samba - Dec 2023 - syslog full with "CIFS: __readahead_batch() returned"

Hi,

I'm running a SLES 15 SP5 box with kernel 5.14.21-150500.55.36-default and
cifs-utils 6.15-150400.3.9.1.
Each evening I transfer some image files from virtual machines via borg backup
to a CIFS Server.
During this time I have a lot of "CIFS: __readahead_batch() returned"
in my syslog.
Is that severe ?
I searched in the net but didn't find anything valuable.

Thanks.

Bernd

Bernd Lentes

--
Bernd Lentes
System Administrator
MCD
Helmholtzzentrum M?nchen
+49 89 3187 1241
bernd.lentes at helmholtz-munich.de
https://www.helmholtz-munich.de/en/mcd

Helmholtz Zentrum M?nchen ? Deutsches Forschungszentrum f?r Gesundheit und
Umwelt (GmbH)
Ingolst?dter Landstra?e 1, D-85764 Neuherberg, https://www.helmholtz-munich.de
Gesch?ftsf?hrung: Prof. Dr. med. Dr. h.c. Matthias H. Tsch?p, Prof. Dr. Dr. h.c.
mult. Martin Hrab? de Angelis (komm.) | Aufsichtsratsvorsitzende: MinDir?in
Prof. Dr. Veronika von Messling
Registergericht: Amtsgericht M?nchen HRB 6466 | USt-IdNr. DE 129521671

Hi all,

I have (mostly) struggled my may through the documentation found at:

https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records.

But as I am on gentoo, the DHCP daemon is run by the unprivileged user dhcp,
which did complicate the issue way more than I imagined. The documentation
rightfully points out to adjust the permissions of the keytab, that is used as a
replacement of a plaintext password within the access of the dhcp user. But here
is the first nit: it is just as important to adjust the permissions of the
ticket cache. If one tries the script after failing with the restricted dhcp
user account as root user (which does succeed, if enough care had been taken!),
then the ticket cache has the permissions root:root - and the resulting error
message, when next trying is with the restricted user again, is not really
helpful (as most Kerberos error messages seem to be, at least in the eye of an
inexperienced user as I am one).
Btw, at least on Gentoo these caches are named as /tmp/krb5cc_xxx, where xxx is
the UID of the owner, i.e. on my system a cache for the dhcp user would be named
krb5cc_300. I don't know, whether the effort is justified to do something
like this in the script. But the documentation should incorporate a warning to
check the permissions of that file, too. Especially as the cache is not
discussed in the text. It just appears within the script.

But even when having done all that stuff right, the script didn't run...

--------------------------------------------------------------------------------------------------------
horus # runuser -u dhcp -- /usr/local/bin/dhcp-dyndns.sh delete 192.168.0.5
11:22:33:44:55:66
smb_krb5_init_context_common: Krb5 context initialization failed (Not a
directory)
smb_krb5_context_init_basic failed (Not a directory)
smb_krb5_init_context_common: Krb5 context initialization failed (Not a
directory)
smb_krb5_context_init_basic failed (Not a directory)
gensec_gssapi_start: smb_krb5_init_context failed (Not a directory)
gensec_spnego_create_negTokenInit_step: Failed to setup SPNEGO negTokenInit
request
Failed to start GENSEC client mechanism (null): NT_STATUS_INVALID_PARAMETER
Failed to bind to uuid xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxfor
ncacn_ip_tcp:192.168.0.2[49153,sign,target_hostname=horus,abstract_syntax=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/0x00000005,localaddress=192.168.0.2]
NT_STATUS_INVALID_PARAMETER
ERROR: Connecting to DNS RPC server horus failed with (3221225485, 'An
invalid parameter was passed to a service or function.')
smb_krb5_init_context_common: Krb5 context initialization failed (Not a
directory)
smb_krb5_context_init_basic failed (Not a directory)
smb_krb5_init_context_common: Krb5 context initialization failed (Not a
directory)
smb_krb5_context_init_basic failed (Not a directory)
gensec_gssapi_start: smb_krb5_init_context failed (Not a directory)
gensec_spnego_create_negTokenInit_step: Failed to setup SPNEGO negTokenInit
request
Failed to start GENSEC client mechanism (null): NT_STATUS_INVALID_PARAMETER
Failed to bind to uuid xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxfor
ncacn_ip_tcp:192.168.0.2[49153,sign,target_hostname=horus,abstract_syntax=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxfor
/0x00000005,localaddress=192.168.0.2] NT_STATUS_INVALID_PARAMETER
ERROR: Connecting to DNS RPC server horus failed with (3221225485, 'An
invalid parameter was passed to a service or function.')
--------------------------------------------------------------------------------------------------------

After having found out, that 'normal' users could do the update, I
finally modified /etc/passwd from

--------------------------------------------------------------------------------------------------------
dhcp:x:300:300:user for dhcp daemon:/dev/null:/sbin/nologin
--------------------------------------------------------------------------------------------------------

to

--------------------------------------------------------------------------------------------------------
dhcp:x:300:300:user for dhcp daemon:/var/lib/dhcp:/sbin/nologin
--------------------------------------------------------------------------------------------------------

where the dhcp user has rwx rights. The script no runs as

--------------------------------------------------------------------------------------------------------
horus /etc # runuser -u dhcp -- /usr/local/bin/dhcp-dyndns.sh delete
192.168.41.65 50:3e:aa:01:6e:10
Record deleted successfully
Record deleted successfully
--------------------------------------------------------------------------------------------------------

So I would strongly suggest to add this hint to the documentation, too, as it
may be pretty helpful for those trying get this running with a non-root dhcp
user.

Best regards
Peter

PS:
Many thanks go out to Rowland for exploring this option - and giving us both
that script and the notes on how to use it.