_realm = false
>         dns_lookup_kdc = true
>         default_realm = GTM.ONAT.GOB.CU
> ###
>
> The configuration of /etc/resolv.conf looks like this:
>
> ###
> search gtm.onat.gob.cu
> nameserver 192.168.41.17
> ###
>
> and /etc/samba/smb.conf
>
> ###
> [global]
>    workgroup = ATGTM00
>    security = ADS
>    realm = GTM.ONAT.GOB.CU
>
>    winbind refresh tickets = Yes
>    vfs objects = acl_xattr
>    map acl inherit = Yes
>    store dos attributes = Yes
>
>    dedicated keytab file = /etc/krb5.keytab
>    kerberos method = secrets and keytab
>    winbind use default domain = yes
>    username map = /etc/samba/user.map
>
>   log file = /var/log/samba/%m.log
>   log level = 1
>
>   idmap config * : backend = tdb
>   idmap config * : range = 3000-7999
>   idmap config ATGTM00 : backend = rid
>   idmap config ATGTM00 : range = 10000-999999
>
>   template shell = /bin/bash
>   template homedir = /home/%U
> ###
>
> But when I try to start smbd it gives me this error:
>
> $ sudo systemctl status smbd.service -l
>
>   ? smbd.service - Samba SMB Daemon
>    Loaded: loaded (/lib/systemd/system/smbd.service; enabled; vendor
preset: enabled)
>    Active: failed (Result: exit-code) since Wed 2020-09-16 14:06:55 CDT;
31s ago
>      Docs: man:smbd(8)
>            man:samba(7)
>            man:smb.conf(5)
>   Process: 11665
ExecStartPre=/usr/share/samba/update-apparmor-samba-profile (code=exited,
status=0/SUCCESS)
>   Process: 11669 ExecStart=/usr/sbin/smbd --foreground --no-process-group
$SMBDOPTIONS (code=exited, status=255/EXCEPTION)
> Main PID: 11669 (code=exited, status=255/EXCEPTION)
>
> sep 16 14:06:54 p107 systemd[1]: Starting Samba SMB Daemon...
> sep 16 14:06:55 p107 smbd[11669]: [2020/09/16 14:06:55.166345,  0]
../source3/auth/auth_util.c:1382(make_new_session_info_guest)
> sep 16 14:06:55 p107 smbd[11669]:   create_local_token failed:
NT_STATUS_NO_MEMORY
> sep 16 14:06:55 p107 smbd[11669]: [2020/09/16 14:06:55.168205,  0]
../source3/smbd/server.c:2000(main)
> sep 16 14:06:55 p107 smbd[11669]:   ERROR: failed to setup guest info.
> sep 16 14:06:55 p107 systemd[1]: smbd.service: Main process exited,
code=exited, status=255/EXCEPTION
> sep 16 14:06:55 p107 systemd[1]: smbd.service: Failed with result
'exit-code'.
> sep 16 14:06:55 p107 systemd[1]: Failed to start Samba SMB Daemon.
>
>   logs in /var/log/samba/smbd.log
>
> ###
> [2020/09/16 14:06:55.145309,  1]
../source3/profile/profile_dummy.c:30(set_profile_level)
>   INFO: Profiling support unavailable in this build.
> [2020/09/16 14:06:55.166345,  0]
../source3/auth/auth_util.c:1382(make_new_session_info_guest)
>   create_local_token failed: NT_STATUS_NO_MEMORY
> [2020/09/16 14:06:55.168205,  0] ../source3/smbd/server.c:2000(main)
>   ERROR: failed to setup guest info.
> ###
>
>
>   What could I be doing wrong?
>
>
It should work, the error you are getting usually only appears on a 
standalone server. Have you joined the computer to the domain ? if so, 
try starting winbind first, then smbd

Rowland

Hello Rowland;
thanks for write me back.

 Is that first I had to join the PC to the domain :-O
Now it does work:

$ sudo net ads join -U Administrator
[sudo] password for administrator: ?
Enter Administrator's password:
Using short domain name -- ATGTM00
Joined 'P107' to dns domain 'gtm.onat.gob.cu'

$ sudo systemctl start winbind.service
$ sudo systemctl status winbind.service -l
??winbind.service - Samba Winbind Daemon
??Loaded: loaded (/lib/systemd/system/winbind.service; enabled; vendor preset:
enabled)
??Active:?active (running)?since Wed 2020-09-16 15:22:01 CDT; 28s ago
????Docs: man:winbindd(8)
??????????man:samba(7)
??????????man:smb.conf(5)
Main PID: 11863 (winbindd)
??Status: "winbindd: ready to serve connections..."
???Tasks: 5 (limit: 2310)
??Memory: 6.4M
??CGroup: /system.slice/winbind.service
????????????11863 /usr/sbin/winbindd --foreground --no-process-group
????????????11865 winbindd: domain child [ATGTM00]
????????????11878 winbindd: domain child [P107]
????????????11879 winbindd: idmap child
????????????11880 winbindd: domain child [BUILTIN]

sep 16 15:22:01 p107 systemd[1]: Starting Samba Winbind Daemon...
sep 16 15:22:01 p107 winbindd[11863]:?[2020/09/16 15:22:01.215889, ?0]
../source3/winbindd/winbindd_cache.c:3160(initialize_winbindd_cache)?
sep 16 15:22:01 p107 winbindd[11863]:???initialize_winbindd_cache: clearing
cache and re-creating with version number 2?
sep 16 15:22:01 p107 winbindd[11863]:?[2020/09/16 15:22:01.237277, ?0]
../lib/util/become_daemon.c:138(daemon_ready)?
sep 16 15:22:01 p107 systemd[1]: Started Samba Winbind Daemon.
sep 16 15:22:01 p107 winbindd[11863]:???daemon_ready: STATUS=daemon
'winbindd' finished starting up and ready to serve connections?

$ sudo systemctl start smbd.service
$ sudo systemctl status smbd.service -l ???????
??smbd.service - Samba SMB Daemon
??Loaded: loaded (/lib/systemd/system/smbd.service; enabled; vendor preset:
enabled)
??Active:?active (running)?since Wed 2020-09-16 15:22:14 CDT; 24s ago
????Docs: man:smbd(8)
??????????man:samba(7)
??????????man:smb.conf(5)
?Process: 11870 ExecStartPre=/usr/share/samba/update-apparmor-samba-profile
(code=exited, status=0/SUCCESS)
Main PID: 11874 (smbd)
??Status: "smbd: ready to serve connections..."
???Tasks: 4 (limit: 2310)
??Memory: 5.7M
??CGroup: /system.slice/smbd.service
????????????11874 /usr/sbin/smbd --foreground --no-process-group
????????????11876 /usr/sbin/smbd --foreground --no-process-group
????????????11877 /usr/sbin/smbd --foreground --no-process-group
????????????11881 /usr/sbin/smbd --foreground --no-process-group

sep 16 15:22:13 p107 systemd[1]: Starting Samba SMB Daemon...
sep 16 15:22:14 p107 systemd[1]: Started Samba SMB Daemon.
sep 16 15:22:14 p107 smbd[11874]:?[2020/09/16 15:22:14.481831, ?0]
../lib/util/become_daemon.c:138(daemon_ready)?
sep 16 15:22:14 p107 smbd[11874]:???daemon_ready: STATUS=daemon 'smbd'
finished starting up and ready to serve connections?

$ sudo systemctl start nmbd.service
$ sudo systemctl status nmbd.service -l
??nmbd.service - Samba NMB Daemon
??Loaded: loaded (/lib/systemd/system/nmbd.service; enabled; vendor preset:
enabled)
??Active:?active (running)?since Wed 2020-09-16 15:22:51 CDT; 1s ago
????Docs: man:nmbd(8)
??????????man:samba(7)
??????????man:smb.conf(5)
Main PID: 11896 (nmbd)
??Status: "nmbd: ready to serve connections..."
???Tasks: 1 (limit: 2310)
??Memory: 1.7M
??CGroup: /system.slice/nmbd.service
????????????11896 /usr/sbin/nmbd --foreground --no-process-group

sep 16 15:22:51 p107 systemd[1]: Starting Samba NMB Daemon...
sep 16 15:22:51 p107 systemd[1]: Started Samba NMB Daemon.
sep 16 15:22:51 p107 nmbd[11896]:?[2020/09/16 15:22:51.299422, ?0]
../lib/util/become_daemon.c:138(daemon_ready)?
sep 16 15:22:51 p107 nmbd[11896]:???daemon_ready: STATUS=daemon 'nmbd'
finished starting up and ready to serve connections
--


-- 
Rommel Rodriguez Toirac
rommelrt at nauta.cu

On 9/16/2020 11:38 AM, Rommel Rodriguez Toirac via samba
wrote:
> create_local_token failed: NT_STATUS_NO_MEMORY
Based on a google search for the error:

https://bugzilla.redhat.com/show_bug.cgi?id=1597087

https://serverfault.com/questions/928665/smb-fails-to-start-on-centos7-radius-server

I'd say the instance isn't yet joined to the domain or winbind isn't
available

***************************************
Hello Rowland;
thanks for write me back.

Is that first I had to join the PC to the domain :-O
Now it does work:

$ sudo net ads join -U Administrator
[sudo] password for administrator: ?
Enter Administrator's password:
Using short domain name -- ATGTM00
Joined 'P107' to dns domain 'gtm.onat.gob.cu'

$ sudo systemctl start winbind.service
$ sudo systemctl status winbind.service -l
??winbind.service - Samba Winbind Daemon
??Loaded: loaded (/lib/systemd/system/winbind.service; enabled; vendor preset:
enabled)
??Active:?active (running)?since Wed 2020-09-16 15:22:01 CDT; 28s ago
????Docs: man:winbindd(8)
??????????man:samba(7)
??????????man:smb.conf(5)
Main PID: 11863 (winbindd)
??Status: "winbindd: ready to serve connections..."
???Tasks: 5 (limit: 2310)
??Memory: 6.4M
??CGroup: /system.slice/winbind.service
????????????11863 /usr/sbin/winbindd --foreground --no-process-group
????????????11865 winbindd: domain child [ATGTM00]
????????????11878 winbindd: domain child [P107]
????????????11879 winbindd: idmap child
????????????11880 winbindd: domain child [BUILTIN]

sep 16 15:22:01 p107 systemd[1]: Starting Samba Winbind Daemon...
sep 16 15:22:01 p107 winbindd[11863]:?[2020/09/16 15:22:01.215889, ?0]
../source3/winbindd/winbindd_cache.c:3160(initialize_winbindd_cache)?
sep 16 15:22:01 p107 winbindd[11863]:???initialize_winbindd_cache: clearing
cache and re-creating with version number 2?
sep 16 15:22:01 p107 winbindd[11863]:?[2020/09/16 15:22:01.237277, ?0]
../lib/util/become_daemon.c:138(daemon_ready)?
sep 16 15:22:01 p107 systemd[1]: Started Samba Winbind Daemon.
sep 16 15:22:01 p107 winbindd[11863]:???daemon_ready: STATUS=daemon
'winbindd' finished starting up and ready to serve connections?

$ sudo systemctl start smbd.service
$ sudo systemctl status smbd.service -l ???????
??smbd.service - Samba SMB Daemon
??Loaded: loaded (/lib/systemd/system/smbd.service; enabled; vendor preset:
enabled)
??Active:?active (running)?since Wed 2020-09-16 15:22:14 CDT; 24s ago
????Docs: man:smbd(8)
??????????man:samba(7)
??????????man:smb.conf(5)
?Process: 11870 ExecStartPre=/usr/share/samba/update-apparmor-samba-profile
(code=exited, status=0/SUCCESS)
Main PID: 11874 (smbd)
??Status: "smbd: ready to serve connections..."
???Tasks: 4 (limit: 2310)
??Memory: 5.7M
??CGroup: /system.slice/smbd.service
????????????11874 /usr/sbin/smbd --foreground --no-process-group
????????????11876 /usr/sbin/smbd --foreground --no-process-group
????????????11877 /usr/sbin/smbd --foreground --no-process-group
????????????11881 /usr/sbin/smbd --foreground --no-process-group

sep 16 15:22:13 p107 systemd[1]: Starting Samba SMB Daemon...
sep 16 15:22:14 p107 systemd[1]: Started Samba SMB Daemon.
sep 16 15:22:14 p107 smbd[11874]:?[2020/09/16 15:22:14.481831, ?0]
../lib/util/become_daemon.c:138(daemon_ready)?
sep 16 15:22:14 p107 smbd[11874]:???daemon_ready: STATUS=daemon 'smbd'
finished starting up and ready to serve connections?

$ sudo systemctl start nmbd.service
$ sudo systemctl status nmbd.service -l
??nmbd.service - Samba NMB Daemon
??Loaded: loaded (/lib/systemd/system/nmbd.service; enabled; vendor preset:
enabled)
??Active:?active (running)?since Wed 2020-09-16 15:22:51 CDT; 1s ago
????Docs: man:nmbd(8)
??????????man:samba(7)
??????????man:smb.conf(5)
Main PID: 11896 (nmbd)
??Status: "nmbd: ready to serve connections..."
???Tasks: 1 (limit: 2310)
??Memory: 1.7M
??CGroup: /system.slice/nmbd.service
????????????11896 /usr/sbin/nmbd --foreground --no-process-group

sep 16 15:22:51 p107 systemd[1]: Starting Samba NMB Daemon...
sep 16 15:22:51 p107 systemd[1]: Started Samba NMB Daemon.
sep 16 15:22:51 p107 nmbd[11896]:?[2020/09/16 15:22:51.299422, ?0]
../lib/util/become_daemon.c:138(daemon_ready)?
sep 16 15:22:51 p107 nmbd[11896]:???daemon_ready: STATUS=daemon 'nmbd'
finished starting up and to ready to serve connections

************************************

 
?Now verifying that everything was fine:

$ getent passwd ATGTM00\\rommel.rodriguez
rommel.rodriguez:*:11144:10513::/home/rommel.rodriguez:/bin/bash

$ getent group ATGTM00\\informatica
informatica:x:11142:

?It look tha be Ok;?but when I try to login as a user of my network and is
impossible.

If I try to add a user locally it is denied, because the user exists in Active
Directory, and it is denied:

$ sudo useradd -c "Rommel Rodriguez Toirac" rommel.rodriguez
[sudo] password for administrator: ?
useradd: el usuario ?rommel.rodriguez? ya existe

How can i log in? What do I have to do?

-- 
Rommel Rodriguez Toirac
rommelrt at nauta.cu