samba - Nov 2022 - Strange issue with Samba+CTDB+SELinux+GlusterFS

I'm getting this:

type=AVC msg=audit(1668528098.389:291): avc:  denied  { getattr } for
 pid=84190 comm="samba-dcerpcd"
path="/var/lib/ctdb/persistent/registry.tdb.1" dev="dm-0"
ino=117620565
scontext=system_u:system_r:winbind_rpcd_t:s0
tcontext=system_u:object_r:ctdbd_var_lib_t:s0 tclass=file permissive=1
type=AVC msg=audit(1668528098.389:292): avc:  denied  { map } for
 pid=84190 comm="samba-dcerpcd"
path="/var/lib/ctdb/persistent/registry.tdb.1" dev="dm-0"
ino=117620565
scontext=system_u:system_r:winbind_rpcd_t:s0
tcontext=system_u:object_r:ctdbd_var_lib_t:s0 tclass=file permissive=1
type=AVC msg=audit(1668528098.391:293): avc:  denied  { setattr } for
 pid=84190 comm="samba-dcerpcd" name="g_lock.tdb.1"
dev="dm-0"
ino=152097603 scontext=system_u:system_r:winbind_rpcd_t:s0
tcontext=system_u:object_r:ctdbd_var_lib_t:s0 tclass=file permissive=1
type=AVC msg=audit(1668529035.873:308): avc:  denied  { read write } for
 pid=89129 comm="samba-dcerpcd" name="registry.tdb.1"
dev="dm-0"
ino=117620565 scontext=system_u:system_r:winbind_rpcd_t:s0
tcontext=system_u:object_r:ctdbd_var_lib_t:s0 tclass=file permissive=1
type=AVC msg=audit(1668529035.873:308): avc:  denied  { open } for
 pid=89129 comm="samba-dcerpcd"
path="/var/lib/ctdb/persistent/registry.tdb.1" dev="dm-0"
ino=117620565
scontext=system_u:system_r:winbind_rpcd_t:s0
tcontext=system_u:object_r:ctdbd_var_lib_t:s0 tclass=file permissive=1
type=AVC msg=audit(1668529035.873:309): avc:  denied  { lock } for
 pid=89129 comm="samba-dcerpcd"
path="/var/lib/ctdb/persistent/registry.tdb.1" dev="dm-0"
ino=117620565
scontext=system_u:system_r:winbind_rpcd_t:s0
tcontext=system_u:object_r:ctdbd_var_lib_t:s0 tclass=file permissive=1
type=AVC msg=audit(1668529035.873:310): avc:  denied  { getattr } for
 pid=89129 comm="samba-dcerpcd"
path="/var/lib/ctdb/persistent/registry.tdb.1" dev="dm-0"
ino=117620565
scontext=system_u:system_r:winbind_rpcd_t:s0
tcontext=system_u:object_r:ctdbd_var_lib_t:s0 tclass=file permissive=1
type=AVC msg=audit(1668529035.875:311): avc:  denied  { setattr } for
 pid=89129 comm="samba-dcerpcd" name="g_lock.tdb.1"
dev="dm-0"
ino=152097603 scontext=system_u:system_r:winbind_rpcd_t:s0
tcontext=system_u:object_r:ctdbd_var_lib_t:s0 tclass=file permissive=1

I did
audit2allow -al -M dcerpcd
semodule -i dcerpcd.pp

It was working in Enforcing 1 mode for like 1 minute. After that, again not
working. But this time:

[root at fs02 samba]# audit2allow -al
[root at fs02 samba]#

So the module is active, nothing is denied (no new entries in
/var/log/audit/audit.log), however it's again:

[2022/11/15 17:33:13,  0]
../../source3/lib/dbwrap/dbwrap_ctdb.c:1926(db_open_ctdb)
  Could not open tdb /var/lib/ctdb/persistent/registry.tdb.1: Permission
denied
[2022/11/15 17:33:13,  0]
../../source3/lib/dbwrap/dbwrap_open.c:169(db_open)
  db_open: failed to attach to ctdb registry.tdb
[2022/11/15 17:33:13,  0]
../../source3/lib/dbwrap/dbwrap_ctdb.c:1926(db_open_ctdb)
  Could not open tdb /var/lib/ctdb/persistent/registry.tdb.1: Permission
denied
[2022/11/15 17:33:13,  0]
../../source3/lib/dbwrap/dbwrap_open.c:169(db_open)
  db_open: failed to attach to ctdb registry.tdb
[2022/11/15 17:33:13,  1]
../../source3/registry/reg_backend_db.c:759(regdb_init)
  regdb_init: Failed to open registry /var/lib/samba/registry.tdb
(Permission denied)
[2022/11/15 17:33:13,  0]
../../source3/registry/reg_init_basic.c:35(registry_init_common)
  Failed to initialize the registry: WERR_ACCESS_DENIED
[2022/11/15 17:33:13,  1]
../../source3/param/loadparm.c:2157(lp_smbconf_ctx)
  error initializing registry configuration: SBC_ERR_BADFILE
Can't load /etc/samba/smb.conf - run testparm to debug it
samba-dcerpcd - Failed to load config file!




wt., 15 lis 2022 o 16:09 Thomas Cameron via samba <samba at
lists.samba.org>
napisa?(a):
> As root, what does audit2allow -al tell you?
>
> Here's a video I did when I was at Red Hat, talking through SELinux. I
> hope it's helpful. https://www.youtube.com/watch?v=_WOKRaM-HI4
>
> Thomas
>
> On 11/15/22 04:04, Leszek Szczepanowski via samba wrote:
> > I think with security=user the rest is simply ignored, and the local
auth
> > is working fine.
> > I will comment out that option for now. The AD integration will be
done
> > later.
> > The main problem is probably not related directly to CTDB, but to what
> > Samba is trying to access with SELinux in Enforcing mode.
> > As there are no errors in /var/log/messages or in /var/log/audit,
I'm
> lost.
> > I forgot to say versions, so:
> >
> > [root at fs01 samba]# cat /etc/redhat-release
> > CentOS Stream release 9
> > [root at fs01 samba]# rpm -qa | grep samba
> > samba-common-4.16.4-101.el9.noarch
> > samba-client-libs-4.16.4-101.el9.x86_64
> > samba-common-libs-4.16.4-101.el9.x86_64
> > samba-libs-4.16.4-101.el9.x86_64
> > python3-samba-4.16.4-101.el9.x86_64
> > samba-common-tools-4.16.4-101.el9.x86_64
> > samba-4.16.4-101.el9.x86_64
> > samba-client-4.16.4-101.el9.x86_64
> > samba-winbind-modules-4.16.4-101.el9.x86_64
> > samba-winbind-4.16.4-101.el9.x86_64
> > samba-winbind-krb5-locator-4.16.4-101.el9.x86_64
> > samba-winbind-clients-4.16.4-101.el9.x86_64
> > [root at fs01 samba]# rpm -qa | grep ctdb
> > ctdb-4.16.4-101.el9.x86_64
> > [root at fs01 samba]# uname -a
> > Linux fs01.xxx 5.14.0-183.el9.x86_64 #1 SMP PREEMPT_DYNAMIC Mon Oct 31
> > 09:18:51 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> >
> > Also, the provided errors were wrong, I was playing with permissive
mode.
> > In enforcing it is:
> >
> > [2022/11/15 11:02:08,  0]
> > ../../source3/lib/dbwrap/dbwrap_ctdb.c:1926(db_open_ctdb)
> >    Could not open tdb /var/lib/ctdb/persistent/registry.tdb.0:
Permission
> > denied
> > [2022/11/15 11:02:08,  0]
> > ../../source3/lib/dbwrap/dbwrap_open.c:169(db_open)
> >    db_open: failed to attach to ctdb registry.tdb
> > [2022/11/15 11:02:08,  0]
> > ../../source3/lib/dbwrap/dbwrap_ctdb.c:1926(db_open_ctdb)
> >    Could not open tdb /var/lib/ctdb/persistent/registry.tdb.0:
Permission
> > denied
> > [2022/11/15 11:02:08,  0]
> > ../../source3/lib/dbwrap/dbwrap_open.c:169(db_open)
> >    db_open: failed to attach to ctdb registry.tdb
> > [2022/11/15 11:02:08,  1]
> > ../../source3/registry/reg_backend_db.c:759(regdb_init)
> >    regdb_init: Failed to open registry /var/lib/samba/registry.tdb
> > (Permission denied)
> > [2022/11/15 11:02:08,  0]
> > ../../source3/registry/reg_init_basic.c:35(registry_init_common)
> >    Failed to initialize the registry: WERR_ACCESS_DENIED
> > [2022/11/15 11:02:08,  1]
> > ../../source3/param/loadparm.c:2157(lp_smbconf_ctx)
> >    error initializing registry configuration: SBC_ERR_BADFILE
> > Can't load /etc/samba/smb.conf - run testparm to debug it
> > samba-dcerpcd - Failed to load config file!
> >
> > But in the same time, I can do testparm without any issues:
> >
> > [root at fs01 samba]# testparm
> > Load smb config files from /etc/samba/smb.conf
> > Loaded services file OK.
> > Weak crypto is allowed
> >
> > Server role: ROLE_STANDALONE
> >
> > Press enter to see a dump of your service definitions
> >
> > # Global parameters
> > [global]
> >          clustering = Yes
> >          logging = syslog
> >          netbios name = FS
> >          realm = FS.xxx
> >          registry shares = Yes
> >          security = USER
> >          workgroup = xxx
> >          idmap config * : range = 1000000-1999999
> >          ctdb:registry.tdb = yes
> >          idmap config * : backend = autorid
> >
> >
> > [symptoms]
> >          path = /mnt/glusterfs/symptoms/
> >          read only = No
> >
> >
> > wt., 15 lis 2022 o 10:47 Rowland Penny via samba <samba at
lists.samba.org>
> > napisa?(a):
> >
> >>
> >> On 15/11/2022 09:21, Leszek Szczepanowski via samba wrote:
> >>> I have very simple config for HA Samba, using CTDB.
> >>> I have set all possible SELinux options until
"denied" messages stopped
> >>> appearch in /var/log/messages.
> >>>
> >>> All works flawlessly, just the problem is with browsing Samba
shares
> with
> >>> enforcing setting.
> >>>
> >>> When I try to browse shares, I'm getting this:
> >>>
> >>>     samba-dcerpcd version 4.16.4 started.
> >>>     Copyright Andrew Tridgell and the Samba Team 1992-2022
> >>> [2022/11/15 10:10:57.674555,  1]
> >>>
../../source3/rpc_client/cli_pipe.c:3014(rpc_pipe_open_ncalrpc)
> >>>     rpc_pipe_open_ncalrpc:
connect(/run/samba/ncalrpc/EPMAPPER)
> failed: No
> >>> such file or directory
> >>> [2022/11/15 10:10:57.820626,  1]
> >>> ../../source3/rpc_server/rpc_host.c:1763(rpc_worker_exited)
> >>>     rpc_worker_exited: No worker with PID 3281
> >>> [2022/11/15 10:10:58.040001,  1]
> >>>
../../source3/rpc_server/rpc_host.c:1350(rpc_host_distribute_clients)
> >>>     rpc_host_distribute_clients: Sending new client
> >>> /usr/libexec/samba/rpcd_winreg to 3294 with 0 clients
> >>> [2022/11/15 10:10:58.048701,  1]
> >>>
../../source3/rpc_server/rpc_host.c:1350(rpc_host_distribute_clients)
> >>>     rpc_host_distribute_clients: Sending new client
> >>> /usr/libexec/samba/rpcd_winreg to 3294 with 0 clients
> >>> [2022/11/15 10:10:58.049474,  1]
> >>>
../../source3/rpc_server/rpc_host.c:1350(rpc_host_distribute_clients)
> >>>     rpc_host_distribute_clients: Sending new client
> >>> /usr/libexec/samba/rpcd_classic to 3292 with 0 clients
> >>> [2022/11/15 10:10:58.560868,  1]
> >>>
../../source3/rpc_server/rpc_host.c:1350(rpc_host_distribute_clients)
> >>>     rpc_host_distribute_clients: Sending new client
> >>> /usr/libexec/samba/rpcd_classic to 3292 with 0 clients
> >>>
> >>> Samba is in clustered mode + registry:
> >>>
> >>> [root at fs01 samba]# net conf list
> >>> [global]
> >>>           logging = syslog
> >>>           log level = 1
> >>>           netbios name = fs
> >>>           workgroup = xxx
> >>>           realm = xxx
> >>>           idmap config * : backend = autorid
> >>>           idmap config * : range = 1000000-1999999
> >>>           security = user
> >> Now I do not know a lot about CTDB, but I do know that you cannot
use
> >> 'idmap config' lines with 'security = user', they
are are only used with
> >> a domain, so if this cluster is joined to a domain, I would start
by
> >> changing 'security = user' to 'security = ADS'
> >>
> >> Rowland
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/options/samba
> >>
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

-- 
-- 
Leszek A. Szczepanowski
twinsen at mspanc.net

What's the label for /var/lib/ctdb/persistent/registry.tdb.1? What does 
ls -lZ tell you?

Thomas

On 11/15/22 10:36, Leszek Szczepanowski wrote:
> I'm getting this:
>
> type=AVC msg=audit(1668528098.389:291): avc: ?denied ?{ getattr } for 
> ?pid=84190 comm="samba-dcerpcd" 
> path="/var/lib/ctdb/persistent/registry.tdb.1"
dev="dm-0"
> ino=117620565 scontext=system_u:system_r:winbind_rpcd_t:s0 
> tcontext=system_u:object_r:ctdbd_var_lib_t:s0 tclass=file permissive=1
> type=AVC msg=audit(1668528098.389:292): avc: ?denied ?{ map } for 
> ?pid=84190 comm="samba-dcerpcd" 
> path="/var/lib/ctdb/persistent/registry.tdb.1"
dev="dm-0"
> ino=117620565 scontext=system_u:system_r:winbind_rpcd_t:s0 
> tcontext=system_u:object_r:ctdbd_var_lib_t:s0 tclass=file permissive=1
> type=AVC msg=audit(1668528098.391:293): avc: ?denied ?{ setattr } for 
> ?pid=84190 comm="samba-dcerpcd" name="g_lock.tdb.1"
dev="dm-0"
> ino=152097603 scontext=system_u:system_r:winbind_rpcd_t:s0 
> tcontext=system_u:object_r:ctdbd_var_lib_t:s0 tclass=file permissive=1
> type=AVC msg=audit(1668529035.873:308): avc: ?denied ?{ read write } 
> for ?pid=89129 comm="samba-dcerpcd"
name="registry.tdb.1" dev="dm-0"
> ino=117620565 scontext=system_u:system_r:winbind_rpcd_t:s0 
> tcontext=system_u:object_r:ctdbd_var_lib_t:s0 tclass=file permissive=1
> type=AVC msg=audit(1668529035.873:308): avc: ?denied ?{ open } for 
> ?pid=89129 comm="samba-dcerpcd" 
> path="/var/lib/ctdb/persistent/registry.tdb.1"
dev="dm-0"
> ino=117620565 scontext=system_u:system_r:winbind_rpcd_t:s0 
> tcontext=system_u:object_r:ctdbd_var_lib_t:s0 tclass=file permissive=1
> type=AVC msg=audit(1668529035.873:309): avc: ?denied ?{ lock } for 
> ?pid=89129 comm="samba-dcerpcd" 
> path="/var/lib/ctdb/persistent/registry.tdb.1"
dev="dm-0"
> ino=117620565 scontext=system_u:system_r:winbind_rpcd_t:s0 
> tcontext=system_u:object_r:ctdbd_var_lib_t:s0 tclass=file permissive=1
> type=AVC msg=audit(1668529035.873:310): avc: ?denied ?{ getattr } for 
> ?pid=89129 comm="samba-dcerpcd" 
> path="/var/lib/ctdb/persistent/registry.tdb.1"
dev="dm-0"
> ino=117620565 scontext=system_u:system_r:winbind_rpcd_t:s0 
> tcontext=system_u:object_r:ctdbd_var_lib_t:s0 tclass=file permissive=1
> type=AVC msg=audit(1668529035.875:311): avc: ?denied ?{ setattr } for 
> ?pid=89129 comm="samba-dcerpcd" name="g_lock.tdb.1"
dev="dm-0"
> ino=152097603 scontext=system_u:system_r:winbind_rpcd_t:s0 
> tcontext=system_u:object_r:ctdbd_var_lib_t:s0 tclass=file permissive=1
>
> I did
> audit2allow -al -M dcerpcd
> semodule -i dcerpcd.pp
>
> It was working in Enforcing 1 mode for like 1 minute. After that, 
> again not working. But this time:
>
> [root at fs02 samba]# audit2allow -al
> [root at fs02 samba]#
>
> So the module is active, nothing is denied (no new entries in 
> /var/log/audit/audit.log), however it's again:
>
> [2022/11/15 17:33:13, ?0] 
> ../../source3/lib/dbwrap/dbwrap_ctdb.c:1926(db_open_ctdb)
> ? Could not open tdb /var/lib/ctdb/persistent/registry.tdb.1: 
> Permission denied
> [2022/11/15 17:33:13, ?0] 
> ../../source3/lib/dbwrap/dbwrap_open.c:169(db_open)
> ? db_open: failed to attach to ctdb registry.tdb
> [2022/11/15 17:33:13, ?0] 
> ../../source3/lib/dbwrap/dbwrap_ctdb.c:1926(db_open_ctdb)
> ? Could not open tdb /var/lib/ctdb/persistent/registry.tdb.1: 
> Permission denied
> [2022/11/15 17:33:13, ?0] 
> ../../source3/lib/dbwrap/dbwrap_open.c:169(db_open)
> ? db_open: failed to attach to ctdb registry.tdb
> [2022/11/15 17:33:13, ?1] 
> ../../source3/registry/reg_backend_db.c:759(regdb_init)
> ? regdb_init: Failed to open registry /var/lib/samba/registry.tdb 
> (Permission denied)
> [2022/11/15 17:33:13, ?0] 
> ../../source3/registry/reg_init_basic.c:35(registry_init_common)
> ? Failed to initialize the registry: WERR_ACCESS_DENIED
> [2022/11/15 17:33:13, ?1] 
> ../../source3/param/loadparm.c:2157(lp_smbconf_ctx)
> ? error initializing registry configuration: SBC_ERR_BADFILE
> Can't load /etc/samba/smb.conf - run testparm to debug it
> samba-dcerpcd - Failed to load config file!
>
>
>
>
> wt., 15 lis 2022 o 16:09?Thomas Cameron via samba 
> <samba at lists.samba.org> napisa?(a):
>
>     As root, what does audit2allow -al tell you?
>
>     Here's a video I did when I was at Red Hat, talking through
>     SELinux. I
>     hope it's helpful. https://www.youtube.com/watch?v=_WOKRaM-HI4
>
>     Thomas
>
>     On 11/15/22 04:04, Leszek Szczepanowski via samba wrote:
>     > I think with security=user the rest is simply ignored, and the
>     local auth
>     > is working fine.
>     > I will comment out that option for now. The AD integration will
>     be done
>     > later.
>     > The main problem is probably not related directly to CTDB, but
>     to what
>     > Samba is trying to access with SELinux in Enforcing mode.
>     > As there are no errors in /var/log/messages or in
>     /var/log/audit, I'm lost.
>     > I forgot to say versions, so:
>     >
>     > [root at fs01 samba]# cat /etc/redhat-release
>     > CentOS Stream release 9
>     > [root at fs01 samba]# rpm -qa | grep samba
>     > samba-common-4.16.4-101.el9.noarch
>     > samba-client-libs-4.16.4-101.el9.x86_64
>     > samba-common-libs-4.16.4-101.el9.x86_64
>     > samba-libs-4.16.4-101.el9.x86_64
>     > python3-samba-4.16.4-101.el9.x86_64
>     > samba-common-tools-4.16.4-101.el9.x86_64
>     > samba-4.16.4-101.el9.x86_64
>     > samba-client-4.16.4-101.el9.x86_64
>     > samba-winbind-modules-4.16.4-101.el9.x86_64
>     > samba-winbind-4.16.4-101.el9.x86_64
>     > samba-winbind-krb5-locator-4.16.4-101.el9.x86_64
>     > samba-winbind-clients-4.16.4-101.el9.x86_64
>     > [root at fs01 samba]# rpm -qa | grep ctdb
>     > ctdb-4.16.4-101.el9.x86_64
>     > [root at fs01 samba]# uname -a
>     > Linux fs01.xxx 5.14.0-183.el9.x86_64 #1 SMP PREEMPT_DYNAMIC Mon
>     Oct 31
>     > 09:18:51 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
>     >
>     > Also, the provided errors were wrong, I was playing with
>     permissive mode.
>     > In enforcing it is:
>     >
>     > [2022/11/15 11:02:08,? 0]
>     > ../../source3/lib/dbwrap/dbwrap_ctdb.c:1926(db_open_ctdb)
>     >? ? Could not open tdb /var/lib/ctdb/persistent/registry.tdb.0:
>     Permission
>     > denied
>     > [2022/11/15 11:02:08,? 0]
>     > ../../source3/lib/dbwrap/dbwrap_open.c:169(db_open)
>     >? ? db_open: failed to attach to ctdb registry.tdb
>     > [2022/11/15 11:02:08,? 0]
>     > ../../source3/lib/dbwrap/dbwrap_ctdb.c:1926(db_open_ctdb)
>     >? ? Could not open tdb /var/lib/ctdb/persistent/registry.tdb.0:
>     Permission
>     > denied
>     > [2022/11/15 11:02:08,? 0]
>     > ../../source3/lib/dbwrap/dbwrap_open.c:169(db_open)
>     >? ? db_open: failed to attach to ctdb registry.tdb
>     > [2022/11/15 11:02:08,? 1]
>     > ../../source3/registry/reg_backend_db.c:759(regdb_init)
>     >? ? regdb_init: Failed to open registry /var/lib/samba/registry.tdb
>     > (Permission denied)
>     > [2022/11/15 11:02:08,? 0]
>     > ../../source3/registry/reg_init_basic.c:35(registry_init_common)
>     >? ? Failed to initialize the registry: WERR_ACCESS_DENIED
>     > [2022/11/15 11:02:08,? 1]
>     > ../../source3/param/loadparm.c:2157(lp_smbconf_ctx)
>     >? ? error initializing registry configuration: SBC_ERR_BADFILE
>     > Can't load /etc/samba/smb.conf - run testparm to debug it
>     > samba-dcerpcd - Failed to load config file!
>     >
>     > But in the same time, I can do testparm without any issues:
>     >
>     > [root at fs01 samba]# testparm
>     > Load smb config files from /etc/samba/smb.conf
>     > Loaded services file OK.
>     > Weak crypto is allowed
>     >
>     > Server role: ROLE_STANDALONE
>     >
>     > Press enter to see a dump of your service definitions
>     >
>     > # Global parameters
>     > [global]
>     >? ? ? ? ? clustering = Yes
>     >? ? ? ? ? logging = syslog
>     >? ? ? ? ? netbios name = FS
>     >? ? ? ? ? realm = FS.xxx
>     >? ? ? ? ? registry shares = Yes
>     >? ? ? ? ? security = USER
>     >? ? ? ? ? workgroup = xxx
>     >? ? ? ? ? idmap config * : range = 1000000-1999999
>     >? ? ? ? ? ctdb:registry.tdb = yes
>     >? ? ? ? ? idmap config * : backend = autorid
>     >
>     >
>     > [symptoms]
>     >? ? ? ? ? path = /mnt/glusterfs/symptoms/
>     >? ? ? ? ? read only = No
>     >
>     >
>     > wt., 15 lis 2022 o 10:47 Rowland Penny via samba
>     <samba at lists.samba.org>
>     > napisa?(a):
>     >
>     >>
>     >> On 15/11/2022 09:21, Leszek Szczepanowski via samba wrote:
>     >>> I have very simple config for HA Samba, using CTDB.
>     >>> I have set all possible SELinux options until
"denied"
>     messages stopped
>     >>> appearch in /var/log/messages.
>     >>>
>     >>> All works flawlessly, just the problem is with browsing
Samba
>     shares with
>     >>> enforcing setting.
>     >>>
>     >>> When I try to browse shares, I'm getting this:
>     >>>
>     >>>? ? ?samba-dcerpcd version 4.16.4 started.
>     >>>? ? ?Copyright Andrew Tridgell and the Samba Team 1992-2022
>     >>> [2022/11/15 10:10:57.674555,? 1]
>     >>>
../../source3/rpc_client/cli_pipe.c:3014(rpc_pipe_open_ncalrpc)
>     >>>? ? ?rpc_pipe_open_ncalrpc:
>     connect(/run/samba/ncalrpc/EPMAPPER) failed: No
>     >>> such file or directory
>     >>> [2022/11/15 10:10:57.820626,? 1]
>     >>>
../../source3/rpc_server/rpc_host.c:1763(rpc_worker_exited)
>     >>>? ? ?rpc_worker_exited: No worker with PID 3281
>     >>> [2022/11/15 10:10:58.040001,? 1]
>     >>>
>     ../../source3/rpc_server/rpc_host.c:1350(rpc_host_distribute_clients)
>     >>>? ? ?rpc_host_distribute_clients: Sending new client
>     >>> /usr/libexec/samba/rpcd_winreg to 3294 with 0 clients
>     >>> [2022/11/15 10:10:58.048701,? 1]
>     >>>
>     ../../source3/rpc_server/rpc_host.c:1350(rpc_host_distribute_clients)
>     >>>? ? ?rpc_host_distribute_clients: Sending new client
>     >>> /usr/libexec/samba/rpcd_winreg to 3294 with 0 clients
>     >>> [2022/11/15 10:10:58.049474,? 1]
>     >>>
>     ../../source3/rpc_server/rpc_host.c:1350(rpc_host_distribute_clients)
>     >>>? ? ?rpc_host_distribute_clients: Sending new client
>     >>> /usr/libexec/samba/rpcd_classic to 3292 with 0 clients
>     >>> [2022/11/15 10:10:58.560868,? 1]
>     >>>
>     ../../source3/rpc_server/rpc_host.c:1350(rpc_host_distribute_clients)
>     >>>? ? ?rpc_host_distribute_clients: Sending new client
>     >>> /usr/libexec/samba/rpcd_classic to 3292 with 0 clients
>     >>>
>     >>> Samba is in clustered mode + registry:
>     >>>
>     >>> [root at fs01 samba]# net conf list
>     >>> [global]
>     >>>? ? ? ? ? ?logging = syslog
>     >>>? ? ? ? ? ?log level = 1
>     >>>? ? ? ? ? ?netbios name = fs
>     >>>? ? ? ? ? ?workgroup = xxx
>     >>>? ? ? ? ? ?realm = xxx
>     >>>? ? ? ? ? ?idmap config * : backend = autorid
>     >>>? ? ? ? ? ?idmap config * : range = 1000000-1999999
>     >>>? ? ? ? ? ?security = user
>     >> Now I do not know a lot about CTDB, but I do know that you
>     cannot use
>     >> 'idmap config' lines with 'security = user',
they are are only
>     used with
>     >> a domain, so if this cluster is joined to a domain, I would
>     start by
>     >> changing 'security = user' to 'security = ADS'
>     >>
>     >> Rowland
>     >>
>     >> --
>     >> To unsubscribe from this list go to the following URL and read
the
>     >> instructions: https://lists.samba.org/mailman/options/samba
>     >>
>     >
>
>
>     -- 
>     To unsubscribe from this list go to the following URL and read the
>     instructions: https://lists.samba.org/mailman/options/samba
>
>
>
> -- 
> -- 
> Leszek A. Szczepanowski
> twinsen at mspanc.net