Sorry, did not send it to the list (damned Thunderbird)...
On 31.01.2023 18:14, Michael Tokarev via samba wrote:> 31.01.2023 09:59, Peter Milesson via samba ?????:
>
>> The journal on a AD domain member server is cluttered with permission
>> denied entries of this message pair:
>>
>> ??? Jan 31 07:02:26 konsrvfast smbd[436004]: [2023/01/31
>> ??? 07:02:26.083500,? 0, effective(11025, 10515), real(11025, 0)]
>> ??? ../../source3/smbd/smb2_service.c:168(chdir_current_service)
>>
>> ??? Jan 31 07:02:26 konsrvfast smbd[436004]: chdir_current_service:
>> ??? vfs_ChDir(/data/samba/profiles) failed: Permission denied. Current
>> ??? token: uid=11025, gid=10515, 5 groups: 11025 10515 3003 3004 3006
>>
>> uid=11025 is a Windows 10 workstation, and gid=10515 is the domain
>> computers object.
>
> This will be logged as long as you keep this dir inaccessible.
> I don't know why but win workstations also tries to access
> profile shares for their accounts. It's okay if there's no
> profile for them, but the share itself should be accessible,
> or else this type of message will be logged by samba.
The share permissions are for Everyone (Full Control/Change/Read).
But naturally, the security settings do not include permissions for
machines, only for users/user groups. Everything is set up according to
the Samba Wiki. The uid 11025 is a computer account, and the gid is
"Domain computers".>
> It is just the permission problem. A user with uid 11025 and the
> specified set of groups can't access the specified directory,
> that's all.
See above, the machine account has got no reason to access the data in
the share.>
>> There are also recurring entry blocks of the following type:
>>
>> ??? Jan 30 19:55:39 konsrvfast rpcd_classic[358632]: [2023/01/30
>> ??? 19:55:39.802586,? 0, effective(11006, 10513), real(11006, 0)]
>> ??? ../../lib/util/debug.c:1264(reopen_one_log)
>> ??? Jan 30 19:55:39 konsrvfast rpcd_classic[358632]: reopen_one_log:
>> ??? Unable to open new log file
'/var/log/samba/log.rpcd_classic':
>> ??? Permission denied
>
> And this one is interesting. Does this file exist?? Can you tell
> under which uid this process is running? I'm still new to samba
> process model, and I don't even see rpcd_classic process running
> here, - I don't know what it is doing and under which uid it is
> running. But the file exists on my system, and the last entry in there is
>
> [2023/01/04 16:07:20,? 0]
> ../../source3/rpc_server/rpc_worker.c:1105(rpc_worker_main)
> ? rpcd_classic version 4.17.3-Debian started.
>
> which was before 4.17.4 upgrade (it is debian system).
>
> If it is running as root, it shuldn't have issues opening files
> in there.
>
The file /var/log/samba/log.rpcd_classic exists. It's owned by
root:root. The uid 11006 is myself, and gid 10513 is domain users. I
interpret the entry as real permissions for me (uid=11006) and group
root (gid=0).>> ??? Jan 30 19:55:55 konsrvfast rpcd_classic[358632]:?? Failed to open
>> ??? share info database /var/lib/samba/share_info.tdb (Permission
denied)
>
> And it's the same thing. This file is owned by root:root, mode 0600,
> so if rpcd_classic is not run as root, it wont be able to open this
> file and the log file.
>
> Can someone tell which process it is and under which uid should it run?
I have checked the processes and both smbd and winbindd are running as
root>
>
>> */var/log/samba/smbd.log (the following entry is spawned thousands of
>> times within a second)*
>>
>> [2023/01/30 20:07:59.636915,? 1, effective(11006, 10513), real(11006,
>> 0)] ../../source3/auth/token_util.c:1020(create_token_from_sid)
>> ?? getpwuid(1011) failed
>
>
>> */var/log/samba/winbindd (the entries below frequently occuring)*
>>
>> [2023/01/30 23:34:57.527639,? 1, effective(0, 0), real(0, 0)]
>> ../../source3/winbindd/winbindd_getpwuid.c:118(winbindd_getpwuid_recv)
>> ?? Could not convert sid S-0-0: NT_STATUS_NO_SUCH_USER
>>
>> [2023/01/31 00:17:01.889654,? 1, effective(0, 0), real(0, 0)]
>>
../../source3/winbindd/winbindd_getgroups.c:259(winbindd_getgroups_recv)
>> ?? Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
>>
>> (occurs several times per second, hundreds of consecutive entries)
>> [2023/01/30 23:30:50.246781,? 1, effective(0, 0), real(0, 0)]
>> ../../source3/winbindd/winbindd_getgrgid.c:124(winbindd_getgrgid_recv)
>> ?? Could not convert sid S-0-0: NT_STATUS_NO_SUCH_GROUP
>
> I've seen those too (incl. EPMAPPER thing), fixed some of them by
> changing configs
> after googling. But it was lots of many small changes due to various
> other issues,
> I don't recall the details anymore.
>
> Lemme take a look at this rpcd_classic first..
>
> /mjt
>
Thanks for you interest Michael.
Best regards,
Peter